Just about everyone who is a content generator on the internet has been affected by the EU’s new General Data Protection Regulation (GDPR.) It didn’t come suddenly, but you’d never know that by the scramble many American organisations have been doing to become compliant (or at least try) with these regulations. It’s not easy; they’re “prescriptive” in that they give broad (and sometimes vague) guidance rather than telling you in detail what to do. There’s a good chance that the various EU based agencies enforcing these regulations will do so differently from one to another, and also that many of those charged with the enforcement won’t understand what they mean. (We’ve experienced that problem with enforcers here, such as with the tax code.) But this is as good a time as any to outline our basic philosophy regarding information gathered on our websites, past and present.
The vulcanhammer “Family” of Websites
There are currently five of these:
- vulcanhammer.net, about geotechnical engineering
- vulcanhammer.info, about Vulcan Iron Works
- Chet Aero Marine, about my family’s exploits on the water and in the air, and more
- Positive Infinity, this site
- paludavia.com, now for “active” pages, mostly for engineering programs
All of these sites, in one way or another, started as “static” sites, with few interactive features. The first to break the mould was this one, which became a blog in 2005 and a WordPress site the following year. This was also the first site to sport the “https” secure site feature.
The first three on the list were migrated to wordpress.com starting less than two years ago. The reasons for this are tied up in two search engine trends that could not be avoided: their preference for “https” sites (that comes with wordpress.com sites) and a need to be able to morph themselves for mobile devices such as phones, tablets, etc. The sites were also more interactive and a lot less work to design and maintain as well.
At this point all but one of the sites are, in one way or another, WordPress sites. That’s significant because for the WordPress sites information gathering is done by WordPress, and thus they control the intake at least of any information we gather (or don’t gather) on our sites. For this site and paludavia.com, we get statistics from 1and1, our web hosting service for that site.
Web Site Statistics
Our sites have never been “about” collecting private information, and certainly not disseminating it, for profit or otherwise. Our idea has always been to disseminate information with a minimum of encumbrance to the visitor, which means no paywalls or requirements to register before getting the information. The one thing we do review on an ongoing basis is our website statistics.
WordPress/Automattic’s privacy policy outlines what kind of information is gathered in these statistics. Some of that only pertains to those of us who upload information to them to be in turn shared with you. Both WordPress and 1and1 (and the web hosting services that preceded them) gather this type of information. We do not share that information with anyone.
We use this information to improve our sites. One of the things we learned is that many of you come from places where your privacy is really “on the line,” and so that’s been motivation to keep access simple and discreet. At one time, that was just about all the information that anyone gathered. That’s changed (right, Facebook?) and is the source of many of the problems we have today. Unfortunately without that “in depth” information websites are, to some extent, “flying blind” but that’s the price we’re willing to pay to keep it easy for you to visit us.
Back in the last decade we used Google Analytics and monetised the sites (especially vulcanhammer.net) using Google ads. We pulled the plug on that because a) the revenue stream was deteriorating and b) we felt Google was too nosy. We still feel that way. We do embed YouTube videos on the site, as much out of necessity as anything, and they’re still nosy.
Comment and Contact Forms
There are two places where these sites collect personal information: the comment forms and the contact forms. Both gather things such as name, email (both of which can be faked,) IP address and URL. We don’t give these things out either. Obviously if you want us to respond to either (and you know about it) you have to give a valid email address.
Something fun to do: next time you look at an email, ask your email client to show you the source for the email. Most of the type of information mentioned earlier is in every email you send or receive. Just think about that.
Making Money Off of Sites
As mentioned earlier, there was a time when we made money directly off of our sites. That’s no longer the case; in fact, for the sites on wordpress.com we can’t. We do make some revenue (enough to pay the fees we have to keep the sites live) from our book sales, which are described here. Doing it this way also avoids the problem of handling people’s credit card and other confidential information (although you’re subject to their privacy policies.) At one time I maintained a web store for the church ministry I worked for but the security issues forced us to turn it over to people who did it all the time. In theory we could make money off of the YouTube channel but, unless something goes viral, we’re not important enough to YouTube for that to happen.
Getting Your Information on Sites, and Site Security
Two requirements of GDPR are that people can either request the information a site has on them, get the site to remove it, or both. Again we’re dependent upon WordPress to do this and they have been working on this problem.
As far as site security, with the wordpress.com sites this is handled by WordPress. For this site we have taken additional measures, and given the way this site gets attacked they’re necessary. (But virtually any site gets attacked; the only sites that don’t are the ones that don’t exist.) I also should mention that 1and1 is pretty diligent about its site security, frequently at the expense of loading speed.
European vs. American Privacy
With the EU’s enactment of GDPR, the question arises as to why there isn’t something like it in the US. Some of that, of course, is due to the fact that our large tech companies have become embedded in this country’s power structure. But another overlooked fact is that the US has traditionally been, and still is to a large extent, a land of poker-playing dogs. It’s a society with a long continuity of government and constitutionally-mandated rights, which lures its people into a false sense of security.
Europe is another matter altogether. Totalitarian states are still either a living memory or a present reality for many on the continent; the power of information-gathering states or institutions is better appreciated. The “right to be forgotten” is a manifestation of this wariness.
If Americans want European-level privacy requirements, the pressure is going to have to come with a change in people’s attitudes. We have all other manner of privacy requirements; we could add this if we liked.
This is a brief overlook at the present state of our privacy measures; more information is found for this site in its terms and conditions, and the others in theirs.
Note: in April 2022 this site was migrated to wordpress.com. A few changes had to be made; these are struck out (deleted) or italicised (added.)
Positive Infinity 