Private Policy

Effective 3/26/2022

Cloudflare

In order to protect the security of the website, content to the website is proxied behind Cloudflare. This means all traffic between the user and the website is first passed through Cloudflare. Cloudflare is a GDPR-compliant company. Cloudflare's private policy can be found here, and a shorter version of the private policy can be found here.

In order to operate this services, Cloudflare utilizes a number of cookies. The full source can be found here. At the time of writing, these cookies are:

  • __cf_bm

    This cookie is used by Cloudflare to determine if a website visitor is a bot. These cookies are not randomly generated on each request and are not used to track between sessions.

  • cf_ob_info

    This cookie contains the information the HTTP Status Code, Ray ID of the failed request, The data center serving the traffic

  • cf_use_ob

    This cookie tells Cloudflare to fetch the resource from the cache at the designatured port.

Crowdsec

In order to further increase the security of the website, as well as increase the strenght of the collective internet, all traffic cleared by Cloudflare is then checked against Crowdsec, a community-based Intrusion Prevention Server.

This means that blocklists are sourced from community logs. This may mean that fradulent requests are shared with Crowdsec. IP address that are flagged as fradulent are stored for 3 months, while a range of 256 addresses are stored for up to a year (see "How long is my data kept?" in their Private Policy).

Please read the Crowdsec's private policy in full, which can be foundhere. Requests for removing your IP address from the blacklist can be found here

Umami

This website uses an open-source, GDPR-compliant software called Umami that allows me to track where and on what device the user is visiting on. It does not track the IP address of the client or place cookies to track the user. To opt-out of tracking, set the "Do Not Track" header.

Access logs

In order to ensure the safety of this website all traffic is temporarily logged. These logs are fed into Fail2Ban and other local programs. These logs are rotated and deleted every 30 days.

These logs are in the following format:

{Client IP address} - {Remote User} [{Time of visit}] "{HTTP Request Method} {URL} {HTTP version}" {HTTP Status} {number of bytes sent} '{HTTP Referrer} "{HTTP User Agent}" "GZIP Ratio"

Example:

1.2.3.4 - - [26/Mar/2023:1:42:06 -0200] "GET /hello_world HTTP/1.1" 418 420 "-" "Mozilla/5.0"

Data Privacy

As this website is hosted in the United States, all data present on this website is subject to relevant legislation.

As of April 2023, this website has recieved no requests for any data by any government agency.