Privacy Policy

• Summary
• Connection
• Data collection
• Cookies
• Other organisations
• Analytics
• Opting Out
• Jurisdiction
• GDPR statement
• Children
• Transparency Report
• Updates and Queries

Summary

• Your connection to this website is as secure as I can reasonably make it. Please consider taking steps to further secure yourself and your children online.
• I will never ask you for any personal information.
• My server logs (managed by Netlify) will record information including your IP address to ensure the security and stability of the server (as is standard for nearly all Web servers), but this doesn’t identify you — especially if you’re using a VPN.
• I don’t track you.
• I don’t use tracking cookies. To enhance accessibility, optional preference cookies will be set if you interact with the stylesheet chooser or the MathJax settings; these can be easily deleted or disabled in your browser.
• I don’t share your data with anyone else.
• I embed content from only one other service, Webmention.io, to enable you to own your comments and reactions to my blog posts.
• There are no adverts on this website.
• I don’t use analytics.
• You can opt out of most data collection using standard methods.
• You have rights under the GDPR.
• I’m never going to ask you to verify your age or identity because I care about your privacy.

Connection

Your connection to this website is end-to-end encrypted using Transport Layer Security (TLS). This makes it difficult for eavesdroppers to read or interfere with your communications with this website.

Both georgewatson.me and dendodge.me have valid SSL certificates issued via Netlify and Let’s Encrypt. The georgewatson.me domain, including all its subdomains, supports HTTP Strict Transport Security (HSTS) and has been submitted to the Chrome preload list. This domain receives an A+ rating from SSL Labs.

I can do very little to prevent your Internet service provider, employer, government, or parents from tracking your activity. If you wish to secure your connection further, consider connecting via an anonymous proxy, the Tor network, or a VPN (I recommend Proton VPN or Mullvad).

I recommend also using a private DNS protocol such as DNS over HTTPS or DNS over TLS to resolve domain names. Nameservers supporting these protocols include 1.1.1.1 by CloudFlare. Note that, if you are using a well configured VPN from a privacy-respecting provider, this should not be necessary.

Data collection

Like all websites, some information may be stored in the server logs regarding your visit to this website. These logs include information such as your IP address and User-Agent string, the resources on this server you attempt to access, the address of the page that referred you to the resource, and the status code returned to you by the server, along with the date and time. This information does not identify you personally, and is necessary for the operation and stability of the server. These logs are handled by Netlify, and their privacy policy also applies. I have access only to logs from the last 24 hours.

Instead of asking for your email address, I offer the facility to subscribe to new blog posts via an Atom feed using your favourite RSS reader. This does not involve giving me, nor any third party, any of your personal details. You may choose to consume this Atom feed using your RSS/Atom reader of choice.

Cookies

I may store the following first-party cookies on your device:

• mjx.*
  • Purpose: Stores your MathJax preferences, used on pages with embedded equations
  • Content: Several cookies containing a series of values representing your preferences
  • Provider: MathJax (hosted on this server, no cross-site requests)
  • Tracking: This cookie cannot be used to identify you personally, and provides no capability for cross-site tracking.
  • Effects if disabled: If you disable or delete this cookie, equations should still display, but some functionality and customisability may be lost.
  • Source code: The MathJax source code is available on GitHub.
• style
  • Purpose: Stores your chosen stylesheet, if you choose to interact with the stylesheet selector in this website’s footer (such as to choose dark mode or the high-accessibility option)
  • Content: The name of your chosen stylesheet
  • Tracking: This cookie cannot be used to identify you personally, and provides no capability for cross-site tracking.
  • Effects if disabled: Deleting or disabling this cookie will result in the stylesheet being reset to default on every new page load; you can still temporarily change your stylesheet by using the buttons in the footer or your browser’s built-in stylesheet chooser.
  • Source code: The source code for this cookie is available in this website’s GitHub repository.

