- We don’t collect any data about you. No telemetry, no trackers! Because Poke is free software, you can also check the source and self-host.
+We don’t collect personal data about you. No telemetry, no trackers, no profiling. The only “analytics” we ship is an optional poke-nginx-analytics script for server admins — and it runs locally, never phones home, and just reads your own logs. Because Poke is free software, you can check the source, self-host, and audit everything yourself.
Instance: poketube.fun
- Version date:
+ Version date:
- What’s New — Policy Update
- September 28, 2025
+ What’s New — Policy Updates
+ October 3, 2025
- We clarified how third-party requests work waaay better! Highlights:
+ Added a section for our server-admin script poke-nginx-analytics. TL;DR: it’s local-only, read-only, and configurable for privacy (IP masking, bot filtering). Source code is linked.
-
Weather pages:Open-Meteo forecasts are always proxied by our backend. Nominatim geocoding is proxied. Source links are provided for both flows.
+ Welcome to Poke’s Privacy Policy. We don’t collect personal data about you, we don’t run telemetry, and we don’t track you around the web.
+ The only “analytics” involved is an optional poke-nginx-analytics script for server operators, which runs locally on their own machines,
+ never phones home, and only summarizes their own access logs.
+ Poke is free software you can read, remix, and run yourself.
+
+
Not legal advice lol
+
-
-
-
Preamble
-
- Welcome to Poke’s Privacy Policy. We don’t collect data about you and we don’t run telemetry. Poke is free software you can read, remix, and run yourself.
-
-
Not legal advice lol
-
-
-
-
-
TL;DR
-
-
-
-
No data collected. at all!!
-
No telemetry. We don’t phone home.
-
No third-party trackers. Yippe!!
-
YouTube can’t see what you watch here. Its all done on the backend.
-
-
-
-
-
Poke Account: no email required, no personal info needed.
-
Poke Maps: uses OpenStreetMap data; map tiles/attribution may have separate privacy rules depending on the tile server you use.
-
No required cookies. Preferences (like theme or layout) may live in local storage on your device.
-
-
-
-
+
+
+
TL;DR
+
+
+
+
No personal data collected. nothing about you is stored.
+
No telemetry. We don’t phone home.
+
No third-party trackers. Yippe!!
+
YouTube can’t see what you watch here. It’s all done on the backend.
+
+
+
+
+
Poke Account: no email required, no personal info needed.
+
Poke Maps: uses OpenStreetMap data; tile servers have their own privacy rules.
+
Optional server admin tool:poke-nginx-analytics is local-only, read-only, and never sends data anywhere.
+
No required cookies. Preferences (like theme or layout) may live in local storage on your device.
Forecast data:
- open-meteo.com.
- Privacy: Open-Meteo Terms & Privacy.
-
- Forecast queries are always proxied through Poke’s backend, so your browser never connects to Open-Meteo directly.
- Only the necessary query parameters (latitude, longitude, units, etc.) are forwarded by the server.
- see the source for this
- here..
+ open-meteo.com.
+ Forecast queries are proxied through Poke’s backend so your browser never connects to Open-Meteo directly.
@@ -576,16 +565,14 @@
from (source language), to (target language), and text (the content you entered).
Your browser never connects to SimplyTranslate.org directly.
+
+
+
+
+
Third-Party Requests & Proxy
- We rely on the community-run
- SimplyTranslate service (a privacy-friendly
- translation front-end). SimplyTranslate is a free software project: you can see the
- source code and its
- legal notice.
- Our backend integration is handled in
-
- Poke’s server code
- .
+ Where external services are necessary (maps, weather, translation), Poke uses server-side proxying to avoid exposing your browser directly.
+ We don’t inject trackers into proxied calls. External services have their own privacy terms that apply to those specific requests.
@@ -593,7 +580,7 @@
API Logs Policy
- When you request any resource from the poke api (for example: thumbnails, API endpoint) information about the request may be logged.
