This is not a privacy disclosure reviewed by lawyers and designed to confuse you or obfuscate the truth. This is a privacy disclosure written by an IT engineer with just the facts as I understand them.
- I’m not here for your personal information.
- I don’t know who you are. I’m not trying to figure out who you are.
- I don’t sell my web server logs to anyone.
- I don’t set tracking cookies to follow you around the web.
- I don’t use my blog as a way to intrusively sell products or drive newsletter subscriptions.
- I don’t participate in a banner ad network or affiliate marketing.
- I don’t track how many of my articles you read in a day.
- This site is operated by me only, and no other parties have any ownership or partnership interest in this site.
1. I know nothing about you as an individual. I could figure out some rough geolocation info if I wanted using geo-IP databases, but those are regionally granular and not pinpoint accurate for the most part. For what it’s worth, I’m not using geo data more granular than country, i.e. nation state.
2. I keep a rotating 45 days’ worth of web server logs. In the web server logs, I can see the public IP address your request came from (which might or might not have much to do with a physical location), the document requested or operation attempted, and whatever self-description is sent along by your web browser or other HTTP client along with some helpful metadata like HTTP response codes.
That is to say, I log the public information your system discloses simply by being connected to the Internet and browsing a web site. Every web server needs to know this information in order to serve you the content you asked for in a way your client (phone, laptop, etc.) can consume.
For instance, here are a couple of log entries (with the IP addresses changed).
188.8.131.52 - - [29/Mar/2022:00:01:51 +0000] "GET /career-advice-id-give-to-20-30-and-40-something-year-old-me/ HTTP/2.0" 200 44718 "https://t.co/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.87 Safari/537.36" 184.108.40.206 - - [29/Mar/2022:00:01:57 +0000] "GET /2019/02/18/connecting-python-to-slack-for-testing-and-development/ HTTP/1.1" 301 37 "-" "Mozilla/5.0 (compatible; Barkrowler/0.9; +https://babbar.tech/crawler)"
I infer that the visit from 220.127.116.11 was probably a human reading an article I recently posted, and they probably arrived at that link from a tweet. The visit from 18.104.22.168 was likely an automated crawler adding another of my articles to their index. You get the idea.
That’s typical of what a web server logs. The data is pretty standard logging stuff, mostly useful to get a sense of what people are consuming, whether there are any web server problems I should be addressing, who the bad guys are, how many clients are phones vs. not phones, and…that’s mostly it, really.
3. Here’s what I CANNOT determine from those log entries.
- Whether or not you’re hidden behind a NAT or CG-NAT gateway or proxy.
- Whether or not you’re using a VPN.
- What your email address, Twitter handle, or LinkedIn profile are.
- What your Google account is.
- What your private IP scheme might be.
- The sort of firewall protecting your network.
- What your SSN, home address, or bank account numbers are.
- Your ethnicity, gender or sexual preference.
- The last search query you made for goods or services.
4. While I operate the server myself, I didn’t write any of the code. I’m using a great deal of free open source software (FOSS).
- Linux is the base operating system.
- The backend is the NGINX web server paired with a mySQL database.
- On top of that rides the popular content management system (CMS) WordPress.
- I use several WordPress plugins, but as few as possible. The goal is delivering a fast, uncluttered experience for readers. The plugins I use are primarily for anti-spam, caching, backup, and security.
I’m not divulging any deep secrets here. With a little effort, you could figure most of this out for yourself parsing HTTP headers and reviewing HTML source in your browser using freely available tools.
The takeaway? It’s possible that, buried in the code of the FOSS this site uses, something I wouldn’t like if I knew about it is going on. I don’t think that’s the case…but it’s possible.
5. This site does not use Google Analytics or other Google technologies. Many (most?) sites do, but I’m opting out of as many Google services as I can not only to improve my own privacy posture, but also that of the folks who consume the media I create. Google is pervasive up and down the Internet content delivery stack, so this is a difficult line to walk. I’m finding the personal separation from Google a long, slow process. But for at least this site, the separation is complete to the best of my knowledge.
6. I make my living as a content creator, but not via this site. If you want to help me in my content creation efforts aimed at information technology professionals, subscribe privately & anonymously to any of the podcasts or other content feeds you’ll find at PacketPushers.net.
Packet Pushers Interactive is my primary income source via sponsorship deals with IT vendors. These vendors hope you’ll hear about their technology products on one of our podcasts and ring them up to kickoff an evaluation for your company.
I’m doing my best to operate this site in a manner that allows you to consume the information you want to consume in way you’d enjoy consuming it without compromising your privacy.