These are classified as functional/preference cookies. They remember your preferences but are not strictly necessary for the website’s operation. Under the GDPR, you provide consent by choosing to interact with these features after being informed of their use by the notice in the footer of every page.

You can withdraw this consent at any time by deleting or disabling these cookies in your browser. See your browser’s help pages for information on how to do this, or the § Opting Out section for more information.

Other organisations

Instead of hosting comments, which would require me to gather your information myself or embed content from a particular third-party provider (such as Disqus) who wants your information, this website supports webmentions on blog posts. This is a W3C Recommendation (open standard) allowing you to react and comment from your own website, or across various social platforms. You can push webmentions from your own website, but I also use brid.gy to pull webmentions from other platforms (e.g. Reddit), so sharing or commenting on my blog posts there should show up too. If you want to comment anonymously, services like commentpara.de facilitate this; you can choose the service of your choice.

To enable this to update dynamically and facilitate open conversations, I embed content from Webmention.io on blog posts.

I do not embed any content from any other organisations. All scripts, assets, and font files are hosted on the same server as this webpage, so when you make an HTTPS request to this website, no requests are made to any servers except this one and Webmention.io. You can verify this using your browser’s developer tools, and block external requests using various browser extensions.

Analytics

This website does not use Web analytics.

Netlify may record and analyse your traffic for their own purposes, but this information is not currently available to me. Their privacy policy applies.

Opting Out

You can opt out of cookies by disabling them for this website — or for all websites — in your browser settings. Existing cookies can be deleted in your browser, probably near where your history is stored. You could also choose to browse in Private/Incognito mode.

Your IP address can be masked by using a Web proxy or VPN service, many of which are available for free (see § Connection).

Your User-Agent string can probably be changed in your browser. Any referrer information can be removed from your request by pasting the URL directly into your address bar instead of following a hyperlink. If you’re privacy-conscious enough to care about these things, you probably already know what you’re doing.

These opt-out mechanisms are simple and standardised, and provide fine-grained control across multiple websites. I consider this superior to the deliberately difficult, confusing, and non-standard mechanisms provided by most websites in the name of GDPR compliance.

In particular, while I take pains to inform you of the cookies this website uses (see § Cookies), I do not offer a homemade facility to disable them because you already have a better one in your browser — and unlike most cookie banners, that one is designed to empower you, rather than confuse and mislead. If you are concerned about cookies, I strongly encourage you to familiarise yourself with your browser’s options and make use of them wherever you browse. The fact that regulations mandate redundant, user-hostile banners instead of better privacy controls in browsers reveals whose interests are really being served by this legislation, and it is neither users nor small indie website operators.

As a rule, browser-level privacy controls are superior to website-level consent mechanisms because they are more consistent and do not create a regulatory burden that favours large platforms (who can afford the cost of compliance) over independent website operators (who can’t). Website-level regulation actively harms privacy by driving consolidation, and I encourage you to choose a browser that offers high-quality privacy controls in the hope that shifts in market share may eventually be reflected in updated legislation.

I would recommend a free, open-source browser with a strong commitment to user privacy, such as Firefox or Brave, over those owned by large companies that derive most of their income from advertising.

Jurisdiction

I reside in England, in the United Kingdom. Hosting is provided by Netlify, a company based in San Francisco, California, in the United States.

Every effort has been made to comply with the laws of England & Wales and the wider United Kingdom, and to ensure that Netlify are not breaking any laws in their jurisdiction by hosting this website. It is your responsibility to ensure that you are not breaking any local laws in your jurisdiction by visiting or interacting with this website. I cannot and will not comply with laws to which I am not subject, including censorship or blasphemy laws that may apply in some areas.

I am not responsible for the content or policies of most external websites, even if I embed or hyperlink to them. Linking to, embedding, discussing, or recommending an external website or organisation does not imbue me with responsibility for that website or organisation’s actions, and should not be viewed as an endorsement of their policies. Other websites will have privacy policies that differ from this one. It is your responsibility to ensure that you agree to the terms of any websites or organisations with which you choose to interact.

