Bondline:Privacy policy

From Bondline
Revision as of 07:47, 28 June 2020 by Sbw (talk | contribs) (Added Google CAPTCHA disclosure.)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Bondline Sysop Steve Williams

Bondline is provided by volunteers. As such, you visitors and contributors to Bondline should not expect your security or privacy is protected. We do our best, and we have good intentions, but we do not have the resources of more formal organizations. For that reason, Bondline may be less secure than services with more resources or expertise. That might mean Bondline is more likely to disclose information about you that you didn't expect or cause security problems on your computers.

That said, we respect your privacy and security, and we have a little expertise in protecting them, so we believe you can use Bondline with confidence.

Bondline collects data in several ways:

  • Bondline logs your visits. Your full IP address is recorded.
  • If you choose to allow Bondline to run Javascript on your computer, Bondline records a good deal of information about you and your computer. In particular, Bondline tracks each of your visits to the web site as you move from page to page and when you follow links from Bondline to other web sites. Bondline records your operating system, web browser, window size, and lots of other details of your computer's configuration. In practice, that information uniquely identifies your computer, and it may identify you personally.
  • If you log in to Bondline and contribute, your contributions are linked to your Bondline account for all to see.
  • We do our best not to disclose your email address directly, but you can choose to allow other logged-in Bondline contributors to send you messages that will be delivered to you by email.
  • If you choose a Bondline username or register with an email address that's similar to those you use on other web services, it's likely that anyone can guess your username or email address on those other services and so correlate your activity across several web sites.
  • We do our best not to disclose your password, but mistakes happen. If you use the same password on Bondline as on other web sites, and a data breach occurs on Bondline or elsewhere, it's likely an attacker could pose as you on several web sites. If you use sensitive web sites (your job, bank, or private communications), be sure to know and apply good practices to protect your privacy.

Here are a few ways we try to protect your privacy and security:

  • We use Mediawiki software, the same software used by Wikipedia. That means we benefit from the expertise of many developers around the world. Other open-source software behind Bondline includes Ubuntu, Apache, MySQL, Imagemagick, Memcached, and much more. All of the software behind Bondline is available for inspection by experts, and none of the software is encumbered by licensing or other legal restrictions, as best we can determine. We hope this minimizes the risk that Bondline or you contributors can be victimized by unscrupulous people or organizations.
  • We keep the software up to date as best we can. That means when vulnerabilities are discovered in the software, they affect Bondline as little as possible.
  • We don't use third-party services, such as Google Analytics or Facebook "Like" buttons, that routinely track you as you browse the web. Note, however, that we do use Google's CAPTCHA service to reduce spam. We haven't investigated the privacy implications of Google CAPTCHA, but we have confirmed that the Mediawiki software does not track you when you read Bondline. It is used only when you are first log in to Bondline, and when you submit or edit material.
  • Bondline's Server at Monkeybrains's Colo
    Bondline relies as little as possible on commercial internet providers. In its first years, Bondline ran on a server owned by Steve Williams installed in a facility operated by Monkeybrains, a commercial host with a long track record of respecting privacy and pretty good contracts with its commercial landlord and upstream internet access providers. As such, your contributions to Bondline were less likely to be quashed by bogus legal demands, and your use of Bondline was less likely to be disclosed by our providers.

    Later, Bondline moved to a commercial, shared hosting provider, again one with a good privacy track record. When Steve found out that provider had been sold to GoDaddy, a company known for dubious business practices, he moved Bondline to DigitalOcean, another commercial hosting provider that gives customers like us excellent control over our virtual servers.

    (Here's a referral link to DigitalOcean. If you use that link open a DigitalOcean account, Steve's account will get a small reward, helping to defray the cost of running Bondline.)

    Steve almost certainly will be notified of any legal demands before action is taken, and he'll try to contact you before taking action that affects your contributions or your privacy.

Where could we do better?

  • We retain web server logs and web analytics data. It'd probably be better to delete all such logs routinely and often. But we like to know how people use Bondline, and it's harder to do that while aggressively deleting logs. Maybe you have some expertise in this area and would like to help!

Please help improve this privacy policy! We want this to be understandable by non-technical visitors and contributors. And we want this to serve as one example of how volunteer projects can be clear about their intentions and give their communities realistic expectations about privacy and security, and maybe even help their community members protect themselves better.

(As of January 5, 2011, this document had a Flesch-Kincaid Grade Level of about 11 according to Added Bytes. A Grade Level of 8 would be preferable, to better serve all readers. If you'd like to take a stab at improving the readability of this page, your efforts are welcome!)