Our Attempt at Writing an Honest Privacy Policy
neflabs.comNice to see a page load without a whole pile of cruft. Maybe the GDPR will be more effective than AMP at speeding up the web ;)
I've read the new policy. Are they really disabling all server logs? Maybe that's just me but that seems a bit extreme.
GDPR is a bit extreme. This isn't an observation on the goodness of it, simply that it requires extreme measures (relative to the status quo) for compliance.
If it's extreme it's because the status quo swung so far away from anything reasonable in terms of what people can expect.
What can be kept for legitimate business interests, security, etc. is quite extensive. Really the key is being transparent about it and making sure that people have the ability to know what is being kept and why.
that is not true being that extreme.
as per GDPR 6(1) grounds for processing can be (b) performance of contract, (c) compliance with legal obligations (d) vital interests of data subject - which can all cover logging ip addresses and user agents for network security reasons (for a short amount of time) to protect the user, which log files are often used for. (IANAL)
yup. lots and LOTS of misunderstanding about GDPR out there. there are plenty of “escapes” for stuff like this. you just have to be mindful, and do things deliberately, which is a good thing. bigger companies will want formal review processes as CYA.
Hi Boulth,
We chose to disable all server logs because we feel that it's the right thing to do.
We felt that our website should reflect the same mantra that we carry along with our products: we don't want your data.
We do not wish to track you. We wholeheartedly believe that our users have a right to a strong degree of digital privacy.
GDPR increases that, but we wanted to go a step beyond for this digital security component of our site.
Yes, why not just disable IP logging?
Because a browser User-Agent string is almost unique.
Not just user-agents, but the browser 'fingerprint'.. which includes how the thing is configured (along with user-agent).
Always interesting to see GDPR spurring actual changes. On an unrelated note though, is it just me or is the font on that page HUGE? It doesn't seem to resize either, I zoomed out to 30% and it's still giant.
Hi rococode, what are you viewing the site on? I'm curious if you're experiencing this is on something that's a bit out of the ordinary in terms of setup and whatnot. Regardless, I'm curious if we can do something.
You see, the font is indeed larger than other sites out there as NefLabs.com is designed in accordance with DOJ Section §508 best practices for the visually impaired. You can find additional information on this in the full Privacy Policy (https://neflabs.com/privacy/)
But, I don't think it should be as jarring as what you're describing. So, once again, I'm curious...
I'm using Chrome on a Retina Macbook Pro connected to a 20" 1080p display, it's definitely very large here.
Note, My vision isn't great, and on a phone, I've got accessibility set for text as the largest option... it's definitely too large on a big display.
Perhaps a baseline of 12-16pt would be more appropriate? Small devices should still show large enough.
Linux Chrome 65.0.3315.3. Resolution 2560x1440. Looks like it just gets bigger the larger the view width `font-size: 1.7vw;` Probably want to constrain that. See https://i.imgur.com/erOZkOT.png
Hey there, much appreciate the info/specs, and screenshot.
The site was designed using vw-sized fonts to maintain the same user experience no matter their resolution. But for really large monitors/resolutions, it can be jarring when users expect to see tiny fonts and need to scale them up. That said, we will add some CSS for larger monitors to address this, but it's a hack, as vw-width is true to the original design.
Steve, I'm no kind of expert on how to deliver web pages.
But you're being a bit obtuse. Several people here have complained about the typeface being huge and they're right. On my browser (Firefox Windows desktop), it's huge, like 45 or 50 points. And I couldn't reduce it by changing the zoom using the control-scroll wheel.
It was so annoying that I just closed the window. If you are interested in getting your message across to me personally, you're going to have to do it without forcing me to read it in fifty-point type.
I think the real issue here is that zooming does not fix it. I can understand most people don't test every screen size (although we test loads) and would be happy to zoom out for some pages. What I ended up doing was using dev tools to switch to a normal size which was kinda annoying.
Hey guys, apologies for taking a bit: we've been hard at work! Speaking of which, we made some modifications to our site. How does the display look now on your ends?
Firefox 59 on Linux. Font is reasonable but zooming the page does nothing except scrolling up and down.
I will second that the text is unreadably large on my large monitor: the characters are rendered in 41.9-point type. If I full-screen the window, it jumps up to 49-point type.
Firefox: all text is huge.
Chrome: text is reasonably sized.
Contact form: "4096-bit encrypted".
Hey dsr,
I'll take a look via Firefox on desktop a bit later as everything seems fine through the mobile browser.
Not sure what you're referring to regarding the contact form though?
4096-bit is likely an RSA key, correct?
Encrypting directly with RSA according to PKCS#1 is limited to a maximum of 501 bytes (key modulus - 11 bytes).
Generally RSA is not used to encrypt data directly, instead you encrypt an AES key with RSA then encrypt the data with that key.
https://stackoverflow.com/a/5586652
https://security.stackexchange.com/a/33445
Edit: the messages are from a character limited contact form so it's fine
It's an HTTP form sent over TLS.
