A Note on Data Retention, Privacy, and Current Events

If you haven't yet heard, the Department of Justice has served a search warrant to hosting provider Dreamhost, in which they demand a massive amount of data about—a site which helped organize protestors against the President's inauguration in January. These sorts of requests are not at all uncommon, but in this case the DOJ wants info about the site's visitors. What info? Pretty much all info. If you visited that site for any reason, the DOJ wants to know.

For its part, Dreamhost is doing its best to resist these demands.

Chris Ghazarian, [Dreamhost's] General Counsel, has taken issue with this particular search warrant for being a highly untargeted demand that chills free association and the right of free speech afforded by the Constitution.

Indeed it is, and good for Dreamhost. I am afraid we will be seeing a dramatic increase in this kind of overreach on the part of our current Department of Justice and the President it serves. What remains to be seen is whether these sorts of legal requests will hold up in the courts, and indeed, how many other hosting companies and cloud providers will play along with such requests. Many providers may do so without our ever hearing about it.

What This Means for LinkLocker

A site admin's best defense against this sort of fishing expedition is, of course, to retain as little user data as is necessary for the proper functioning of the service provided to those users. If there is no (or very little) data to provide, then by definition no (or very little) data can be provided.

As a reminder, LinkLocker stores no personal information about its users, other than the email addresses they use to log in1. Further, our policy is currently to delete the Web server's access logs on a rolling five-day basis. We therefore have zero data on who may or may not have visited the site more than five days previous to any given day.

In the interest of disclosure, it is as of this writing unclear whether our hosting provider retains any data on our visitors. We do not believe that they even can do so, but we cannot at present say so with absolute certainty. We have contacted them for clarity on this point, and once we have an answer one way or another we will update both this post and our privacy page with details.

Update, August 18, 2017: Our hosting provider has confirmed that they do not have a means of logging traffic or other data pertaining to visitors and/or users of our site.

  1. These email addresses may, of course, be throwaway addresses. Users are free to provide any email address they like, provided they can check that address at least once during the registration process.