Security and Privacy
The site has been designed to minimize security and privacy risks while still providing useful content, especially interactive code demonstrations and visualizations. This page will be updated periodically as the content and features change. For notes and commentary about security decisions, see the blog posts under “Security”.
Limited user tracking – We use piwik open source analytics platform to monitor website traffic and user interaction. You can opt out of this by setting your browser option to “Do Not Track“. Very simply, when you load any web page on this site, a small image (a ‘web bug’) is loaded from our analytics server. During this load process, information about your browser, language, and IP address is collected. The last byte of the IP address is masked, which makes it less specific to you and your geolocation.
No advertising-related tracking is done. This is in contrast to many (most?) web sites that use Google Analytics. This involves putting a small script on every page, and it passes nearly all your website activity back to Google, which they use for advertising purposes.
Client-side search is used, meaning that neither your search terms nor results go to any server. There is no advertising or advertising-related user tracking. This site does not access any information on your computer outside of the browser.
HTTP rather than HTTPS – This site uses HTTP (unencrypted) rather than HTTPS (encrypted) protocol between your browser and the web server (hosted by Github). The reason is that GitHub does not yet support HTTP for custom domain names like this one: “library.meritology.com”.
Cookies – The only use of “cookies” (local files managed by your browser) is to record your preferences for font size. If you disable cookies or browse in “private mode”, the site will work just fine.
Local Storage – A local, browser-only file system is available within codeboxes (e.g. for writing and reading CSV files), but this is in memory, not on disk, and therefore only lasts as long as your browser window is open.
Don’t enter confidential or proprietary information – With all this said, it would be prudent for users to not enter any confidential or proprietary information (data or programs) into the codeboxes or interactive editor. While this information stays within your browser (until you clear/erase history), there is a slight chance that an attacker could gain priviledged access to your browser, and therefore to the contents of the browser cache.
Trackers – font services, content delivery networks (CDN), etc.
Known Vulnerabilities – (To do)