+ When you request any resource from the Poke API (for example: thumbnails, API endpoint) information about the request may be logged.
- This website does not store the visitor’s user-agent or IP address and does not use fingerprinting, advertisements, or tracking of any form.
+ This website does not store the visitor’s user-agent and does not use fingerprinting, advertisements, or tracking of any form.
+
+
Server Admin Tool: poke-nginx-analytics
+
+ We ship an optional, admin-side shell script to help operators understand IPv4/IPv6 traffic and status codes from their own servers’ Nginx access logs.
+ It’s free software and lives here:
+
+ backend-services/scripts/poke-nginx-analytics.sh
+ .
+
+
+
+ Privacy : the script is local-only and read-only. It makes no network requests, writes no files by default, and sends nothing anywhere. It just reads the log files you point it at and prints aggregate counts to your terminal.
+
+
+
What it reads from your logs
+
+ The script parses standard Nginx access logs (including rotated .1 and compressed .gz) using the fields already present in your log format:
+
+
+
Client IP (first field) — used to tell IPv4 vs IPv6 and to compute counts/uniques; display can be masked via --anonip.
+
Timestamp (e.g., [02/Oct/2025:14:03:12 +0000]) — used for --date, --since, --until, and hourly breakdowns.
+
Status code (e.g., 200, 404, 502) — used for success/fail tallies and “top fail reasons.”
+
User-Agent (last quoted field) — only to optionally filter bots when --ignore-bots (or a custom --bot-regex) is used.
+
+
It does not collect any new data, fingerprint users, or correlate logs with other sources.
+
+
How it decides “success” vs “fail”
+
+
By default, “success” is the set 200,301,302,304.
+
You can override with --success-codes or a regex via --success-regex (e.g., ^(2..|3..)$). If both are provided, regex wins.
+
“Fail” is simply “not success.”
+
+
+
What it outputs (to your terminal)
+
+
Counts and percentages of IPv4 vs IPv6 for today (or a specified date/time window).
+
Success-only and fail-only views; an overall success rate with totals.
+
Hourly breakdown (v4/v6/total) and status-code breakdown for v4 or v6.
+
Unique IP counts for v4 and v6; if --anonip is set, displayed IPs are masked (IPv4 → /24; IPv6 → /64).
+
Top IPs (v4 or v6) with optional masking and bot filtering.
+
Top 5 failure reasons (status codes aggregated across v4+v6). Some common meanings:
+
500/502/503/504 — upstream/app issues or timeouts.
+
+
+
+
+
How it works (under the hood)
+
+
Expands your --file glob (default /var/log/nginx/access.log*), reads each file with cat/zcat.
+
Uses awk to:
+
+
Detect IPv4 vs IPv6 by regex.
+
Match the requested date and optional time window (--since/--until).
+
Classify success/fail via your codes or regex.
+
Optionally filter bots by User-Agent (--ignore-bots / --bot-regex).
+
Optionally anonymize IPs for display (--anonip).
+
Aggregate counts and print sorted summaries; shows “top fails” by frequency.
+
+
+
Handles rotated and .gz logs automatically.
+
Does not modify logs or your Nginx config.
+
+
+
What it does not do
+
+
No storage by default. Output is ephemeral in your terminal unless you redirect it (e.g., > report.txt).
+
No identification or profiling. It does not attempt to identify people; it just counts what’s already in your logs.
+
+
+
+
@@ -776,7 +839,7 @@ EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH D
// Dismissible privacy update (persists in localStorage)
const updateBox = document.getElementById('whats-new');
const dismissBtn = document.getElementById('dismissUpdate');
- const STORAGE_KEY = 'poke_privacy_update_2025_09_17_dismissed';
+ const STORAGE_KEY = 'poke_privacy_update_2025_10_03_dismissed';
try {
if (localStorage.getItem(STORAGE_KEY) === '1') {
updateBox && (updateBox.hidden = true);