'Tis the season to tell people exactly what information we do and do not collect. Most sites are doing this because the European Union just passed a law that makes them. I'm not entirely convinced this site is obliged to do any such thing, but I do believe that making people aware of what information is gathered and used on the net is a Very Good Thing. As such, I present to you, to the very best of my knowledge, a list of information that is collected and used by Eviscerati.Org.
What Eviscerati.Org collects
Eviscerati.Org is a database-driven website that allows visitors to create user accounts. Your user account consists of a username, a password, and a valid email address. The valid email address is a requirement as an attempt to block blog-spamming bots -- during the account creation stage, a verification email is sent to the email address that requires the user to confirm their identity by clicking on a link.
I also require a valid email address be used when anonymous visitors post comments on the site. This is also an anti-blogspam measure. It is not shown publically, but a site admin can see it.
Now, this is not as effective a method of spambot-killing as it used to be -- burner email accounts are a dime a billion, after all. However, it does block a non-trivial amount of account registration attempts from obvious bots, so I still use it as one layer of a defense among others. That means if you have an account, your valid email address is stored in my site's database. I recommend using a unique password, or at least a "trash password" that you use for sites you don't care about. Don't use a password you also use with your bank accounts.
Update: as noted in the comments below:
You also store openids and a signature (is this even used? I'm about to find out) users have entered, and how long ago a user registered. Plus of course all the comments/forum posts people have made.
And that's pretty much all Eviscerati.Org, the site itself, does.
Other services Eviscerati.Org uses
That's not the end of the story, though. Eviscerati.Org uses some other services that are probably also tracking you in some way, shape, or form:
You see the Patreon link over to the right? I use that to make money. Patreon probably has its own statement about what data it collects. There isn't really any Patreon integration on this site but I do occasionally talk it up.
I've had a PayPal link on the site for a very long time. Every time I take it down I get an email from someone asking me to put it back up because they're more comfortable using that for donations than anything else. Other than the widget I put on the site, I don't have any integration with PayPal, but I don't know what the widget can do. If it can do anything.
...I'm sure it's fine.
Hoo boy, this is a big one.
Google Analytics tracks user traffic. This was a lot more important to me when I was actually trying to serve ads on my website. It's not as important these days, since Eviscerati.Org has been ad-free for a very long time (with the exception of the ad for prgmr.com, our excellent webhost), but I still want to know how many people visit, when they do, and how often.
The thing that GA does that a lot of built-in traffic tracking utilities don't do is that it can some how separate bot traffic from human traffic, and it only shows you the human traffic. This pissed me off quite a bit when I first started using it, but since I create things that only humans can appreciate1 I find that accuracy invaluable. However, the depth of information GA can give me is a little disturbing. It not only shows my daily, weekly, monthly, and yearly traffic, it can break it down into age and gender demographics.
I don't know how it does that, but I assume tracking is involved.
I wasn't aware of this one until a few days ago!
I use two Google fonts, Open Sans and Quattrocentro, on my website. According to Google's FAQ "The Google Fonts API is designed to limit the collection, storage, and use of end-user data to what is needed to serve fonts efficiently." I don't know what that means, except that it does, to some extent, collect, store, and use end-user data.
I find that pretty creepy for a font.
Some off-the-cuff research I've done since learning about this suggests that the data collection is limited on my site because I run it encrypted (that's the https:// you see in the URL). Which is fine and all, but fonts?
Yeah, so this bothers me a little, and I'm going to phase out the Google Fonts, as soon as I find replacements I like.
The only information of yours I store on my site is whatever email address you use when you create an account or post anonymously. Google, apparently, collects a lot more information about you, and shares some of it with me. Also, Google Fonts are apparently spying on you, but maybe only a little?
- 1. So far -- I'm sure Siri and Alexa will get there someday