I value privacy and would not imagine putting in my own blog the things I don’t like to find in too much other websites.
I therefore took specific measures to ensure that this website respects your privacy.
HTTPS-only website
All resources on this website are delivered through HTTPS, using a safe configuration rated A+ (as of December 9, 2017) with both Qualys SSL Labs and Mozilla Observatory tests.
This provides good guaranties that you are indeed talking to my website and that in-transit data will not be alterable or eavesdropable by a third-party.
No ads, no third-party resources
Some companies encourage webmasters to include some code snippet on their websites, like:
-
Advertisement allowing the webmaster to monetize his website.
-
Analytics libraries providing the webmaster free tools able to better shape visitor’s activity and optimize their website’s impact and profitability.
-
Social networks icons allowing visitors to more easily share a page on their favorite networks (and here again allowing the website to get more impact).
-
Bundled videos, allowing the visitor to watch an externally hosted video while keeping him on the current website.
-
Common libraries allowing the webmaster to take advantage of always up-to-date and fastly delivered Javascript files to add eye-catchy effects on the website.
-
Common fonts usable for free by the webmaster and fastly delivered.
-
Content delivery networks, allowing to duplicate website’s static content at several places of the Internet to deliver it faster to the visitor.
None of this comes for free. While these features may be very convenient for the webmaster, and may even directly or indirectly earn him money, they have a price: you, dear visitor.
Considered individually, none of these technologies represent any real threat. But now, imagine that more than 90% of the websites you are visiting, either directly or indirectly (bundled content, etc.), uses at least one of the services mentioned above.
Thanks to these “webmaster’s free services” each website you visit, your activity on these websites, up to your mouse cursor moves and keystrokes (even on non-submitted forms, see this article). At the end, these companies will have recorded your whole on-line activity, from public activity to private including intimate secrets.
Personally, I consider that if you browse my website, you somehow trust me. I would not break this trust by selling you to such practices.
No cookies
Cookies are not harmful by design, as they are in fact the more secure solution to implement authenticated sessions.
However, they also offer an easy way to uniquely identify and track a visitor to reconstruct its activity and profile him.
Here, as a visitor of this static website, there is no need of sessions, so no need of cookies.
No JavaScript
The same way, JavaScript is not harmful by design, as it is the safest way to add relatively advanced interactivity on a webpage (other ways such as Java applets, Flash or Silverlight plugins, etc. all failed in this regards).
However, JavaScript as a programming language can also be used for more dubious purposes, such as opening ranges of alternative ways to track users or, even worse, distribute malware and attempt to take over the visitor’s environment.
Recent versions of HTML and CSS have reduced the use-cases where JavaScript and Flash plugins remained required for a long time. Now videos can be directly embedded in HTML documents, and CSS supports dynamic effects such as animation and transformation.
On this blog a no-JavaScript policy is enforced site-wide. This means that, would some JavaScript code still manage to slip through, the webserver’s configuration will prevent your browser to execute it.
Note
For long it was hard or webmasters to rapidly take advantage of new technologies as they had to ensure backward compatibility with visitors using legacy browsers obsoleted since years.
With security becoming more a thing and large companies pushing to generalize HTTPS and safe cryptographic suites, people are now more encouraged to migrate to more current browsers as old browsers will simply not work anymore with more and more HTTPS websites.
As a side-effect this may accelerate new standards deployment.