Bondline:Privacy policy

From Bondline
Revision as of 08:35, 1 January 2011 by Sbw (talk | contribs) (Created page with "Bondline is provided by volunteers. As such, you visitors and contributors to Bondline should not expect your security or privacy is protected. We do our best, and we have good...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Bondline is provided by volunteers. As such, you visitors and contributors to Bondline should not expect your security or privacy is protected. We do our best, and we have good intentions, but we do not have the resources of more formal organizations, so it's more likely Bondline might disclose information about you that you didn't anticipate or cause security problems on your computers than when you use services with more resources or expertise.

That said, we respect your privacy and security, and we have a little expertise in protecting them, so we believe you can use Bondline with confidence.

Bondline collects data in several ways:

  • Bondline logs your visits to the site. Your full IP address is recorded.
  • If you choose to allow Bondline to run Javascript on your computer, Bondline records a good deal of information about you and your computer. In particular, Bondline tracks each of your visits to the web site as you move from page to page. Bondline records your operating system, web browser, window size, and lots of other details of your computer's configuration. In practice, that information uniquely identifies you (not just your computer).
  • If you log in to Bondline and contribute, your contributions are linked to your Bondline account for all to see. We do our best not to disclose your email address directly, but you can choose to allow other logged-in Bondline contributors to send you messages that will be delivered to you by email.
  • If you choose a Bondline username or register with an email address that's similar to those you use on other web services, it's likely that anyone can guess your username or email address on those other services and so correlate your activity across several web sites.
  • We do our best not to disclose your password, but mistakes happen. If you use the same password on Bondline and on other web sites, and a data breach occurs on Bondline or elsewhere, it's likely an attacker could pose as you on several web sites. If you use sensitive web sites (your job, bank, or private communications), be sure to know and apply good practices to protect your privacy.

Here are a few ways we try to protect your privacy and security:

  • We use Mediawiki software, the same software used by Wikipedia. That means we benefit from the expertise of many developers around the world. Other open-source software behind Bondline includes FreeBSD, Apache, MySQL, Imagemagick, Piwik, and much more. All of the software behind Bondline is available for inspection by experts, and none of the software is encumbered by licensing or other legal restrictions, as best we can determine. We hope this minimizes the risk that Bondline or you contributors can be victimized by unscrupulous organizations.
  • We keep the software up to date as best we can. That means when vulnerabilities are discovered in the software, they affect Bondline as little as possible.
  • We don't use third-party services, such as Google Analytics or Facebook "Like" buttons, that routinely track you as you browse the web.
  • Bondline relies as little as possible on commercial internet providers. Bondline runs on a server owned by Steve Williams installed in a facility operated by the non-commercial San Francisco Community Colocation Project, which has pretty good contracts with its commercial landlord and upstream internet access providers. This means that your contributions to Bondline are less likely to be quashed by bogus legal demands, and your use of Bondline is less likely to be disclosed by our providers. Steve almost certainly will be notified of any legal demands before action is taken, and he'll try to contact you before taking action that affects your contributions or your privacy.

Where could we do better?

  • We retain web server logs and web analytics data. It'd probably be better to delete all such logs routinely and often. But we like to know people use Bondline, and it'd take more volunteer effort to get that understanding while aggressively deleting logs. Maybe you have some expertise in this area and would like to help!

Please help improve this privacy policy! We want this to be understandable by non-technical visitors and contributors. And we want this to serve as one example of how volunteer projects can be clear about their intentions and give their communities realistic expectations about privacy and security, and maybe even help their community members protect themselves better.