GDPR statement

As a visitor to this website, you have the right to:

• access your personal data and information about how it is processed
• rectification of inaccurate personal data
• erasure (the right to be forgotten) in certain circumstances
• restrict processing of your personal data
• data portability (the right to receive your data in a structured, commonly used format)
• object to processing based on legitimate interests
• lodge a complaint with the Information Commissioner’s Office

To exercise any of these rights, contact the data controller, George Watson-Hyde, by email at privacy@georgewatson.me.

The limited personal data processed by this website (see § Data collection) is processed on the basis of legitimate interests, primarily the operation and security of the Web server. This processing is necessary to deliver content to you and protect against malicious activity.

This website does not use automated decision-making or profiling, because it does not make any decisions.

If you wish to exercise your right to data portability, I will endeavour to provide all pieces of your personal data to which I have access in a structured, commonly-used format. However, note that the only personal data to which I have access are your IP address, User-Agent string, and browsing history on this website over the last 24 hours, all of which you probably already know (or can find out more easily elsewhere), and most of which you would need to provide to me in order to allow me to action your request in the first place, so overall you may be wasting your time and mine.

Data retention and sharing are described elsewhere on this page.

Children

This website does not knowingly collect personal information from people under the age of 13, because I do not know who you are or how old you are.

This website is operated as a noncommercial personal blog. This is exempt from the Online Safety Act’s regulatory framework under the “limited functionality” exemption (schedule 1, paragraph 4).

I do not believe that this website contains any material harmful to children; furthermore, I believe that the free exchange of information is an essential component of liberal democracy and that its benefits in aggregate outweigh any individual harms that may occur as a side effect. However, the Online Safety Act reflects the government’s view that children require additional protections online. In compliance with this principle, if you are under 18, please ask a parent or guardian to verify that the content of this website is appropriate for you before proceeding.

In the interests of your privacy, and to minimise the risk of identity theft and overreaching surveillance, I do not intend to introduce intrusive age-verification technology on this website. Noting that age restrictions apply only to connections that appear to the server to originate within certain countries (such as the UK), you may further wish to consider using privacy-preserving technologies like those described above to avoid these risks for yourself when browsing elsewhere.

While parents and guardians are best placed to make judgements about the needs of the children in their care, I believe that parental engagement and harm reduction are more effective than restriction or censorship at tackling the problem of children encountering harmful content online. Furthermore, restricting access to certain information often makes people more curious about it and enforced content restrictions are likely to drive children towards less compliant platforms with less concern for the legality and morality of their content. I encourage any parents or guardians reading this policy to engage in age-appropriate conversations about online risks, privacy, and media literacy, and to create a safe space for children to discuss what they encounter online.

It is important to recognise that, while some children require protection from age-inappropriate content, others (including, for example, LGBT teenagers in repressive households or countries) require access to vital information, support, and spaces that their households or governments may restrict, and I believe they have the right to circumvent such restrictions. Allowing either the government or parents to control what children can access enables both protection and repression; I have chosen to prioritise freedom to access information, accepting the accompanying trade-offs; parents and guardians concerned about their children’s Internet access should focus on engagement and harm reduction to mitigate the accompanying risks.

Transparency Report

• I have never received any request for personal information regarding any visitor to this website from a government or law enforcement agency.
• I have never been enjoined or otherwise legally prevented from publishing any material on this website.

The largest number of notices ever displayed above is 2. What’s this?

Updates and Queries

All changes to this privacy policy will be recorded in the commit history of the GitHub repository associated with this website. You can subscribe to an Atom feed provided by GitHub if you wish to be notified of commits involving changes to this policy.

If you have any queries, contact privacy@georgewatson.me or use one of the other contact media listed on the Contact page.