Privacy Policy — in progress

Who we are

Welcome to LobsterForest.com. We are the people with admin rights over this website.  We are not the hosting company, the developers of WordPress, or of any plugin and so forth.

Who you are

You are a logged-in user or a visitor who may or may not become a logged-in user.  You are not a spammer, spider, scraper, thief, bot, malware, misconfiguration, or malicious actor.  Notably, you are also not a person who has been banned from the site.

We will ATTEMPT to use WordPress in a way that respects your privacy — and ours.  This is not easy and in parts is doomed to fail.    The whole damned world is spying on all of us, from our cars to our televisions. 

In balancing operations with privacy, this website will try to keep the needle as close to the “Privacy” peg as possible while still being operational.  This means blindly accepting any service that we are unwilling or unable to manually validate the code — which is everything.  We provide this website as a best effort under the motivation described to so far in this document. 

Your use of this website should be on an as-is basis.  But here’s a promise:  LobsterForest.com will never sell, barter, or trade your privacy.  We cannot speak for the myriad services beneath what we control, or between us and you.

Finally, this website requires an approved login in order to post or comment.  There is no self-sign up — there will be no comment spam.

Boilerplate with Comments

Everything below “in quotes” is boilerplate from the original privacy statement, with notes added in [italics and square brackets].  The below will be revised as things are brought into line with the above.

What personal data we collect and why we collect it

Comments

“When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.”

[This is nuts and bolts of the internet and part of how WordPress operates.  I have no idea if it would even be possible to function without collecting this — obviously it’s all present for at least a moment or else your packets wouldn’t get answered.  We may be able to stop collecting some of this, but underlying systems will not stop collecting and probably maintaining.]

“An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.” 

[This site will attempt to kill Gravatar.  For this reason, we have user avatars disabled — as there is no further option to disable just Gravatar.  Why?  Gravatar is a WordPress-operated identity leaking mechanism.  Do you remember every website you commented on for as long as you have had a Gravatar, and what throwaway name you might have used?  Gravatar does, and they leak this information.  So Gravatar is unacceptable, and we will try to kill it here.]

Media

“If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.” 

[We would like to only accept images with NO metadata.  This will restrict the type of media that can be posted.  More to follow — no action taken so far on this front.]

Contact forms

Cookies

[WordPress relies on cookies, as does much of the internet.  Innocuous cookies are not bad, and are in fact necessary based on the early construction of the web.  It’s still a handy way to give the internet a little bit of memory, but is frequently abused.  The problem with cookies is that a company setting a cookie on your computer can also sell your identity and the ID of the cookie, so that another website who finds that cookie will know who you are.  There are privacy controls and laws which help mitigate this, but YMMV.  That said, if we’re using WordPress, then we’re using cookies, and I have no control over what Automattic or the hosting company here do with that data.]

“If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.” 

[I don’t think this applies, due to the requirement to log in for anything other than plain internet read permissions.]

“If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.” 

[This is a good use of cookies.]

“When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select ”Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.” 

[This is also a good use of cookies.  It can be abused, but it beats having to sign in every time you load a page.]

“If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.” [ I do not know why this is done.  If it doesn’t have to be done, it will be removed.  If possible.]

Embedded content from other websites

“Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.”

[For this reason, we have been reluctant to provide some of the pass-through functionality that you sometimes see when embedding videos or comments from other sites.]

Analytics

Who we share your data with

How long we retain your data

“If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.” 

[Not applicable — we do not use comment moderation because only signed in users can post or comment, and self-registration is not enabled.]

“For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.”

[True.]

What rights you have over your data

“If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.”

[We do have a button which purports to do either of these things.  Never tried it.]

Where we send your data

“Visitor comments may be checked through an automated spam detection service.”

[Unlikely, as we do not allow visitor comments.  Haven’t seen anything like this.  Cannot rule out the possibility that the hosting company does something like this — no clue.]

–Nothing beyond this point–

Your contact information

Additional information

How we protect your data

What data breach procedures we have in place

What third parties we receive data from

What automated decision making and/or profiling we do with user data

Industry regulatory disclosure requirements

Comments are closed.