At Prowse Tech your privacy is important. I continually scan this website for security vulnerabilities and welcome any comments that you may have in this regard. One of my goals is to be vigilant—to always be watching for existing/potential vulnerabilities, as well as ways to increase the security of this website.
Let's break down what I do to increase your privacy and help keep your data secure.
Reduce the amount of data required
- Firstly, membership to this site is optional.
- If you do decide to become a member, you only need to enter a name and email address.
Note: I do not share this information with anyone.
- If you decide to become a premium, paying member, a form of payment is required. That is taken care of by the Stripe payment gateway, which only requires the bare minimum of information to make the payment.
Secure the connection to this website
- Every page on this website is secured via Transport Layer Security (TLS). When you see "HTTPS" in the URL of this website, you can be sure that it is using an updated version of TLS. You can also click on the padlock in the address bar to find out more about the specific TLS certificate in use.
- Any information that you might enter (name, email address, or comments) will be encrypted in transit.
- If you attempt to connect to any page on this website using "HTTP" it will be redirected to a protected "HTTPS" page.
- Themes that I use within this Ghost-based website are checked with the GScan tool.
- If you send me an email from a direct email link on this website, it is sent to me via the Proton mail service. This is a secure service that does not read or track your email message. (You can learn more about Proton here.) However, I have no control over what you use on your end!
Secure the content and storage of this website
I use the Ghost publishing platform and service for this website. Ghost takes care of security updates. They use an open source codebase which means it is constantly being peer-reviewed. Historically, this type of approach results in more secure code. To learn more about Ghost security measures, click here.
On my end, I use secure authentication methods when connecting to the Ghost console. This includes, but is not limited to, the use of minimum 140-bit, 24-character passwords which are created using a derivative of KeePass2 and stored locally in an encrypted drive. For more information about KeePass, click here.
Define cookies that are used
When you first connected to this site, you will undoubtedly have noticed the GDPR-compliant cookie banner that popped up. This gives you the ability to allow, reject, or customize how cookies work during your session with the website. While this is currently not required for connections that come from the United States, it is required for connections that initiate from the European Union. As I do not know (or track) where these connections come from, it becomes required to have the cookie banner. While these banners might be seen as a nuisance by some, they are placed there only to inform you, the user.
Reduce tracking cookies that are used
- The Ghost blogging system does not use tracking cookies by default.
- I do not personally run invasive analytics systems such as Google Analytics.
Now the question becomes, what to do about third parties?
- Free pages on this site often have embedded YouTube videos. To reduce the tracking cookies used by YouTube, every video uses the "youtube-nocookie.com" domain. However, if you play the video, YouTube will initiate cookies on your system. You have the ability to turn off these, and any other cookies, by modifying the cookie settings when you first access the site, or later by clicking the floating cookie in the lower left-hand corner of the screen.
- Paid Member-Only pages use Vimeo video embedding which has cookies turned off.
- I use Stripe as a payment gateway. This runs cookies on this website. However, these do not affect a member unless the member signs up for paid, tier content. In this case, cookies are required by Stripe for authentication, fraud prevention, functionality, and security. Otherwise, I disable preference, advertising, and analytics cookies from Stripe.
- I often link out to the O'Reilly training platform where I do live-stream training and have videos and books. These use safe session cookies.
- I am very careful with embedding in general and always question the need for any embeds or external linking before adding it. For example, quizzes on this website are simply collapsible content, instead of using an outside service. External links are legitimate, recognized sources of information such as Wikipedia, the IETF, Debian.org, and so on.
You can scan this site (and any other site) to check for cookies yourself and find out exactly what they do:
- With a website-based tool: for example, https://cookie-script.com
- With an extension: such as Privacy Badger
I highly recommend you do this to find out how any websites are tracking you, and what information (if any) they store.
Keep you informed
Finally, this page is all about informing you about your connection, data, and privacy. The more informed a user is, the more likely that user will have a secure and private experience. I welcome any comments via email.