Bondline is provided by volunteers. As such, you visitors and contributors to Bondline should not expect your security or privacy is protected. We do our best, and we have good intentions, but we do not have the resources of more formal organizations. For that reason, Bondline may be less secure than services with more resources or expertise. That might mean Bondline is more likely to disclose information about you that you didn't expect or cause security problems on your computers.
That said, we respect your privacy and security, and we have a little expertise in protecting them, so we believe you can use Bondline with confidence.
Bondline collects data in several ways:
- Bondline logs your visits. Your full IP address is recorded.
- If you log in to Bondline and contribute, your contributions are linked to your Bondline account for all to see.
- We do our best not to disclose your email address directly, but you can choose to allow other logged-in Bondline contributors to send you messages that will be delivered to you by email.
- If you choose a Bondline username or register with an email address that's similar to those you use on other web services, it's likely that anyone can guess your username or email address on those other services and so correlate your activity across several web sites.
- We do our best not to disclose your password, but mistakes happen. If you use the same password on Bondline as on other web sites, and a data breach occurs on Bondline or elsewhere, it's likely an attacker could pose as you on several web sites. If you use sensitive web sites (your job, bank, or private communications), be sure to know and apply good practices to protect your privacy.
Here are a few ways we try to protect your privacy and security:
- We use Mediawiki software, the same software used by Wikipedia. That means we benefit from the expertise of many developers around the world. Other open-source software behind Bondline includes Ubuntu, Apache, MySQL, Imagemagick, Memcached, and much more. All of the software behind Bondline is available for inspection by experts, and none of the software is encumbered by licensing or other legal restrictions, as best we can determine. We hope this minimizes the risk that Bondline or you contributors can be victimized by unscrupulous people or organizations.
- We keep the software up to date as best we can. That means when vulnerabilities are discovered in the software, they affect Bondline as little as possible.
- We don't use third-party services, such as Google Analytics or Facebook "Like" buttons, that routinely track you as you browse the web. Note, however, that we do use Google's CAPTCHA service to reduce spam. We haven't investigated the privacy implications of Google CAPTCHA, but we have confirmed that the Mediawiki software does not track you when you read Bondline. It is used only when you are first log in to Bondline, and when you submit or edit material.
- Steve Williams installed in a facility operated by Monkeybrains, a commercial host with a long track record of respecting privacy and pretty good contracts with its commercial landlord and upstream internet access providers. As such, your contributions to Bondline were less likely to be quashed by bogus legal demands, and your use of Bondline was less likely to be disclosed by our providers.
Later, Bondline moved to a commercial, shared hosting provider, again one with a good privacy track record. When Steve found out that provider had been sold to GoDaddy, a company known for dubious business practices, he moved Bondline to DigitalOcean, another commercial hosting provider that gives customers like us excellent control over our virtual servers.
(Here's a referral link to DigitalOcean. If you use that link open a DigitalOcean account, Steve's account will get a small reward, helping to defray the cost of running Bondline.)
Steve almost certainly will be notified of any legal demands before action is taken, and he'll try to contact you before taking action that affects your contributions or your privacy.
Where could we do better?
- We retain web server logs and web analytics data. It'd probably be better to delete all such logs routinely and often. But we like to know how people use Bondline, and it's harder to do that while aggressively deleting logs. Maybe you have some expertise in this area and would like to help!
(As of January 5, 2011, this document had a Flesch-Kincaid Grade Level of about 11 according to Added Bytes. A Grade Level of 8 would be preferable, to better serve all readers. If you'd like to take a stab at improving the readability of this page, your efforts are welcome!)