Every now and then I “get serious” about making this site a little better and ticking off some of those “I should do that some day” boxes. After the GDPR went into effect, we all started getting those wonderful cookie pop-ups on every single friggin’ web site. You know the ones “We use cookies. If you use this site, you’re agreeing to this.” Never mind that they probably already set the cookies. At least some sites give you the ability to turn some cookies off, notably the tracking and advertising ones.
Before we go any further, let me be very clear: I think privacy is one of the most fundamental and important things we are losing these days as both governments and corporations embrace technology to create a surveillance culture never before imagined in human history. As the old joke goes, “1984 was supposed to be a cautionary tale, not a blueprint.”
The GDPR and similar legislation drafted around the world, like so many governmental “solutions” takes a great idea and implements it in some of the most ass-backward ways imaginable. Asking politicians to regulate technology is like asking politicians to perform heart surgery. They’ll talk to a couple of experts for a few minutes, decide they’re now qualified and jump right in, but you’re not going to like the results.
Getting Serious
This site has a privacy policy, which is linked at the bottom of every page. It’s boilerplate. I’m not sure if it meets some of the regulatory criteria that external jurisdictions have demanded I meet, but I’ve done my best, within reason. So I decided to see what it would take to become GDPR compliant, since it’s one of the most restrictive things around.
I won’t bother with my usual exhaustive detail, but let’s just say that it would cost me at least a few hundred dollars every year to comply. Why? Software subscriptions, government registration fees in certain jurisdictions, and lawyers. For a silly personal blog. The worst part is that all of these “protections” the EU and others have prescribed don’t really protect your privacy at all. And don’t even get me started on how the EU and governments all over the world are actively violating your privacy at a much more fundamental level than Google determining whether or not you prefer pink or blue culottes.
After seeing all of the BS I’d have to do to annoy you with a pop up explaining that all of the cookies this web site sets are necessary to provide you with functionality (the weaselish get-out-of-jail-free loophole in all of this), the site would actually have to set even more cookies than it does. And if you want to exercise your right under the GDPR to have me delete your personal information, you will have to provide me with a lot more personal information than you already have.
In a startling display of risk tolerance, I have decided that I’ll just be ignoring all of that. In the first place, I don’t recognize the EU’s authority to obligate me to do anything. Heck, I barely recognize the USA’s right to do that and I’m a US citizen. But more seriously, it’s a massive overreach that ultimately does almost nothing except cost me money and time, and annoy you with another meaningless pop-up that you’ve become conditioned to click through without reading. It’s not effective security or privacy – it’s theater and window dressing.
The Privacy Policy
Ok, so back to the privacy policy. As I mentioned above, it’s boilerplate and as dry as melba toast, but it didn’t used to be. Previously, I had “augmented” the boilerplate a bit with my usual rantish, snarky style. My risk aversion got the better of me and I decided that it would be like waving a royalty check at a tax collector. Bureaucrats, after all, aren’t known for their senses of humor or ability to recognize sarcasm (which is, ironically, one of the key elements of identifying higher intelligence).
Then there are the lawyers. I’ve met more than a few lawyers with a pretty good sense of humor, but that wouldn’t stop them from taking what is obviously meant to be a joke and shredding me in court.
What follows below is NOT the privacy policy of this site. You can find that by clicking the Privacy Policy link in the footer of every page. Instead, this is the privacy policy as I would have written it. It was somewhat funny (to me, at least) and I hope you enjoy it.
Plain-Language Introduction
This is a personal web site. I’m not interested in your personal information, so I don’t collect it, other than what is needed to serve the web pages you requested. I’ve disabled as many third-party services as possible, while still allowing things like comments, spam filters, and new post notifications to work.
Here’s the reality – you cannot use any web site without providing some information. That’s how the Internet works. At the very least, your computer provided your IP address to the computer hosting this web site so it would know where to send the data. According to the EU and the People’s Republic of California, this fundamental functionality, which is the basis of all Internet traffic, somehow obligates me to jump through a lot of regulatory hoops to protect you from your own actions.
If you don’t want me to know your IP address, either browse the web through a VPN or don’t visit this site. If you don’t want me to have your email address, don’t leave a comment. It’s as simple as that. The alternative is for me to turn off email address spam checks while results in both of us getting to read all about some hot Estonian “woman” looking for love or 78 identical comments linking to some bitcoin scam.
So relax. I’m not doing anything with your IP address or email. I’m not capturing any data that shows me you have a borderline unhealthy interest in goats wearing pajamas, even though that might indicate that I need to make more songs about pajama-wearing goats, maybe even with party hats on, because that’s what you like. I don’t use any advertising services. I don’t link to social media trackers.
And don’t get me wrong – I’m pretty serious about privacy. But I’m serious about real privacy; protection from bad actors. Especially bad actors hiding behind the veneer of authenticity provided by the label “government.” Yeah, Google, Amazon, and Facebook Meta are things to be concerned about. But none of those corporations can arrest you or make you buy stuff you might not need or want by threatening you with huge fines, imprisonment, or violence. Well… not yet, anyway.
Nearly all media on the site is self-hosted. If I’ve linked or embedded something from another site, though, such as YouTube, Bandcamp, Vimeo, etc., playing that media may allow the hosting site to collect information about you. In fact, you should assume that they will. But unless you’ve never watched a YouTube video or streamed something from Soundcloud or some other site in your entire life, they’ve already got your information. I don’t have access to this information, but you should be aware that someone else is probably tracking you if you watch that YouTube video that I recommended to you.
