The Anglo-Norman On-Line Hub
Dictionary Access
 

The Anglo-Norman On-Line Hub. Privacy and Security Information
 

Logging
 


The Anglo-Norman On-Line Hub, like most other public Internet sites, maintains logs of every transaction. These logs contain the following standard items, all taken from information which your machine sends to ours:
 
  1. The IP address which your client presents to the our server. In the vast majority of cases, it will be either a dynamic address, allocated to you on a per-session basis from a large pool of addresses assigned to your connection provider, or it will be the address of a proxy server through which that provider channels all requests for Web pages from your unit or locality. In order to identify you as the actual user whose transactions are logged in such a case, your connection provider would have to consult its own logs, which record which machine had which address (or was communicating via a local proxy) at a given time. This information is not available to us, though in many jurisdictions connection providers may be required to reveal it to law enforcement agencies investigating possible computer abuse. In the rare case where your machine has a permanently assigned IP address, it might be possible to link this address with your identity via various public databases, although that depends on the information disclosure policy of the provider or institution that assigned the fixed address to you in the first place. In any event, even in rare instances where publicly-available information, provided with your knowledge and consent, might make it theoretically possible to link the IP address to a specific machine (though never to a specific person), the ANOH makes no attempt to do so. We analyse the source address information purely to determine the broad geographical origins of our users.
  2. The time and date of each transaction with our server.
  3. The item requested and whether or not the request succeeded.
  4. The "referer" (the misspelling is now unfortunately part of an official W3C standard) in the case where you followed a link on the ANOH or some other site (the "referer" reported in the logs being the address of the page where that link is located).
  5. The search engine you used and the query terms you submitted to it, if you came to the site via a search engine.
  6. The name and version code of your browser, and your operating system (whose version number may also indicate which "service pack" you have installed, along in most cases with some indication of your hardware type). Some users have been led by anxiety-inducing "security" pundits, mostly trying to sell superfluous software, to install browser modifications which either remove or falsify this "user-agent" information. This is unwise. It deviates from accepted Internet guidelines, and it prevents the ANOH server from identifying your browser model and, if necessary and/or possible, adapting the pages it sends back to you to avoid certain known problems with that particular browser. It also lessens our ability to gauge which browsers on which platforms our users are currently employing, information which helps us configure and develop our service to better meet user needs.

None of this constitutes "personal data" in the sense of relevant UK or EU legislation. Please note that neither your email address nor any user id you may use to log into your local system is ever made available to our server when you use our site.
 


Session tracking and "Cookies"
 


HTTP, the "protocol" or set of communication rules and practices used to request and send information over the Web, is "stateless". That means essentially that each and every request you make to our server is, as far as that server is concerned, a wholly discrete event, in no way connected with any previous or subsequent requests from you, whether these other requests are seconds, days or months apart. That makes certain rather useful things somewhat tricky to provide. For example, users of the AND may well want to be able to review the entries they have already consulted without needing to keep a note of them at their end as they work. In order to make it possible to provide users with such a list of entries they have recently visited, we have to carry out what is called "session tracking", that is we have to employ some means of recognising that a given request comes from the same user as a previous one. The ANOH system employs two such methods: token-passing and session cookies. The third possible method, known as persistent cookies, is not used by the ANOH system at the present time.

The most reliable method is the use of session cookies. These are small pieces of data passed to and fro between your browser and the server, which allow the server to realise that a given request is from the same user as a previous one. (Note, however, that such cookies, as used on this site, reveal nothing else: the server knows via the cookie that two or more requests are from one and the same user, but it does not know who that user is. Of course if, as happens on some commercial sites, your are explicitly asked to provide information that identifies you by name or otherwise, then a server can tie that information to the cookie, which thus encodes your identity and allows your browsing behaviour to be linked to your personal details. It is this practice that has raised doubts about the security implications of cookie passing, but it is not employed by the ANOH system.) If your browser is configured in a standard way, these session cookies will be used and you need know or do nothing special. However, if your employer or institution has decided that session cookies constitute an unacceptable security risk then the "View entries visited" facility and the related "Bookmark this session" feature may not work properly. Where a browser blocks session cookies, the ANOH servers attempt to use an alternative method not requiring cookies ("token-passing"), but there are various circumstances in which this method cannot keep track of your session and thus cannot correctly maintain a list of entries visited for you. If you personally have decided to prevent your machine from accepting session cookies on security grounds, we advise you to reconfigure your browser so that it does allow session cookies to be exchanged with www.anglo-norman.net. All current browsers allow such settings to be made on a per-server basis. There is no need to allow what are called "persistent cookies" from our server, because we do not use them at the present time. The cookie you receive from our server will be deleted from your machine when you close down your browser.

If you wish to resume a session keeping the list of entries you visited in place, there is a means of doing this, described in the user guide. This sends you a special address containing a session token. If you use this address to start your next session, the server will find the list of entries visited associated with that session token and add them to the list it creates during your new session. Note that the server has no way of associating the data about entries visited with you personally. It identifies them purely by a session code which contains only information about the time the session began and on which of our multiple servers the entries associated with that session code are stored. The server cannot associate that information with you, unless you choose to start a new session by sending it back the session code concerned, and even then it "knows" nothing about you other than that you wish to be regarded as the same user who had that same session code on an earlier occasion.

   
    
The Anglo Norman Online Hub - Funded by
The Arts and Humanities Research Council