Mobile app version of vmapp.org
Login or Join
Annie201

: Is a privacy policy page really necessary on pages designed for potential hackers? I have a system setup on my server where users who consistently refresh the page at a ridiculously high rate

@Annie201

Posted in: #Hacking #PrivacyPolicy #TermsOfUse #WebsiteFeatures

I have a system setup on my server where users who consistently refresh the page at a ridiculously high rate are redirected to a special page where they have to wait a certain amount of time or to enter a special code to continue.

As I was using powermapper to test the normal site for compliance in other factors, the testing utility apparently got filtered out and it ended up testing my flagging page instead. One thing it reported to me is this:


"This page has no privacy policy. If your web server logs visits, then every page reachable by a search engine should have a privacy policy explaining what is logged and how the logs are used.
Line 1 EU Privacy Regulations"

"This page uses cookies and has no obvious privacy policy. Companies in the EU using cookies must comply with the Privacy and Electronic Communications (EC Directive) Regulations 2003 by providing a privacy policy. Cookies: UBC=YSWWSTT
Line 1 EU Privacy Regulations"

"The EC Privacy Regulations carry a maximum fine of £5,000 / €7,000 for failure to comply. To comply, place a link on every page labeled "Privacy Policy" referring to a page describing how your site uses cookies, and how to disable them."


I just think its nonsense to enable a separate privacy page to the screens that potential hackers and high-speed bots can see. Currently I have it set so the page only appears to anything that makes over 15 requests within a one-second time frame to a domain where the normal requests per second is roughly 4.

So I'm curious. Is a privacy policy on such pages a necessity?

I do have a privacy policy with terms and conditions on my normal site.

10.01% popularity Vote Up Vote Down


Login to follow query

More posts by @Annie201

1 Comments

Sorted by latest first Latest Oldest Best

 

@Berumen354

While the EU law states that it covers sites aimed at EU users if you are not specifically targeting EU users then you should have no issues. Even assuming you do need to comply with the EU directive automated testing tools have no way to identify the difference between a security capture page and the standard site. You should be able to safely ignore that warning and if it comes to be an issue at a later date simply point to the privacy policy on your main page and state that it is there and that the page that doesn't have it is a security warning page for when users attempt to flood the server with too many connections at the same time. and that it is designed to capture bots and not humans which SHOULD protect you however as with every legal question asked on here regarding the EU directives, while most of us have a doesn't apply to us opinion those are only our opinions and if you are terribly concerned about it then best to speak to a legal professional.

10% popularity Vote Up Vote Down


Back to top | Use Dark Theme