Privacy Statement

Submitted by C B Wright on

'Tis the season to tell people exactly what information we do and do not collect. Most sites are doing this because the European Union just passed a law that makes them. I'm not entirely convinced this site is obliged to do any such thing, but I do believe that making people aware of what information is gathered and used on the net is a Very Good Thing. As such, I present to you, to the very best of my knowledge, a list of information that is collected and used by Eviscerati.Org.

If you noticed it was broken... I don't think it's broken any more.

Submitted by C B Wright on

A number of you have emailed me to report that a number of recent comics were no longer displaying on the site. I think I've fixed that now. I was modifying the site last night and some things were inadvertently hidden from view. They are now un-hidden...

Thank you for the heads up. Unfortunately there is still no comic today.

SSL working, To-do list shrinks considerably

Submitted by C B Wright on

So SSL is now functioning properly on my site, everything is redirecting to the proper URLs, and site cookies are now sent over encrypted connections only.1

I had to make a few sacrifices in order to get here. Banner ads are disabled until Project Wonderful implements its SSL supported ad functionality. I now have to pay for a signed certificate every year. Jury is still out on whether enforcing SSL will affect site performance in any appreciable manner. And once again my site no longer has single sign-on functionality (so far none of the Drupal modules I've looked at want to work).

Overall, though, it looks like I can take a breather from tinkering with the site for a while.2

  • 1. With one exception. Apparently Drupal issues a cookie named "has_js" when it detects that a browser has javascript enabled. I'm not entirely sure what this does, but from what I can gather it notifies Drupal that it can use fancy javascript effects on tools that make use of them. Firefox claims it is still sent over any type of connection, and I'm not sure whether that constitutes a problem. For the time being I'm assuming it doesn't put anything at risk, but I'm still looking into it.
  • 2. Maybe a week, if I'm lucky, then there will be another crisis. Or they'll release Drupal 7.

EvisceratiNet & going ad-free... for a while

Submitted by C B Wright on

In the process of trying to turn on SSL I've discovered that the ads served by Project Wonderful are only served over http: and not https:. This is what has been causing your browsers to report that some of the content on this site isn't secure.

I've been in contact with Project Wonderful and they plan to enable SSL-supported advertising soon, but it's not ready yet. I've volunteered to beta test it for them when the time comes, but until then I'm turning ads off. I don't consider Project Wonderful a security risk at all, I just think it's better for people visiting my site not to have to keep encountering those browser warnings.

SSL Status

Submitted by C B Wright on

SSL is active on the site.

70-90% of the time you should automatically be redirected to the secure link (https).

Some of the domains that redirect to and don't play nice with the certificate and if you hit them your browser will pop up a warning.

That's as far as I can go for the moment. Maybe tomorrow night I'll get the rest of the way there.

Site activating SSL, Single Sign-On Going Away

Submitted by C B Wright on

You may or may not be aware of Firesheep, a Firefox plugin that makes it ridiculously easy to commit identity theft. It was released about the same time EvisceratiNet went live, and had about 200,000 downloads in the first two days. I just found out about it yesterday.

Here's the short version: when you sign in to most web sites, the web site will mark you as logged in by placing a cookie in your browser that essentially says "yeah this guy's OK." Most of these cookies are unencrypted -- that is, there are no particular safeguards against another browser reading and/or using that cookie other than it's being sent to you and the general expectation is that it won't be intercepted and used by anyone else.

However, if you're getting these cookies over a wireless connection, especially a public one, it is actually possible, and apparently very easy, for anyone with the right equipment to collect any cookies sent your way. Firesheep does just that. When you activate the plugin a new bar appears in your Firefox browser with a list of every insecure cookie it finds. And if you click on one of those cookies, it logs you in to whatever service the intended recipient of the cookie was trying to access.