Onion Information

Page Clicks: 0

First Seen: 03/11/2024

Last Indexed: 10/21/2024

Domain Index Total: 190

Assuming data is a liability, how limited should data collection be to not require consent? I think temporary storage (a week or less) of access logs combined with low-entropy binary information (dark mode, is viewport narrower than what I test with, etc) is reasonable for a small operation. This holds if the data collection is clearly documented in a privacy policy, is Tor-friendly, and obeys signals like GPC. These access logs should exclude high-entropy headers like client hints. Larger operations should store even less since they have the means to correlate information from many sources. ipscrub comes to mind. The only long-term storage that should happen without consent is of bot traffic.