The privacy crowd seems to be incapable of grey areas. Are all these the same thing? Are they all the same severity of problem?

  - A web site logs traffic in a sort of defacto way, but no one actually reviews the traffic, and it's not sent to 3rd parties.

  - A government website uses a standard framework and that framework loads a google subdomain. In principle, Google could use this to track you but there's no evidence that this actually happens.

  - A website tracks user sessions so they can improve UI but don't sell that data to 3rd parties.

  - A website has many 3rd party domains, many of which are tracking domains.

  - Facebook knows exactly who you are and sells your information to real-time-bidding ad services.

  - Your cell phone's 3G connection must in principle triangulate you for the cell phone to function, but the resolution here is fuzzy.

  - You use Android and even when your GPS is turned "off" Google is still getting extremely high resolution of your location at all times and absolutely using that information to target you.

We all mess up and miss things, op has shown maturity enough to admit to their mistakes and improve from them.

My takeaway from this thread is an increased amount of trust in OP. Not because they made a mistake, but because of how they handled it. Well done OP!

I disagree. Like I said earlier :

Web server logs were not tied to user credentials in any way, they were used for debugging purposes and could not have been used to identify users.

Privacy was a joke--every time I gave someone my data that data got breached, including the US government.