Privacy Policy

Last update: 2023-07-28

Who we are

We are me, the rando who owns this site. You can probably infer from the name that I am licensed by the government for at a specific type of activity, hence the shorter and apropos URL.

What personal data we collect and why we collect it


Cookies are unnecessary for you to read this site. Feel free to block everything!

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies stored on your local machine. These are for your convenience. These cookies will last for one year. But you can easily delete them.


Because WordPress is spam-catnip, I’ve disabled comments on old posts. New posts may or may not have comments off by default, but will definitely disable them after 90 days. Because of spammers, we can no longer have nice things.

I don’t receive a lot of comments anyway. But if you do leave one, we (er, I) collect the data shown in the comments form, your IP address and the browser user agent string. The latter two items are only to reduce spamments, a huge fucking problem with WordPress. Unless I know you, comments are queued until they can be hand-moderated, which could be soon, or weeks. If you want me to reply, it’s helpful if you leave a contact point, but it’s okay to be slightly oblique. Assume I’m of average intelligence, e.g., [email protected], which I would know to be johnsmallberry at gmail dot com.

Embedded content from other websites

Most of the images on this site are my own. Any omission of attribution is unintentional – please let me know and I will correct it. There may be some embedded content for older things, especially Flickr. Years ago (early 00s), Flickr was where the Cool Kids Hung Out, and I hosted a lot of my photos there. Yahoo bought Flickr and did what Yahoo does best: destroy value. Terms changed, my photos were purged because I didn’t think $100/year was worth it. I have been hugely unmotivated to clean up >10 year old blog entries.

Because speed is important, I use a content delivery network that slurps up the image and makes it available from variety of other points on the Internet in different sizes and formats. I also have some site monitoring software, because script-kiddies are always trying to deface my website.

Links to other websites will behave in the exact same way as if you visited the other website directly. Those websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website. That’s just the way the Internet works.

Steps I recommend to my family, friends, complete strangers and, yes, even my mortal enemies:

  • Use a password manager. The biggest reason is so you’ll never, ever reuse passwords. I’ve been using 1Password for years, but I understand BitWarden, KeePass and DashLane are also very good. FFS, do not use LastPass.
  • Use a browser that has adequate security safeguards. As of March 2023, this includes Vivaldi, Safari and Mozilla Firefox. Microsoft Edge is probably okay. Brave might be. I don’t trust Google Chrome. If, God-forbid, you’re still using Internet Explorer, you have more serious problems than to worry about what a lower fourth-quartile blog is doing with your information.
  • Do not load images from emails by default. It can also be helpful to remove tracking – DuckDuckGo and ProtonMail can help here. Your phone has a setting to disable that. If a company consistently sends you image-only emails without alt-text (looking at you, Mod Pizza), it’s time to unsubscribe.
  • Disable third-party cookies. This may break some sites, especially, which has so many tracking/metric things that its unusable for me. Honestly, though, disabling tracking is a good default.
  • Use ad- and social media blocking plugins. uBlock Origin, Ghostery and Disconnect seem to be pretty good.
  • Periodically purge your entire browser cache. You will trade convenience and speed for privacy.
  • Don’t use social media (or at least limit what you share). You may also find yourself happier not having to read the latest screed from your racist extended family members. I know I sure am.
  • Use a VPN. When on a public network, I currently like Mullvad/Mozilla VPN because it’s simple and they have a great privacy policy. ProtonVPN seems extensive, but it’s more complex and its performance has not been as good in my limited use. NordVPN is fast, but has some questionable marketing practices.
  • Use burner email addresses for sites you do not intend to regularly visit. It’s a feature built-into 1Password and Fastmail.


I have some general analytics enabled to measure server metrics. As the title is “Notes to self,” I generally ignore these unless extreme events happen.

Who we share your data with

Except for the examples cited, we are unaware of any intentional sharing.

How long we retain your data

If you leave a comment, the comment is retained until the heat death of the universe. Metadata is only kept long enough to verify you’re not a script kiddie trying to fuck with my site.

What rights you have over your data

Some, all or none.

Where we send your data

See above.

Additional information

How we protect your data

  • We don’t ask you for more information than necessary. I don’t know why companies find that so difficult.
  • We have enabled SSL on the site.
  • We use WordFence (WordPress Firewall) and Akismet (spamment mitigation).
  • The site receives regular security updates.
  • The site has two-factor authentication enabled because script kiddies have nothing better to do than try to break into my personal blog. (Can you tell script kiddies piss me off?)
  • I’ve got better things to do than monitor IP address logs.

What data breach procedures we have in place

None. Assume everything you enter will be made public. However, again, your exposure is extremely low because we don’t ask for things.

What third parties we receive data from

This is a low-budget endeavor. WordFence provides aggregated IP to country-level notifications of Bad Behavior.

Why don’t you have one of those GPDR cookie selection things?

Have I mentioned that this is a low-budget endeavor?