Created: Friday, October 13, 2017 @ 19:00:00 EST
Updated: Monday, August 31, 2020 @ 23:37:00 EDT
Normal people words.
- NO PII IS COLLECTED
- NPI COLLECTED IS NEVER SHARED
- THE ONLY TRACKER IS GOOGLE ANALYTICS
- COOKIES, WHILE USED, ARE POINTLESS, THEY DO NOTHING ON THIS SITE.
- DNT IS DEAD (SADLY).
- THIS SITE IS NOT SAFE FOR CHILDREN (Rather, the twitch stream isn't.)
- UPDATES MAY BE PUSHED WITHOUT WARNING (Since I can't contact anyone)
- EMAILING ME IS LIKELY NOT GOING TO HELP YOU. SEND ME A DM ON TWITCH or TWITTER
- LEGALESE IS DUMB
- No personally identifiable information is collected from you.
- Cookies are used on this website.
- "LOLSESSION" (php session variable. Used to track the $_SESSION object. It's actually primarily used internally for administrators, meaning you could delete this cookie over and over and the site shouldn't even hiccup.
- Cookies that start with "cf" (or underscores and then "cf"), these are added by CloudFlare. See This article for more information. They're mostly harmless and used primarily to render CloudFlare's CDN and security services.
- On pages with an embedded Twitch Player and Twitch Chat, cookies may be set under twitch.com. See This article for Twitch's Privacy Notice. These cookies I have zero control over, sadly. And disabling them likely will break the player. Using adblock + ghostery or similar setups shouldn't break it though while weeding the bad ones out.
- Information about your computer is collected
Apache had a module for custom logs. This module collects specific information about your requests. Notably:
- your IP. This is just a 32-bit (IPv4) or 128-bit (IPv6) number that uniquely identifies your computer in a interconnected network (hence Inter-net protocol). This can be looked up in various online databases to get a general location of where the IP address is in the world. It cannot be used to get your exact GPS location or your address. At best, it usually gets a 25 mile radius or so (to my knowledge). Moreover, most Internet providers use a thing called "DHCP" (Dynamic Host Control Protocol), DHCP allows an internet provider to dynamically assign IP addresses to users. Basically, you most likely have a dynamic IP, meaning that your IP can change. So, IP is pretty useless as an ID. The only people who really have a static IP are website owners (since configuring DNS is a pain.). Though, this website is actually hosted on a dynamic IP address.
- whether you supplied authentication credentials (eg: like http://user:[email protected]/) but that's an ancient thing. The only time this would ever show up is if you were snooping around restricted portions of the site (meaning you'd have to basically be a malicious user). IE: Normal users would never have this recorded.
- The timestamp of the request.
- The type of request (usually "GET" or "HEAD" depending on your browser. Likely "POST" if you submitted a form).
- The name of the page you loaded (such as "/sorabot/index.php?lolquerystring=yay" in https://emptysora.com/sorabot/index.php?lolquerystring=yay.) Do not store login information in the query string. Eg: Do not do this: index.php?username=blah&password=password.
- Your user agent string. This identifies what browser you have and what OS you use. eg: "Mozilla/5.0 (iPhone; CPU iPhone OS 1351 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1.1 Mobile/15E148 Safari/604.1". This is more used to detect capabilities. Eg: to enable mobile features, or to use browser specific features. There's really not that big a risk of sharing this. Though, fun fact, google uses the user agent string to purposefully downgrade users to old google layouts. so, eg: if you have Firefox v79 and you changed your useragent through about:config to "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:40.0) Gecko/20100101 Firefox/40.0" Google would likely show you the crappy old version of search/etc..
- The response code. This just says if it's an error, what kind of error, and so on. It's a three digit number. lookup "HTTP STATUS CODES" for more info.
- The response payload size. This is just how many bytes were sent to you. for a HEAD request (since it only fetches the metadata) this is 0.
- The TLS/SSL version and encryption cipher. Just a diagnostic tool. It's what kind of encryption protected your connection to the website. Ideally, you should use "TLSv1.3" (since the older ones are deprecated)
How this information is used
- It's never sold, shared, or so on. The only person that will see it is the owner of the website.
- The data is regularly aggregated, removing your IP address. This leaves no PII at all (not that there was any PII to begin with)
- In the off-chance the government subpoenas me, I'll be legally required to share the information collected (which, again, is basically nothing.)
- THAT IS ALL
Do Not Track (DNT)
It kind of fell flat, sadly, when it was proposed. DNT on this website, if set to "1" will do the following:
- prevent the Google Tag Manager code from being sent to your browser--implicitly opting you out of all tracking on this site. (Different story on twitch...).
- set the PHP session cookie to an expired value (effectively deleting it. There's no true way to delete a cookie. Moreover, PHP auto sets this. Hence, you'll see in the response headers that PHP set the LOLSESSION cookie, but then it sets it to "deleted" with an expired time of an hour ago.
- The Apache logs will not record your user agent string or IP address.
Sample log (without dnt):
::1 - - [31/Aug/2020:22:47:30 -0400] "GET /resources/stylesheets/main_dark.css?b HTTP/1.1" 200 4391 "http://localhost/about.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:82.0) Gecko/20100101 Firefox/82.0"Sample log (with dnt):
DNT - - [31/Aug/2020:22:47:30 -0400] "GET /resources/stylesheets/main_dark.css?b HTTP/1.1" 200 4391The two hyphens are "remote log name" and "remote user". ::1 is the IPv6 loopback address (in IPv4 this is 127.0.0.1), IE: it's localhost, or, rather, what the domain name "localhost" resolves to. The hostname and IP address will still be available to the server (and potentially used), however the IP and hostname etc. will not be stored in the log file.
