diff --git a/drop_privileges.go b/drop_privileges.go
index b80fd6d..6b94e57 100644
--- a/drop_privileges.go
+++ b/drop_privileges.go
@@ -27,8 +27,7 @@ func dropPrivileges(userToSwitchTo string) {
 	// Check supplementary groups.
 	groups, err := syscall.Getgroups()
 	if err != nil {
-		fmt.Println(err)
-		os.Exit(1)
+		fatalError(err)
 	}
 	for _, groupID := range groups {
 		if groupID == 0 {
@@ -43,60 +42,53 @@ func dropPrivileges(userToSwitchTo string) {
 			fmt.Println("When running as root, use the -u option to switch to an unprivileged user.")
 			os.Exit(1)
 		} else if rootPrimaryGroup || rootSupplementaryGroup {
-			fmt.Println("The user running the program is in the root group;")
-			fmt.Println("use the -u option to switch to an unprivileged user.")
-			os.Exit(1)
+			fatalError("The user running the program is in the root group;\n" +
+				"use the -u option to switch to an unprivileged user.")
 		}
 
-	} else {  // userToSwitchTo != ""
+	} else { // userToSwitchTo != ""
 
 		// Get user and group IDs for the user we want to switch to.
 		userInfo, err := user.Lookup(userToSwitchTo)
 		if err != nil {
-			fmt.Println(err)
-			os.Exit(1)
+			fatalError(err)
 		}
 		// Convert group id and user id from string to int.
 		gid, err := strconv.Atoi(userInfo.Gid)
 		if err != nil {
-			fmt.Println(err)
-			os.Exit(1)
+			fatalError(err)
 		}
 		uid, err := strconv.Atoi(userInfo.Uid)
 		if err != nil {
-			fmt.Println(err)
-			os.Exit(1)
+			fatalError(err)
 		}
 		// If the user we want to switch to has root privileges, stop execution.
 		if uid == 0 || gid == 0 {
-			fmt.Println("Running as root is not allowed.")
-			os.Exit(1)
+			fatalError("Running as root is not allowed.")
 		}
 		// Unset supplementary group IDs.
 		err = syscall.Setgroups([]int{})
 		if err != nil {
-			fmt.Println("Failed to unset supplementary group IDs: " + err.Error())
+			fmt.Fprintln(os.Stderr,
+				"Failed to unset supplementary group IDs: "+err.Error())
 			if rootSupplementaryGroup {
-				fmt.Println("Failed to drop root privileges. Exiting...")
-				os.Exit(1)
+				fatalError("Failed to drop root privileges. Exiting...")
 			}
 		}
 		// Set group ID (real and effective).
 		err = syscall.Setgid(gid)
 		if err != nil {
-			fmt.Println("Failed to set group ID: " + err.Error())
+			fmt.Fprintln(os.Stderr, "Failed to set group ID: "+err.Error())
 			if rootPrimaryGroup {
-				fmt.Println("Failed to drop root privileges. Exiting...")
-				os.Exit(1)
+				fatalError("Failed to drop root privileges. Exiting...")
 			}
 		}
 		// Set user ID (real and effective).
 		err = syscall.Setuid(uid)
 		if err != nil {
-			fmt.Println("Failed to set user ID: " + err.Error())
+			fmt.Fprintln(os.Stderr, "Failed to set user ID: "+err.Error())
 			if rootUser {
-				fmt.Println("Failed to drop root privileges. Exiting...")
-				os.Exit(1)
+				fatalError("Failed to drop root privileges. Exiting...")
 			}
 		}
 
diff --git a/server.go b/server.go
index 8df71e0..6827b93 100644
--- a/server.go
+++ b/server.go
@@ -9,11 +9,11 @@ import (
 	"encoding/binary"
 	"encoding/json"
 	"flag"
-	"fmt"
 	"io"
 	"log"
 	"net"
 	"net/url"
+	"os"
 	"strings"
 	"time"
 )
@@ -34,6 +34,14 @@ func (c prefixConn) Read(p []byte) (int, error) {
 	return c.Reader.Read(p)
 }
 
+// Output to stderr and exit with error code 1.
+// Like log.Fatal, but without the date&time prefix.
+// Used before starting the server loop.
+func fatalError(err ...any) {
+	logger := log.New(os.Stderr, "", 0)
+	logger.Fatal(err...)
+}
+
 const html = `<!DOCTYPE html>
 <html lang="en">
 <meta charset="utf-8">
@@ -275,15 +283,13 @@ func main() {
 	flag.Parse()
 	hostAndPort = flag.Arg(0)
 	if certFile == "" || keyFile == "" || hostAndPort == "" {
-		fmt.Println("usage: client-hello-mirror -c cert.pem -k key.pem [-u user] host:port")
-		return
+		fatalError("usage: client-hello-mirror -c cert.pem -k key.pem [-u user] host:port")
 	}
 
 	// Load cert
 	cert, err := tls.LoadX509KeyPair(certFile, keyFile)
 	if err != nil {
-		log.Fatal(err)
-		return
+		fatalError(err)
 	}
 	// TLS config
 	tlsConfig := tls.Config{
@@ -295,8 +301,7 @@ func main() {
 	// Listen for connections
 	ln, err := net.Listen("tcp", hostAndPort)
 	if err != nil {
-		log.Println(err)
-		return
+		fatalError(err)
 	}
 	defer ln.Close()