Table of Contents [ Show]
For the purposes of diagnostics and site stability, a minimum amount of information is collected by the web server, as detailed here.
NGINX access and error logs are stored for a short period. Specifically, your IP, user agent and HTTP requests will be logged. These logs are rotated at the top of every hour at which time any log older than 1 hour is removed. As a result, this information is stored for a total of between 1 and 2 hours depending on how early in a given hour the action is observed. There will be absolutely no record of your visit stored beyond this time. Specifically, no logs are retained as part of system backups or other duplication methods.
The site makes use of Fail2Ban, a network analysis software which is meant to automatically detect and block excessive failed connections from a specific origin. For the purposes of normal browsing, no information should be collected by this system. If, however, failed attempts are made to access various protected services on the server, the offending IP will be stored indefinitely on a ban-list. IPs on this list will be retained at the authors discretion.
Despite every effort made by the author, the nature of the Internet Protocol means that it is often possible for 3rd parties to be aware of your activity on this site. Here are some details on the efforts made to mitigate these issues, steps you can take to be more secure and limitations that cannot be avoided in the current state.
This site is hosted on a Virtual Private Server provided by OVH. The author of this site cannot guarantee that this service provider is not collecting and using information related to your connection. While your HTTPS connection should result in all connections being encrypted all of the way to this web server, it is still possible for OVH and other intermediaries to log that you have connected to this site for unknown purposes.
To maximize your privacy, this site is only made available using HTTPS. More precisely, an initial HTTP request will be redirected to HTTPS. After redirection, or from the beginning if HTTPS is used initially, the content of your requests should not be visible to any computer in the network between this server and your computer under normal operations. However, every machine in between is aware that you are connecting to this site; only the content of the connection is obscured. It is possible that the content of your requests could be made available via a man-in-the-middle attack if you are on an insecure network. Use of a VPN is encouraged to ensure that your connection from your computer to the web is secure. However, note that a VPN is only as secure and private as the provider allows it to be.
Regardless of the efforts above, all computers between your machine, or your VPN host and this server will be aware of your IP or the IP of your VPN host as well as the fact that you are communicating with this server when accessed via the World Wide Web. If you wish to access disguise your activity you can visit the site using TOR as a proxy, or by visiting the site as a TOR hidden service (link will not work in a regural browser).
Outside of your direct HTTP activity on this site, the author makes available several other ways for you to limit the data he has from you. Specifically, if you have communicated with author via email or SMS, an API is available to request the removal of these messages. Proper documentation and simple tools on this will be provided in the future, but for now you can contact the author for general instructions.
The author uses VoIP.ms for phone and SMS services. The default retention of call history and SMS messages is indefinite. However, it is the position of the author that a sender should be allowed to request the deletion of any messages that they have sent at any time. While it cannot be guaranteed that VoIP.ms will not retain this information in some form, the logs and messages will be removed from all infrastructure owned and operated by the author.
Similar to SMS messages, the author believes that a sender should be allowed to request the deletion of emails sent. Note that this applies to all recipient addresses at the domain "john.me.tz". If you were to email the author via a business address or other 3rd-party address, the deletion of these emails cannot be achieved by the same means. Submit a request to the address in question and the author will manually delete any messages you wish. In the case of "john.me.tz" address, the author does control the entire email infrastructure and so messages can be gauranteed to be deleted.