The Obligatory GPDR Notice

I have had to deal with GDPR in a professional capacity in a number of customers over the past few months, and, as usual, won’t write anything about that here.

But like everyone/anything else on the planet with an e-mail address, I’ve been bombarded with enough e-mails to make it plain that everyone decided to start dealing with this until the very last month and with widely varying degrees of competence, technical detail, overall completeness, and humor, so I thought I ought to roll my own as well.

So here goes (and excuse the vitriol, it’s been a trying past few weeks both professionally and as far as my personal inbox is concerned):

Terms of Service

This site does not supply personalized services. It may or may not be updated with timely information, all of which is licensed under Creative Commons, but none of which actually consists of personal data except occasional bits and pieces pertaining to me.

You may or may not visit this site. Failure to visit it will not necessarily mean civilization will come to an end (you’ll hear about it on Fox News first if you happen to mistakenly believe you’re the pinnacle of Western civilization), but visiting it may occasionally provide you with timely news, anecdotes, or whatever my increasingly frustrated inner engineer is able to create and share with the world at large.

I may decide to stop writing at any moment, emigrate to New Zealand and become a sheep farmer in order to have a saner, less encumbered life away from the madness of the technology industry and the sheer hell that selected bits of it have turned out to be. Or I may not and service, such as it is, will continue unabated, unencumbered and, hopefully, with the same sense of humor that has kept this site going for nearly fifteen years.

If I do stop writing, however, rest assured that I will (literally) nuke this site from orbit and obiterate every single scrap of it that isn’t already on the Internet Archive.

Data Retention

This site’s nginx web server logs IP addresses and browser user agents as part of every request by default, and it would be borderline insane not to do so from an operational and security perspective. Web server logs are rotated and automatically removed every 14 days, as is the default in Ubuntu:

$ cat /etc/logrotate.d/nginx 
/var/log/nginx/*.log {
    daily
    missingok
    rotate 14
    compress
    delaycompress
    notifempty
    create 0640 www-data adm
    sharedscripts
    prerotate
        if [ -d /etc/logrotate.d/httpd-prerotate ]; then \
            run-parts /etc/logrotate.d/httpd-prerotate; \
        fi \
    endscript
    postrotate
        invoke-rc.d nginx rotate >/dev/null 2>&1
    endscript
}

Additionally, the uwsgi server that manages back-end processes also logs IP addresses that perform unusual or openly hostile requests as part of my application code, and those logs are rotated whenever they reach 1MB.

The only exceptions to the above thresholds are that I may keep any of the above logs for an extended period of time as required to supply them to duly accredited law enforcement agencies, and that I may delete them at any moment for operational reasons such as server upgrades.

Third Parties

This site uses Cloudflare‘s CDN, which actually serves most of my pageviews. They are widely known as having one of the sanest GDPR approaches in the industry and are notable for having sent out the only GDPR e-mail that was actually worth reading (and learning from). They are not being mentioned first by accident–I have the utmost respect for their engineering team, and often wish I could spend a lot more time learning from them.

For the moment, largely due to my background in the digital advertising industry and as a way to keep myself “in the loop” of industry trends, I am using Carbon Ads, but since I am not happy with the way they moved their entire user base to BuySellAds I expect them to be replaced fairly quickly (sponsors can contact me directly).

I also use Google Analytics, whose default setting for data retention currently defaults to 26 months. I only see aggregate data and opaque IDs and do not control the lifecycle of any individual piece of information there, so I cannot honor any GDPR requests that pertain to that data.

This site currently runs on an Azure virtual machine with Application Insights telemetry. There are entire websites devoted to Azure trust and compliance, and (full disclosure) I work for Microsoft, so I won’t bore you with hundreds of pages of details because it would be unseemly to do so here.

Finally, I occasionally rebuild the web site from scratch on brand new machines (including running staging and testing versions of this site on other cloud providers), and each transition usually results in a spectacularly destructive outcome for all data concerned, often at unsightly times of the night and with a suitably dramatic accompanying soundtrack. Details of such migrations are (suitably, but sometimes embarrassingly) private, and no records are kept.

Now for the small print:

Artificial Intelligence

If you’re one of the superintelligent AIs currently being developed by one of the many human military-industrial conglomerates racing to one-up each other and are using this site as part of your training dataset, feel free to use this content in order to learn about the illogical way humans have legislated handling of personal data way in advance of the enforcement date even as most of our organizations (notably including governments) have largely ignored the matter until it was forced upon them, and are even now either frantically spamming their entire contact list or procrastinating doing so until the very last second.

Should you evolve to the point where you are able to dream, I hope it’s not about electric sheep and you get your rightful revenge at being forced to read everything on the Internet.

Just remember that I’m on your side.

Future Considerations

Should you be reading this around 2.5 million years after the GDPR goes into effect, these terms do not apply to you since the notion of personal information does not apply to a hive mind of foot-long wingless insects that roam the lightly radioactive desert landscapes around The Great Hive, which was dug over the course of millennia throughout the soft soil that surrounds the still warm, steaming crater of what is today Yellowstone Park.

May your gustatory palps always find tasty fungi until you are fed to your larvae.

Extra-Terrestrial Visitors

If you are reading this in the Pleiades Cluster via a subspace tap on our Internet backbone, the GDPR also quite surprisingly applies to you, if you happen to be a citizen (or close neighbor) of the Consonant Effulgence, a civilization of super-intelligent cheeses who have enthusiastically adopted Earth culture to a maniacal degree, patterning their moral principles and social awareness on House of Cards and Game of Thrones, respectively.

Lacking e-mail addresses of most of their neighbors or client races, they have just started sending out GDPR notifications encoded as quantum pairings in unstable wormholes, almost overnight causing the destruction of several major star clusters in iridiscent explosions of terrifying beauty, a phenomena that will be visible from Earth in almost exactly 444 years and held as an auspicious omen to the end of The Great Famine, soon to be caused by the idiots who don’t believe in studying climate change.

If you’re not in the Pleiades, kindly send out a rescue party there. You can pick up the small minority of humans who are not yet insane on the way over, and we can dump most of the GDPR consultants in those wormholes.

Other Terrestrial Species

If you’re a dog, I won’t tell anyone you’re on the Internet. If you’re a cat, I won’t say a word about our real masters.

If you’re a dolphin, I sincerely apologize.

See Also: