Privacy Statement

Submitted by C B Wright on

'Tis the season to tell people exactly what information we do and do not collect. Most sites are doing this because the European Union just passed a law that makes them. I'm not entirely convinced this site is obliged to do any such thing, but I do believe that making people aware of what information is gathered and used on the net is a Very Good Thing. As such, I present to you, to the very best of my knowledge, a list of information that is collected and used by Eviscerati.Org.

What Eviscerati.Org collects

Eviscerati.Org is a database-driven website that allows visitors to create user accounts. Your user account consists of a username, a password, and a valid email address. The valid email address is a requirement as an attempt to block blog-spamming bots -- during the account creation stage, a verification email is sent to the email address that requires the user to confirm their identity by clicking on a link.

I also require a valid email address be used when anonymous visitors post comments on the site. This is also an anti-blogspam measure. It is not shown publically, but a site admin can see it.

Now, this is not as effective a method of spambot-killing as it used to be -- burner email accounts are a dime a billion, after all. However, it does block a non-trivial amount of account registration attempts from obvious bots, so I still use it as one layer of a defense among others. That means if you have an account, your valid email address is stored in my site's database. I recommend using a unique password, or at least a "trash password" that you use for sites you don't care about. Don't use a password you also use with your bank accounts.

The site also uses cookies. The site cookie is what allows you to log in, go visit another site, and then come back and still be logged in.

Update: as noted in the comments below:

You also store openids and a signature (is this even used? I'm about to find out) users have entered, and how long ago a user registered. Plus of course all the comments/forum posts people have made.

And that's pretty much all Eviscerati.Org, the site itself, does.

Other services Eviscerati.Org uses

That's not the end of the story, though. Eviscerati.Org uses some other services that are probably also tracking you in some way, shape, or form:


You see the Patreon link over to the right? I use that to make money. Patreon probably has its own statement about what data it collects. There isn't really any Patreon integration on this site but I do occasionally talk it up.


I've had a PayPal link on the site for a very long time. Every time I take it down I get an email from someone asking me to put it back up because they're more comfortable using that for donations than anything else. Other than the widget I put on the site, I don't have any integration with PayPal, but I don't know what the widget can do. If it can do anything.

...I'm sure it's fine.


Hoo boy, this is a big one.

Google Analytics tracks user traffic. This was a lot more important to me when I was actually trying to serve ads on my website. It's not as important these days, since Eviscerati.Org has been ad-free for a very long time (with the exception of the ad for, our excellent webhost), but I still want to know how many people visit, when they do, and how often.

The thing that GA does that a lot of built-in traffic tracking utilities don't do is that it can some how separate bot traffic from human traffic, and it only shows you the human traffic. This pissed me off quite a bit when I first started using it, but since I create things that only humans can appreciate1 I find that accuracy invaluable. However, the depth of information GA can give me is a little disturbing. It not only shows my daily, weekly, monthly, and yearly traffic, it can break it down into age and gender demographics.

I don't know how it does that, but I assume tracking is involved.


I wasn't aware of this one until a few days ago!

I use two Google fonts, Open Sans and Quattrocentro, on my website. According to Google's FAQ "The Google Fonts API is designed to limit the collection, storage, and use of end-user data to what is needed to serve fonts efficiently." I don't know what that means, except that it does, to some extent, collect, store, and use end-user data.

I find that pretty creepy for a font.

Some off-the-cuff research I've done since learning about this suggests that the data collection is limited on my site because I run it encrypted (that's the https:// you see in the URL). Which is fine and all, but fonts?

Yeah, so this bothers me a little, and I'm going to phase out the Google Fonts, as soon as I find replacements I like.

In Summation

The only information of yours I store on my site is whatever email address you use when you create an account or post anonymously. Google, apparently, collects a lot more information about you, and shares some of it with me. Also, Google Fonts are apparently spying on you, but maybe only a little?

  • 1. So far -- I'm sure Siri and Alexa will get there someday


Comments are active for 30 days after publication. If you wish to comment after 30 days please use the Forums.

I need to do this same

I need to do this same exercise, and your first section is perfect for my site also. (I think, need too confirm.) Mind if I copy it? With attribution if you want.

BTW your current comment

BTW your current comment system has an annoying layout. On the confirmation step, the submit button is separated from the actual comment by the entire article.

Feel free to use it.

Feel free to use it.

The confirmation thing is another anti-blogspam design "feature." it should be placing your comment above everything else, though...

Writer, former musician, occasional cartoonist, and noted authority on his own opinions.

You also store openids and a

You also store openids and a signature (is this even used? I'm about to find out) users have entered, and how long ago a user registered.

Plus of course all the comments/forum posts people have made.

A math joke: r = | |csc(θ)|+|sec(θ)| |-| |csc(θ)|-|sec(θ)| |

Good points, will update

Good points, will update accordingly.

Also, your comment was held for moderation for some reason. I don't know why. The math joke, maybe.

Writer, former musician, occasional cartoonist, and noted authority on his own opinions.

You're also required to have

You're also required to have a way for EU commenters to request their information (a list of their comments and the existing profile editor, I think) and request that it be removed. That's it as far as the substantive requirements.

You're also required to have an EU-resident Data Protection Officer, and failure to comply means each country's privacy body can sue you for about $28 million. Which (currently) can't be enforced in the US, but may curtail your vacation spots...

The DPO is a requirement for

The DPO is a requirement for much larger operations, I think. I guess if the EU really wants to make a statement about it, they can rendition me to EU soil. That's how things are done these days, so I'm told.

The information request thing is something I am 100% completely out of compliance with, and expect I will continue to be so.

Writer, former musician, occasional cartoonist, and noted authority on his own opinions.

Google Fonts :

Google Fonts :
You can host them on your own web-server; they are all in the public domain. Doing this will of course impact the amount of traffic from your web-server & thus might influence your hosting bill. Please contact me if you need any help doing this