This is not the first blog I had, but after the whole GDPR thing, it simply didn’t seem worth the time, too much of a hassle to do all the stuff that seems to be required nowadays. This is why I deactivated the old blogs and didn’t think about it much for a while.
Don’t get me wrong, the basic idea of the GDPR is great, giving back more control over your data back to you, forcing site owners to actually think about where they send their user’s data (instead of blindly stacking plugin upon plugin) and all that stuff. Also the fact that it unifies the rules instead of having different rules for each country, great. I really appreciate the idea behind the thing, but somehow, I feel the actual implementation is… lacking.
- Yes, if you commented, your username, email and written text would be stored here – what a surprise
- Yes, if you commented, the system would store your ip address because if you put illegal stuff there, I might need it – who would have expected that?
- Yes, if you commented, your data would be sent to some anti-spam system that will in some magical way decide if you are really a Nigerian prince or just a spammer – this must come as a shock… for everyone who has never seen spam before.
- Yes, if you commented and I used some stupid (gr-)avatar system, your username and email would also be sent there to see if you already got an avatar with them – no, really?
- Yes, like many others, I used google fonts here (because I have no clue about design and use a free template), which will be loaded from Google – another horrifying revelation!
- etc. etc. etc.
This is all not rocket science and for anyone with more than 5 minutes of internet experience it should be totally expected and not worth mentioning at all. Putting it into a much more formal version with legalese mixed in (“I may do this because of §123 of whatever and if you do not like it, see §234 of another whatever”…) does not make this any more clear or helpful, it’s ridiculous.
Let’s face it: I actually do not need anyone’s data. I do not care about how many people visit here. I do not do “market research”. Ok, it would be nice to allow comments here, but if I have to pay this with a 4-page document just to prevent getting into legal trouble for allowing people to voluntarily comment here… No, thank you (at least currently).
This is why I decided to go the other way… I stripped everything out that sends data to third-party websites, stores personal data (including log files and ip addresses) and produces cookies. This implies that there are no comments here on this page and the only way to contact me is e-mail. But at least, your personal data is safe.
Ironically, this lead to a surprising amount of work… I started by disabling all the comments, that’s easy. Next I needed to hide the login page (because it produces a cookie – also it’s improves security slightly) by changing the default url and by removing the link from the “meta” widget. But then, there are also google fonts and only Buerocratos (the god of people who care about this stuff) knows if I’m allowed to do that, so back to the drawing board and replace all links to google to local ones. Oh, I also found out that emojis are produced by some third-party site (instead of simply using Unicode ones), so I had to remove that, as well. In the end, we are talking about four different plugins here just to make it not collect or send any user data somewhere.