Many years ago, I enabled Google Analytics for about four hours. It was just waaayyyy too creepy. I then switched to a locally-hosted analytics package with a ton of privacy safeguards just to try and stroke my ego a bit and revel in how many people were checking out my latest rant or lament. The results were incredibly useful! They showed me that I have far more traffic from Russian and Chinese spambots than I do actual human beings who are interested in reading my posts or listening to my music.
Now, I’m self-deprecating and maybe a glutton for punishment, but I’m no masochist… and I no longer run any analytics.
Also, let’s talk a bit about weasel words. Any time you see the word “may” in this privacy policy, it means one of two things. If it says that I “may” do something, it means that I probably won’t, but want to cover my butt in case I ever do. If it says that Google or Amazon “may” do something, it means that they absolutely will do that thing, but want you to feel better about it because there’s a chance they won’t.
Most of this policy has been automatically generated based on what’s running behind the scenes. I’ve filled in the blanks where needed and provided additional detail or snarky comments where warranted.
Who we are
“Our” website address is: https://www.raytoler.com. If you needed to read this policy to get that information, please don’t vote.
If you’d like to know about Ray Toler, uh… the site is raytoler.com and it is a monument to his ego and inflated sense of self-worth. Pick any random page on this site and, trust me, you will hear far more about “Who we are” than you can stand.
What personal data we collect and why we collect it
Comments
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection. If you don’t want this information recorded, don’t leave a comment.
An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, if you use that service, your profile picture (aka your “Gravatar”) is visible to the public in the context of your comment. If you are using Gravatar, you already agreed to their privacy policy and tracking. I don’t have access to any of that information.
Media
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website. Also, if you upload images to the website, please let me know at your earliest convenience because there’s no way you should have been able to do that.
Contact forms
Contact forms are not currently in use on the site. This policy will be updated if any are created.
Cookies
If you leave a comment on this site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year. If you don’t want that cookie, don’t opt-in.
If you have an account (which you don’t) and you log in to this site (which you can’t), we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser. When you log in (which you can’t), we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article (which you can’t), an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day. As with uploading media, please let Ray know if you edit or publish an article because a) you absolutely shouldn’t be able to and b) Ray’s ego will allow no competition.
To sum up, if you have an account on this site, and you aren’t actually me, please let me know because there’s no way you should have been able to create the account. Also, you now have cookies.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites, most of which are owned by giant multinational corporations that already track you everywhere you go, may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
I try to minimize embeds, especially from companies who have decided that “Don’t Be Evil” is too hard to do, but sometimes a quick YouTube video is the fastest way to get something across. Especially if it involves a baby goat wearing pajamas. If you don’t want their tracking, don’t click the Play button, no matter how adorable that baby goat is. Also, maybe consider throwing your phone away because it’s doing far worse things. Remember when you gave Instagram or Waze permission to access the microphone and your current location 24 hours a day, even when you weren’t using the app? Yeah. They’re definitely using those permissions, and for things you probably wouldn’t like. Watch the movie Ex Machina for a “theoretical” example.
I, on the other hand, would only ever want to know who you are so I could thank you profusely for spending precious minutes of your life reading my silly attempts at humor or idiotic rants about things I can’t control, like Google and Facebook Meta tracking you everywhere on the web. Frankly, I’m not really sure how I’d go about figuring out who most of you are even if I wanted to. Unless, that is, we went to high school together, in which case this web site is the least of your worries with regard to how much I know about you.
Analytics
We don’t collect or use any analytics data. It was harmful to Ray’s ego.
Who we share your data with
Nobody. Seriously, nobody.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (which isn’t possible), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information. As system administrator, I mostly just consider that age-old conundrum, “if a song was played on a site with no users, did it make a sound?”
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
The above paragraph is the canned version that satisfies some well-intentioned, but horribly written law like the GDPR or California’s “Me Too” version of that. Remember when we talked about how the word “may” might mean different things? Now just imagine what “administrative” might mean. The reality is that if you actually read this and decide you don’t like the idea of me knowing the IP address you used in 2017 when you left that comment on a blog read by literally tens of people, you can make all of the above requests and I will then spend the next 6 hours trying to figure out where it might possibly be stored in the hidden depths of the WordPress dungeons, only to find that it’s not actually there.
In fact, in order to request that I delete your data, you will have to provide me with far more personal data than I already have. So maybe just consider that having a nice cup of tea or taking a walk outdoors might be a more productive and healthy thing to do than worry about that nefarious Ray Toler dude. Honestly. You should have bigger concerns. Like that super-cool emoji pack you just added to your messenger app that’s phoning home to Russia or the NSA every five minutes. Or your Snapchat/TikTok Chinese Ministry of State Security account.
But if you really really, really, really, really, really, really, really, really, really, really, really, really, really, want me to track it all down and delete it, let me know and I will.
Where we send your data
Visitor comments may be checked through an automated spam detection service. “May.”
Additional information
How we protect your data
Reasonable precautions are taken to protect any information you provide, but nothing beyond what a normal private person would do to protect the information provided by their friends. If you’re worried about a data breach from this site, please don’t provide any information.
What data breach procedures we have in place
If we become aware of a data breach, we will take reasonable steps to identify and inform anyone affected. I imagine our respective lawyers will argue over what “reasonable” means, but in this day and age, it’s almost an obsolete word anyway as “reason” has taken a backseat to “how can I profit from this?” And if I could make a profit off of you, trust me, I would already have tried.
What third parties we receive data from
We don’t receive data from any third parties. They wouldn’t return our calls.
Image by Mark D’aiuto