Privacy Policy

I’m Peter Rukavina, and this is the Privacy Policy for the ruk.ca blog that you’re reading right now.

Guiding Spirit

I don’t care who you are.

Well, that’s not completely true: I do care who you are as a human being.

But I don’t seek, in any way, to automatically log or record that information, nor to use anything about you (your browser, your location, other sites you’ve visited, the time of day, what pages you visit) for any purpose.

This is a somewhat contrarian spirit given current web practices, but its one I’m deeply committed to.

Practice

Cookies

Confusingly-named “cookies” are a web browser technology that allow websites to leave a “cookie”–a small bit of digital information–on your computer when you visit a website. Your web browser then sends the cookie back to the site the next time you visit. While cookies can and are used for good and noble purposes, they are also the technology that enables a lot of insidious, privacy-invading behaviour.

If you simply visit ruk.ca and read posts, and don’t leave comments, then you will be dealt no cookies, and when you return another day I’ll have no way of knowing whether you were here before.

Only if you leave a comment, the open source Drupal content-management-system that I use to run ruk.ca will send you three cookies:

  • Drupal.visitor.name — a cookie storing whatever you enter for the “Your name” field when leaving a comment. This cookie expires after one year.
  • Drupal.visitor.mail — a cookie storing whatever you enter for the “E-mail” field when leaving a comment. This cookie expires after one year.
  • A “session” cookie — a cookie starting with SSESS, followed by a random string. This cookie expires after 23 days. You can read more about this cookie on the EFF website, which also uses Drupal.

If you are uncomfortable with these cookies, you can delete them and no harm will befall you, and your comment will remain in place.

Google Analytics

I do not use Google Analytics, nor any other web analytics system to record information about traffic and visitors to the site.

Third-Party JavaScript

JavaScript is a “a programming language that runs inside a web browser.” It’s what allows much of the helpful interactivity of the web to happen.

But when a website includes JavaScript from third parties, it is, in a sense, opening the door wide open to those third parties to whatever they want, including things that may invade your privacy. Every time you see a helpful “Like this post on Facebook” button on a blog, for example, it’s likely that it comes as a result of JavaScript from Facebook that the blog’s owner has agreed to include in the site; when they do this, they’re allowing Facebook to do whatever Facebook wants to do with information about who’s visiting the page in question, for how long, etc., and to aggregate that information with information about visits to other websites, and ultimately to form a more perfect demographic picture of you.

To avoid any of these issues, I don’t include third-party JavaScript on this site.

Webserver Logfiles

The Apache webserver software that I use to serve ruk.ca keeps logs of traffic to the site, but I’ve specifically removed the IP address, referer and user agent from these logs, so no record of your IP address (which can be used to track your location, and also as a sort of de facto cookie, to invade your privacy) is kept. The Apache LogFormat directive in place is:

LogFormat "%t "%r" %>s %b" combined

The result of this are logs that contain lines like this:

[23/Feb/2018:11:51:04 -0400] "GET /sound/getting-band-back-together HTTP/1.1" 200 69967

What’s recorded on that line are:

  1. The date and time (in the Atlantic timezone).
  2. The URL of the page (or image, or sound, or other file) requested.
  3. The HTTP status code returned to the browser (200 in this example).
  4. The size of the data returned to the browser, in bytes (69967 in this example).

None of these four pieces of information can be used to identify you. And, again, I omit the IP address of your computer, the “referer” (the previous page you visited) and the “user agent” (a signature that identifies your web browser and version) from logs.

HTTPS

All requests made by your web browser to my webserver, and all responses back, are encrypted HTTPS connections. That’s why you see the https (with an “s”) in the URL for the site.

That means that anyone able to observe the traffic on your Internet connection (other people in your home, people on the same wifi network in the coffee shop, the IT administrator in your office) cannot see the contents of the pages you’re viewing, because they are encrypted.

However, because of the nature of HTTPS, they will be able to determine the address of the pages (the “URL”). So if you visit https://ruk.ca/overthrow-the-state (if such a page existed), you should be aware that others can know that you did so, even though I don’t record or log the information myself.

When you Post a Comment

In addition to the three cookies that are sent to you when you post a comment (see above under “Cookies”), the following personally-identifying information is stored in a database, related to your comment:

  1. The date and time you left the comment.
  2. Your IP address.
  3. The post you left the comment for.
  4. The comment that you replied to (if your comment was a reply to an earlier comment).
  5. Whatever you entered for the “Your name” field.
  6. Whatever you entered for the “E-mail” field.
  7. Whether you checked the “Notify me when new comments are posted” and, if so, whether you selected “All comments” or “Replies to my comment.”
  8. The text of your comment.

When your comment is displayed to other readers, only your name (what you entered into the “Your name” field), the date and time of your comment, and the text of your comment are shown.

If you enter an email address when you comment, for which you’ve configured a Gravatar, then the photo you submitted is displayed with your comment. But although your email address is used to derive your Gravatar, there’s no way to find your email address from your Gravatar, so your email address remains non-public.

To mitigate comment spam, all comments are passed through a third-part service, based in the USA, called CleanTalk. CleanTalk has its own Privacy Policy which includes this information, which applies to your information when you post a comment here:

Your data will be processed in the CleanTalk Cloud Service and they will be stored in log files for 7 days by default. On the expiry of the mentioned period, they will be deleted completely. CleanTalk may use information of spam activity of IP/email addresses to offer proper anti-spam protection to all websites connected to its service. It concerns exclusively those IP/email addresses that are being used for spam mailing.

Access to Your Data

Copies of your Comments

If you’ve posted comments, and want a copy of all of them, you can send me an email request to peter@rukavina.net, and provide me with an email address associated with the comments. I will then email you a JSON file, to that email address, of all the comments that were posted with that value entered in the “E-mail” field, and will include all of the fields above, like this:

{
    "comments": [
        {
            "comment": {
                "Post Title": "What's that, you say? The Return of Comments!",
                "Post URL": "\/content\/whats-you-say-return-comments",
                "Author": "Peter Rukavina",
                "Comment": "One of the ironies of switching to Disqus to fill the Facebook void is that Disqus supports sign-in-via-Facebook.",
                "Hostname": "142.176.125.77",
                "Post date": "2014-08-18 14:53"
            }
        }
  ]
}

Please note that there is no verification done to ensure that the email address used when posting a comment is valid, or that it belongs to the commenter, so this file may contain comments posted by others using your email address.

Delete Your Data

Delete Comments

If you have posted a comment and later wish that comment to be deleted, please send me a request by email to peter@rukavina.net, identifying the post and comment you would like deleted.

I will send you an email to the email address associated with the comment to confirm that the request is genuine and, when and if you reply, I will delete all record of the comment from this website.

Because this website is crawled and indexed by Google, the Internet Archive and others, even though I delete your comment here, it’s possible that it will remain cached or archived elsewhere, beyond my control.

Delete Cookies

Cookies sent from this website are stored on your computer, so you can delete them yourself, following these instructions:

You can also find information for each browser on how to block future cookies (which, as outlined above, are only sent to you if you leave a comment).

Where Data is Stored

I use Amazon Web Services to host this website, using their Canada (Central) data centre in Montreal, Quebec.

I use Amazon Linux on a single EC2 instance, running my own copy of Drupal 7, and my own copy of MySQL.

Snapshots of the primary volume are taken each night.

For More Information

If you request more information about this website and its data and your privacy, you can contact me, Peter Rukavina, directly, by any of the means outlined here.