- set the "x-sora-dnt-acknowledge" header to a non null value.
- Log a message in the error console to let you know that the tracking code hasn't been inserted (and that the session cookie was destroyed.)
Please note that if you access certain parts of the site (namely parts that require authentication), your IP address will still be logged. As a normal user of this website, you should never have that occur. Thus, it's reasonable to assume that your IP address will never be stored if you set the DNT header through your browser.
Basically, with DNT, now in a nutshell:
- NO PII IS COLLECTED
- NPI COLLECTED IS NEVER SHARED
- NO TRACKERS ARE USED
- THE ONLY COOKIES USED ARE SET BY CLOUDFLARE
- DNT IS [not] DEAD[?].
- THE NPI COLLECTED WILL NEVER BE ABLE TO IDENTIFY YOU AS A USER.
This website is intended only to be used by mature audiences. Children should receive their parents' permission before using website. Why? Profanity and rated MA or whatever games. Ignoring the legal text about doing blah blah best to make sure there aren't kids, in order to access the content that could be considered inappropriate for kids is through clicking through the mature warning on the embedded player. IE: Twitch, it's your ball park, not mine. As already stated, this website collects no PII. If you are concerned about that, please contact me. I am only a single person running this website, so don't expect a response immediately (or, sadly, at all... :( ). I might set up a filter in my GMAIL to auto filter and put the keyword here, that way I can set notifications on my phone.
Obviously, since I can't contact any users, it's impossible for me to tell you when this is updated. That's why the edited/created timestamps are listed above and why the Updates section exists.
This document governs how your privacy is handled on this website as well as what kinds of information are collected from you. Any capitalized terms not defined in this document are defined in our Terms and Conditions.
"Non Personal Information (NPI)" Any information collected from you that cannot be used to identify you as a person. This information is collected automatically by our website. While uncommon, this may also include any publicly available information that is shared between you and others.
"Personally Identifiable Information (PII)" Any non-public information that is collected from you in order to provide you with our services. This information may include your:
- e-mail address
- any other related information you provide to us or that we obtain
Information We Collect
During normal usage of this website, we do not collect any information from you.
Under no circumstances are you required to provide us with any of your Personally Identifiable Information to use this website.
Computer Information Collected
When you use our website, various systems may automatically collect and record information about your computer, your browser, or your interaction with the site. This information is typically considered Non Personal Information. See below for more information:
- Third Party Tracking Tools This website uses third party tracking utilities to help improve the performance and features of our Website. These utilities are designed only to collect Non-Personal Information regarding your use of our website. You are aware, however, that since these tools are created and managed by third-parties out of our control, we have no control over what information is actually captured and how such parties use and protect that information. Despite this, we can ensure that we will protect your information to the best of our ability.
- Automatic Information
We automatically receive information from your web browser or mobile device. The information we automatically collect from you is:
- the IP address of your computer/proxy that you used to access the Internet
- your web browser type (also known as your useragent string) which includes the following information:
- operating system
- operating system version
- web agent name
- web agent version
- basic browser capabilities
- the address of the page you have accessed
- other information about your request (including any submitted form information, document hashes, or query strings) This information is strictly for logging purposes, and it is in no way shared with any third party at any time.
How We Use Your Information
We use the information we receive from you as follows:
- Sharing Information with Affiliates and Other Third Parties Under no circumstances do we sell, rent, or otherwise provide your Personally Identifiable Information to third parties for any purposes.
- Data Aggregation We retain the right to collect and use any Non Personal Information collected from your use of our Website and aggregate such data for internal analytics that improve our website, services, and stream. We will not, under any circumstances, sell, or distribute this information to any third party. In addition, at no time is your Personally Identifiable Information ever included in such aggregations.
- Legally Required Releases of Information We may be legally required to disclose your Personally Identifiable Information, if such disclosure is (a) required by subpoena, law, or other legal process; (b) necessary to assist law enforcement officials or government enforcement agencies; (c) necessary to investigate violations of or otherwise enforce our Legal Terms; (d) necessary to protect us from legal action or claims from third parties including you and/or other Members; and/or (e) necessary to protect the legal rights, personal/real property, or personal safety of EmptySora_ and our affiliates.
Do Not Track ("DNT")
We do support the Do Not Track ("DNT") feature in modern web browsers. The purpose of this feature is to inform websites that you do not want to be tracked, and the option can be enabled or disabled by visiting your browser's preferences or settings page.
Protecting Your Child's Privacy
This website is designed mainly individuals over the age of 13 ("Child") in terms of content. However, it is entirely possible that a child may use our website or services. In such cases, if you are a Child, please seek the permission of a parent or guardian before using our website or services. If you are a parent or guardian and believe your child is utilizing this website or its services and would like to expunge any information related to your child's account, you may use the contact link in the footer to request that the information be expunged. Please keep in mind, however, that we may ask for verification of your relationship to the child before we honor such a request.
Links to Other Websites
If you have any questions about our Privacy Practices or this Policy, please contact us.
This section is provided for your convenience only. It should not be assumed that this section contains up to date information.
Monday, August 31, 2020
- Site now supports DNT, yayyyy!
- Fixed typos
- Modified some wording to be more in line with what is actually used on this website.
- Added the "Updates" section (transparency for the win.)
Your information is never shared with third parties, and never will be.