Difference between revisions of "404.city: Privacy Policy"

From WIKI
 
(21 intermediate revisions by the same user not shown)
Line 1: Line 1:
== General rules ==
+
[[File:Privacy icon.svg|500px|thumb| We are trying to protect you from mass surveillance, but you should remember that you should always use e2e encryption to increase security]]
 +
We try to provide a high class of privacy and not to store data in a larger size than is necessary for the operation of the server. We deny any unencrypted connections to the server and do not connect with servers that have invalid security certificates. Your passwords are stored in a database in a salt hash and we cannot view your password.
  
* We store metadata necessary for server operation and anti-spam protection. This metadata includes information about connection, user-agent, contact list, username, last used ip address
+
An XMPP server is nothing more than a regular router distributing message delivery to addresses.
* We store the passwords as salted hashes.
 
* We store the message archive (MAM) if message archiving is enabled in settings of your XMPP client. The laws on secrecy of correspondence forbid us to read any messages. If you are concerned about storing messages, use e2e encryption where the encryption key is stored only on devices of communicating users. Without the key it is impossible to read your messages. Messages from the MAM archive are deleted after 7 days. You can disable message archiving (XEP-0313) in the settings of your XMPP client (Conversations or Gajim)
 
* Sent files are automatically deleted after 7 days
 
* Incactive accounts will be deleted not later than after 404 days of inactivity
 
  
== Transfer of data ==
+
You must understand that your privacy is up to you. Use e2e encryption always in personal conversations. We can not access your messages if you use  e2e encryption (OMEMO/PGP/OTR). We also do not read any unencrypted private messages. The law on keeping the privacy of personal correspondence prohibits the reading of personal correspondence.
  
* Illegal activities are not protected by the privacy policy. We will provide the data about criminal activities if it is required by the police of EU or USA. We require official documents before submitting the data.
+
To synchronize multiple devices, the default is to use the message archive. You can disable the message archive in the XMPP client settings. In order to increase privacy, the archive of messages is deleted after 7 days. Files you send also are deleted after seven days. If you use OMEMO or OTR encryption , messages cannot be re-decrypted, even if you have access to the archive with your key (session keys are deleted). PGP allows you to decrypt old messages from the archive, if you have your private key.
* We do not cooperate with some countries that violate human rights
 
  
== Statistics transfer of data ==
+
The server keeps logs of IP address connections. We think that it is wrong to deceive users that the logs do not save. Many servers claim that they are not save logs, they are fools or deceivers.
 +
Even if the server does not keep logs, Internet service providers routers keep logs. Additional logs lead protection systems from DDoS-Attack in data centers. The Internet can not exist without connection logs and routing.
  
 +
We store your contact list, connection time and IP address. We are not located on the surface of Mars and we will be obliged (as anyone else) to provide this data by officially confirmed  government request in the United States or the European Union.
 +
 +
== Canary: Statistics transfer of data ==
 
* Received official requests for disclosure of user data in 2015: 0
 
* Received official requests for disclosure of user data in 2015: 0
 
* Received official requests for disclosure of user data in 2016: 0
 
* Received official requests for disclosure of user data in 2016: 0
Line 20: Line 20:
 
* Received official requests for disclosure of user data in 2019: 0
 
* Received official requests for disclosure of user data in 2019: 0
  
* Refused in compliance with unofficial requests for disclosure of user data (All time): 5
+
Us have already tried to bribe or cheat. We do not sell the data of our users for any amount. Any requests are checked.Any unofficial requests will be  verification and rejected. Refused in compliance with unofficial requests for disclosure of user data (All time): 5
 
      
 
      
  
 
'''This page is subject to change without notice.This is translated by machine translation'''
 
'''This page is subject to change without notice.This is translated by machine translation'''
 +
[[Category:404.city]]

Latest revision as of 16:56, 14 June 2019

We are trying to protect you from mass surveillance, but you should remember that you should always use e2e encryption to increase security

We try to provide a high class of privacy and not to store data in a larger size than is necessary for the operation of the server. We deny any unencrypted connections to the server and do not connect with servers that have invalid security certificates. Your passwords are stored in a database in a salt hash and we cannot view your password.

An XMPP server is nothing more than a regular router distributing message delivery to addresses.

You must understand that your privacy is up to you. Use e2e encryption always in personal conversations. We can not access your messages if you use e2e encryption (OMEMO/PGP/OTR). We also do not read any unencrypted private messages. The law on keeping the privacy of personal correspondence prohibits the reading of personal correspondence.

To synchronize multiple devices, the default is to use the message archive. You can disable the message archive in the XMPP client settings. In order to increase privacy, the archive of messages is deleted after 7 days. Files you send also are deleted after seven days. If you use OMEMO or OTR encryption , messages cannot be re-decrypted, even if you have access to the archive with your key (session keys are deleted). PGP allows you to decrypt old messages from the archive, if you have your private key.

The server keeps logs of IP address connections. We think that it is wrong to deceive users that the logs do not save. Many servers claim that they are not save logs, they are fools or deceivers. Even if the server does not keep logs, Internet service providers routers keep logs. Additional logs lead protection systems from DDoS-Attack in data centers. The Internet can not exist without connection logs and routing.

We store your contact list, connection time and IP address. We are not located on the surface of Mars and we will be obliged (as anyone else) to provide this data by officially confirmed government request in the United States or the European Union.

Canary: Statistics transfer of data

  • Received official requests for disclosure of user data in 2015: 0
  • Received official requests for disclosure of user data in 2016: 0
  • Received official requests for disclosure of user data in 2017: 0
  • Received official requests for disclosure of user data in 2018: 0
  • Received official requests for disclosure of user data in 2019: 0

Us have already tried to bribe or cheat. We do not sell the data of our users for any amount. Any requests are checked.Any unofficial requests will be verification and rejected. Refused in compliance with unofficial requests for disclosure of user data (All time): 5


This page is subject to change without notice.This is translated by machine translation