kasploosh.com
Privacy Policy
Privacy Tools
I want online privacy for myself, and for other people. And I want to get this privacy policy done so I can move on to more interesting articles.
My website is mainly about sharing information with you, and not spying on you. If you look at the source code of the site, you can see that the markup is mainly about presenting information to the user using standard and accessible HTML.
Here is a list of user monitoring activities I do use. Each of these is described more in detail later.
- I receive server logs from Apache web server.
- I have some scripts that can process Apache server logs, organize the information, and show trends.
- I log interaction with certain pages on the site like Downloads and Contact.
- I keep a record of purchases made on this site.
Here is a list of external websites that are used in some way or another on this site. These sites would have their own privacy policies.
- PayPal for accepting payment for a few things
- Google Hosted Libraries for JavaScript libraries on a small amount of pages
Here are all the types of user monitoring that I do not use.
- Google Analytics
- Facebook SDK or like button
- Mouse tracking software
- User session recording software
- I don’t set any cookies
- Pixel tracking
- Statistic counters
- External log analyzers
Contact Me With Suggestions
Do you see a problem with the privacy disclosures of this site? Does something on this page not look right to you? Could this site be even more private? Is there something I forgot to mention?
This is a living document and is open to your suggestions. Please contact me with any questions of the privacy of this website.
Apache Server Logs
If you request any page on my site, it turns into multiple requests to a web server for the HTML, CSS, images, and so on. Every request like this gets logged by my Apache web server. I do sometimes look at the server logs because it gives an idea of who is using the site, and how much. This is not all about spying. It is mostly about deciding whether it’s worthwhile to even have a website, and finding out what percentage of my traffic is robots.
Here is an example set of log entries from myself visiting the home page of my own site:
www.kasploosh.com:80 192.168.1.3 - - [18/Apr/2020:00:51:32 +0000] "GET / HTTP/1.1" 200 1930 "https://www.kasploosh.com/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.92 Safari/537.36" media.kasploosh.com:80 192.168.1.3 - - [18/Apr/2020:00:51:32 +0000] "GET /img/logos/flag-15517.gif HTTP/1.1" 200 1273 "https://www.kasploosh.com/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.92 Safari/537.36" media.kasploosh.com:80 192.168.1.3 - - [18/Apr/2020:00:51:32 +0000] "GET /img/California_Ground_Squirrel.png HTTP/1.1" 200 68298 "https://www.kasploosh.com/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.92 Safari/537.36" media.kasploosh.com:80 192.168.1.3 - - [18/Apr/2020:00:51:32 +0000] "GET /css/main.css?v=20200323 HTTP/1.1" 200 11027 "https://www.kasploosh.com/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.92 Safari/537.36" media.kasploosh.com:80 192.168.1.3 - - [18/Apr/2020:00:51:32 +0000] "GET /img/favicons/kasploosh.ico HTTP/1.1" 200 675 "https://www.kasploosh.com/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.92 Safari/537.36"
There are five entries in above set. I first requested the home page, which then turned into a request for the flag, the squirrel, the main CSS, and the favicon.
Each entry has the following components:
- The name of the server that answered the request (www.kasploosh.local)
- Your IP address at the time (192.168.1.3)
- The date of the request (2020-04-18)
- The request method, URL, and protocol (“GET / HTTP/1.1”)
- The status of the request (200 OK)
- The size of the request (1930)
- The referer URL, the URL you just came from (https://...)
- Your user agent string (Mozilla/5.0...)
The Apache logs are anonymized. They reveal your IP address, and your browser string, but not enough to identify you.
Apache Log Expiration
Right now, I have saved all Apache logs related to this site. I am considering purging older logs to increase the privacy of the site.
My Scripts That Interpret Apache Server Logs
Apache server logs are strictly chronological. They can be a jumble of data when several people are using the site at the same time. If multiple people use the site, the server logs are just a dense blob of technobabble.
I have some scripts which I wrote myself that can process Apache server logs and sort the information in different ways. I can sort by:
- IP address (who did what)
- User agent string (what browsers people are using)
- Page requested (what are people looking at)
- Status of the request (how many 404s or server errors are there)
- Referer URL (where are people coming from)
By sorting the information in the logs, I can get a basic story about how many people are accessing the site (on a strictly daily basis), what people are looking it, and what bot traffic looks like. I use this to observe trends and think about what it means to have a website. One of the main things I have learned from looking at logs is that more bots than people access my website.
Filtered Log Expiration
Right now, I have saved all filtered logs related to this site. I am considering purging older filtered logs to increase the privacy of the site.
Interaction With Certain Pages
This site has some interactive pages like Downloads and Contact which let the user either download a package or send a message to me.
I keep a separate log of the use of these pages to make sure they are being used correctly and there are no errors. The point of having a separate log for each page is to able to quickly see usage data for each page.
The information collected is the same that appears in Apache logs, like date, IP address, user agent string. Therefore it is similar to having Apache logs, just a more refined listing of information.
Page Log Expiration
Right now, I have saved all logs of certain pages on the site. I am considering purging older page logs to increase the privacy of the site.
Purchases On This Site
Purchases on my site create a little digital paper trail in my email software and accounting software. I get an email from PayPal with some name and address information. I save the names and emails in an address book to aid in writing emails to the purchaser. The handle of the person gets added to my accounting program to account for income.
I never see any type of bank or credit card information and I certainly would never save such a thing.
Purchase Log Expiration
I believe I am required to keep this digital paper trail about sales for some amount of time, for tax purposes. So far I have not purged any old sales information. I am considering purging older information to make this site more private.