Privacy Policy
Created 2023-02-17 (Last Updated 2024-06-18)
IMPORTANT: THIS IS NOT A LEGAL DOCUMENT. I AM NOT MAKING PROMISES. I'M JUST VOLUNTARILY STATING WHAT I'M DOING ON THIS HTTP/GEMINI SERVER IN GOOD FAITH FOR THE SAKE OF TRANSPARENCY.
TL;DR
- I do not store or look at the IP addresses that make requests to vigrey.com, www.vigrey.com, text.vigrey.com, or www.text.vigrey.com. IP addresses and user-agent strings are used for live.vigrey.com to determine if a user has already authenticated to see my livestreams, although that information is stored in RAM and not on disk (with the potential unintentional exception of swap space). I do not know a single IP address that has visited the HTTP or Gemini version of my site besides IP addresses that I personally have control of.
- I currently do not track or store what resources are requested or how often resources are requested from the site over HTTP or Gemini
- I do not store HTTP request headers of requests to the HTTP version of my site (although I do block specific User-Agent strings and HTTP referers)
- I have not looked through the source code of Owncast to determine if it will show me User-Agent or IP address information of viewers/chatters of my livestreams at any point (it has not shown that information to me so far)
- No page of this site uses Javascript
IP Retention Policy
Every request over the IP (Internet Protocol) contains the source IP address of the request. That's part of how the Internet is able to work in the first place. This means that all TCP/IP requests to the HTTP and Gemini versions of this site will include your IP address.
For visits to vigrey.com and www.vigrey.com, I do not store any of those IP addresses and do not physically look at the IP addresses. If you were to ask me to find a single IP address that has visited the site, I would only be able to point you to IP addresses that I have control of, because I already know those IP addresses and know that I visit my own site.
For visits to live.vigrey.com (my livestream server), the user's IP address (remote address) and user-agent string are used to determine if the user has valid access to my livestreams. This information is stored in RAM on a proxy I wrote to protect my Owncast server but is not intentionally written to disk. It is possible that this memory can be written to swap space, although isn't done intentionally. I do not know the IP addresses (remote addresses) or user-agent strings of anyone who visits my livestreams, whether they have access or not, and I went out of my way to write the proxy server in a way that makes it very impractical for me to learn the IP addresses (remote addresses) or user-agent strings of any visitors. With that said, the Owncast software might end up showing me viewer/chatter information like user-agent strings and IP addresses via the admin page, although I have not yet had either show up so far. Considering I have not looked through the source code of Owncast, I do not know if it will end up showing me that information.
Resource Request Retention Policy
Currently I do not track or store how many times a page or resource was requested. At some point in the future, I may want to add a "hit counter" to show how many views a particular page has gotten, but I haven't decided one way or another on that yet. If I do decide to track how many requests happen to pages, I will be sure to update this page. This page and others would have a hit counter on it as well, at least for the HTTP version of the site.
HTTP Header Retention Policy
Every HTTP request includes some information, including whether the request method was a "GET", "POST", "DELETE", etc... request. This also includes data about the browser called the "User-Agent". For instance, the User-Agent of Chrome version 110 on Windows 10 64-bit edition is "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36". Along with the User-Agent, a header called the "Referer" header is sent by the user's browser if the user comes to my site by clicking on a link from another website. For instance, if the user is at https://example.com and there is a link to a page on my site on example.com that the user clicks on, it is likely that the user's web browser will send a referer header of "https://example.com".
I do not track or store HTTP request headers of requests to the HTTP version of my site. With that said, my HTTP server analyzes the User-Agent and Referer headers of requests in order to block or return an HTTP 403 error to specific requests.
The reason for this is to prevent link previews on Mastodon/Pleroma/Akkoma/Misskey/GoToSocial or referals from Hacker News or Reddit from causing too much stress on this server.
Javascript Usage (HTTP Site)
The HTTP version of vigrey.com and www.vigrey.com do not use Javascript. They also block Javascript from loading.
live.vigrey.com uses Javascript only if the visitor has successfully authenticated to see livestreams.