Over at #PageKite, I blogged a "Happy GDPR Day!" blog post:
http://pagekite.net/2018-05-25/Happy_GDPR_Day!
We didn't send anyone any cringe-worthy e-mails, because we're not that kind of business. AFAICT, our TOS and practices were already just fine.
But I wrote a little bit about how we handle our users' data. People deserve to know.
Heh, so Mastodon won't let me put exclamation marks in URLs, eh?
Boo!
Oh well, fixed at the source. If you followed the link and got a 404, reload.
Ugh. That should also have been an https:// link... gotta set up a redirect one of these days.
Anyway. This all reminds me of one of my little dorky jokes.
You know how websites have a robots.txt file that tells robots how to behave?
PageKite has a humans.txt file: https://pagekite.net/humans.txt
Why is that not the standard URL for terms of service everywhere?
@HerraBRE wheni have physical access to your server I own it - you must host yourself
@yukiame That's a security absolutist fallacy.
Hosting myself is a trade-off. Am I better at guaranteeing physical security than a professional provider? Will the reduced uptime be justified?
If the answer to either question is No, the data is better off with a professional, and things are secured the way everything else on this planet is secured: through contracts, laws, and social trust.
@HerraBRE bah BS there is only Blockchain
@yukiame OK, you win. ๐
@kaniini @yukiame Multiple colo'ed servers is an option.
But at my scale just getting that operational with comparable uptime to what I have today, would be - relatively speaking - very expensive.
It's a tiny business with little revenue. And I myself am very time constrained. Is addressing this the best use of that time and money?
Considering the actual PII that I am responsible for (very little), and the current risk profile, I don't think so.
@HerraBRE lots of people use humans.txt to credit the humans that built the service; there's even an informal mini standard:
http://humanstxt.org/
@npd Yeah, I saw that a while back. I prefer my joke. ๐
I updated the PageKite Data Processing Statement with some words about VPS providers.
Aside from annoying tax-related data retention requirements, renting VPSes from 3rd parties is in many ways the "weak link" limiting what security promises I can make to my users.
Although I don't believe my providers will hack into my servers and steal data from their disks, how would I even know?
I've often pondered whether I should move the Account DB and order processing to hardware I own & host myself.