From 444a1cb1b426b304e7e04b9319a308d4b6ec3229 Mon Sep 17 00:00:00 2001
From: Frank Sauerburger <frank@sauerburger.com>
Date: Wed, 30 Jan 2019 10:39:20 +0100
Subject: [PATCH] Update privacy statement
---
app/assets/privacy.html | 41 ++++++++++++++++++++---------------------
1 file changed, 20 insertions(+), 21 deletions(-)
diff --git a/app/assets/privacy.html b/app/assets/privacy.html
index 94d6730..786fb00 100644
--- a/app/assets/privacy.html
+++ b/app/assets/privacy.html
@@ -42,8 +42,8 @@
usage data may include your IP address, geographical location, browser type
and version, operating system, referral source, length of visit, page views
and website navigation paths, as well as information about the timing,
- frequency and pattern of your service use. Cookie information is not processed
- at the server. The source of the usage data are
+ frequency and pattern of your service use. Cookies are not used.
+ The source of the usage data are
the web server access log files. This usage data may be processed for the
purposes of analyzing the use of the website and services. The legal basis for
this processing is our legitimate interests, namely monitoring and improving
@@ -169,26 +169,25 @@
withdrawal.</li>
<li>You may exercise any of your rights in relation to your personal data by written notice to us.
</ol>
- <h3>About cookies</h3>
- <ol>
- <li>A cookie is a file containing an identifier (a string of letters and
- numbers) that is sent by a web server to a web browser and is stored by the
- browser. The identifier is then sent back to the server each time the browser
- requests a page from the server.</li>
- <li>Cookies may be either "persistent" cookies or "session" cookies: a
- persistent cookie will be stored by a web browser and will remain valid until
- its set expiry date, unless deleted by the user before the expiry date; a
- session cookie, on the other hand, will expire at the end of the user session,
- when the web browser is closed.</li>
- <li>Cookies do not typically contain any information that personally
- identifies a user, but personal information that we store about you may be
- linked to the information stored in and obtained from cookies.<li>
- </ol>
<h3>Cookies that we use</h3>
- <p>We use cookies for the following purpose: A single session cookie is used
- as part of the technical demonstration on this website. The presence of the
- cookie indicates that a certain link was accessed. The information about the
- existence of the cookie is displayed on the main page of the this web site.</p>
+ <p>We do neither use nor set any cookies</p>
+ <h3>About TLS and HSTS based tracking</h3>
+ <p>TLS is a protocol used to transmit data via an encrypted communication
+ channel over the internet. It is used for the HTTPS protocol. HSTS is a
+ security policy that can be employed by websites using HTTS. A website using
+ HSTS signals the browser to use secure HTTPS connections for any request in
+ the future even when the unsecure HTTP version is requested by the user.</p>
+ <p>By using many subdomains, and employing HSTS selectively for the
+ subdomains the website can identify the browser on subsequent requests by
+ checking for which subdomains the browser remembers the HSTS policy</p>
+ <h3>How we use TLS and HSTS based tracking</h3>
+ <p>The demonstration of the TLS and HSTS based tracking for educational
+ purposes is the sole purpose of this website. The website uses TLS and HSTS
+ based tracking to encode a user defined string. The user defined string is
+ not decoded on the server. The user defined string is only decoded in the
+ browser. The decoded string is not transmitted.
+ The string can only be removed by clearing the browser data. The
+ string is arbitrary and must not contain personal information.</p>
<h3>Our details</h3>
<ol>
<li>This website is owned and operated by Frank Sauerburger IT.</li>
--
GitLab