From bfa098efd4b7a938322d5b6b410cb596655732d5 Mon Sep 17 00:00:00 2001 From: Ethan Yoo Date: Thu, 29 Dec 2022 11:20:54 -0500 Subject: [PATCH] Update privacy policy: Note the search bar's use of DuckDuckGo as a fallback --- content/privacy.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/privacy.md b/content/privacy.md index ee55d39..5f89e13 100644 --- a/content/privacy.md +++ b/content/privacy.md @@ -1,6 +1,6 @@ --- title: Privacy policy -date: 2020-11-08 +date: 2022-12-29 layout: permalink description: "You should always try to understand the privacy policy." --- @@ -11,7 +11,7 @@ There are no external dependencies or resources, including Google Fonts or socia I do not have access logs enabled. [Access logs](https://httpd.apache.org/docs/current/logs.html) typically include IP addresses, operating system information, the internal pages and resources requested, and time of access. -Browsers will, by default, "prefetch," or ["proactively perform domain name resolution on both links that the user may choose to follow as well as URLs for items referenced by the document."](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-DNS-Prefetch-Control) Because I link to external sites, I have *disabled* prefetching with the X-DNS-Prefetch-Control header. Setting this header avoids "leaking" your information to external sites by simply browsing my website. **If you click on an external link, you are still subject to the privacy and security policies of that outside website.** +Browsers will, by default, "prefetch," or ["proactively perform domain name resolution on both links that the user may choose to follow as well as URLs for items referenced by the document."](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-DNS-Prefetch-Control) Because I link to external sites, I have *disabled* prefetching with the X-DNS-Prefetch-Control header. Setting this header avoids "leaking" your information to external sites by simply browsing my website. **If you click on an external link, you are still subject to the privacy and security policies of that outside website.** If JavaScript is disabled (typically a conscious decision) or the search script fails to load, search queries will instead be sent to DuckDuckGo. Your connection to this website is secured by, among other settings, HTTP Strict Transport Security (HSTS) headers, redirection to HTTPS, and a strong Content Security Policy. You can [read more about web security](https://infosec.mozilla.org/guidelines/web_security) or [easily test any website's security settings.](https://observatory.mozilla.org/)