Pale Moon forum

I added a Privacy Policy section to the Basilisk site. Someone emailed me asking for info regarding what data is logged by Basilisk related services and I've seen a couple comments on the forum asking about it.
https://basilisk-browser.org/privacy.shtml

I don't think I missed anything, but if I did let me know and I'll make sure it gets added.

Looks good, some minor grammatical nits in one sentence:

This logging is only reviewed when we need to block a malicious IP address. Other than that one circumstance, this logging is never reviewed in any way, neither by a human, nor by a computer program.

Grammar pedantry ➜ suggested precision:

This logging is reviewed only when we need to block a malicious IP address. Other than that one circumstance, this logging is never reviewed in any way, neither by a human[,] nor by a computer program.

That'd be more a stylistic choice than anything else

This is the main site for Basilisk. We log IP addresses and user agents that request pages on this domain for one week. Logs are rotated once weekly at 00:00 UTC on Sunday. This logging is only when we need to block a malicious IP address. Other than that one circumstance this logging is never reviewed in any way, neither by a human or by a computer program.

"Rotated" usually means that the log file is renamed. As a user I don't care if or when log files are rotated, but I do care when the logged data is deleted / irrecoverably destroyed. A week is also way to long, especially if some IPs are kept much shorter (6, 5, 4, 3, 2 or 1 day or just for a second before rotation), which clearly shows that there is no need for keeping it longer (or rotate does not mean delete at all and you are keeping the log files for much longer).

It feels like you are describing the default configuration of your server. From a privacy perspective the question why you need it longer than 24 hours.

If you don't want your IP logged, simply don't browse the Basilisk site.

Sorry, too late. IP is already logged when reading the policy on the website

If you don't like it, don't use the service is not a good privacy policy. Just imagine Google would allow to do this: We collect everything. If you don't like it, don't use our service.

But overall I like it. Short and easy to understand. (Personally I do not care much about logged IPs or I would use Tor)

random wrote: ↑

2023-01-19, 21:04

If you don't like it, don't use the service is not a good privacy policy. Just imagine Google would allow to do this: We collect everything. If you don't like it, don't use our service.

Sorry for butting in here in reply; of course basilisk-dev can respond in any way they want but I'd like to respond with a general consideration here:
It's a good remedy if you don't agree with the privacy policy as there is no real remedy otherwise for sites having stated privacy policies (unless they go out of their way of offering data deletion services, e.g. social media sites). The reality in your Google example is exactly that. If you use Google services, Google will collect data. Their privacy policy merely informs you what they collect, why, and how it's being used. If you disagree then your only recourse is to not use them. I think it's only fair that this remedy is offered as part of this privacy policy here in case you for some reason cannot agree with it. My own site and service policies have similar statements for clarity, as well.

random wrote: ↑

2023-01-19, 21:04

"Rotated" usually means that the log file is renamed. As a user I don't care if or when log files are rotated, but I do care when the logged data is deleted / irrecoverably destroyed. A week is also way to long, especially if some IPs are kept much shorter (6, 5, 4, 3, 2 or 1 day or just for a second before rotation), which clearly shows that there is no need for keeping it longer (or rotate does not mean delete at all and you are keeping the log files for much longer).

It feels like you are describing the default configuration of your server. From a privacy perspective the question why you need it longer than 24 hours.

This is incorrect. See for example the Wikipedia article on Log rotation.

In information technology, log rotation is an automated process used in system administration in which log files are compressed, moved (archived), renamed or deleted once they are too old or too big

In my case I have it set to delete the logs after 1 week, hence the old logs are rotated out. This fits the definition of log rotation per the Wikipedia article. In addition to that the tool I used to configure this weekly deletion of logs is called "logrotate".

random wrote: ↑

2023-01-19, 21:04

If you don't like it, don't use the service is not a good privacy policy. Just imagine Google would allow to do this: We collect everything. If you don't like it, don't use our service.

I disagree here 100%. This is exactly what Google already does now. If you don't want Google to collect information, do not use Google services. I don't use Google (neither search nor Gmail nor YouTube) for precisely this reason.