FeministWiki:Privacy policy: differenze tra le versioni
Nessun oggetto della modifica |
Nessun oggetto della modifica |
||
Riga 1: | Riga 1: | ||
This is not a real "privacy policy." I'm no lawyer and neither do I have one. This is an honest summary of everything you might want to know about the FeministWiki and privacy. | This is not a real "privacy policy." I'm no lawyer and neither do I have one. This is an honest summary of everything you might want to know about the FeministWiki and privacy. | ||
Data stored by the FeministWiki could be split in two categories: data stored about your account, and data generated by your usage of FeministWiki services like opening pages, editing pages, using the chat system, or uploading files. | |||
== Account data == | |||
At its core, the FeministWiki doesn't save anything about you other than your chosen username, a "cryptographic hash" of your current password, and the username of the member who added you. In addition, it can save an e-mail address and a "display name" of your choosing, if you enter these in the account settings page or provide them in the account request form. A detailed listing of all data stored in relation to your FeministWiki account follows. | |||
=== The username === | |||
Your username doesn't need to correspond to your real identity in any way. If it does, note that other members can see it in some places such as the list of names in the chat service. It's almost impossible to keep 100% of malicious people from getting a FeministWiki membership, so a malicious person could end up seeing your username too. Furthermore, if you edit the wiki, post on public parts of the forum, publish a FeministWiki blog post etc., then your username will be publicly visible. If this is a problem for you, please contact the technician to change your username to one that doesn't relate to your real identity. | |||
That's all. | === The password === | ||
Your password is not saved in plain text. Rather, a "salted SHA1 hash" of your password is saved. In layperson terms, this means: even in case of a data leak, attackers won't immediately know your password, though it's technically possible for them to figure it out if they spend a lot of time processing the leaked data. For this reason, the password you use here should not be a very important one, such as the password you use for online banking. (This issue applies to almost all websites that use passwords; the FeministWiki is not any less secure in this regard than other websites.) All FeministWiki services use encrypted communication, so your password doesn't travel over the network in plain text either. | |||
=== The member who added you === | |||
The username of the FeministWiki member who created your account is visible to the [[FW:Technician|technician]], if she/he cares to look it up from the internally kept database. | |||
=== Your regular e-mail address === | |||
In the account settings, you can set an e-mail address that should be associated with your FeministWiki account instead of the default address of ''(username)@feministwiki.org''. (In the account request form, this corresponds to the address you provide in the first e-mail input field.) While this address won't be listed publicly anywhere, it's possible that other FeministWiki members may see it. Given that it's practically impossible to keep out 100% of malicious persons from getting a FeministWiki member account, you should consider the risk that a malicious person will see this e-mail address. As such, consider not providing one and just using the ''(username)@feministwiki.org'' address provided by the FeministWiki, or providing one that cannot be traced to your real identity, if keeping your identity hidden is important to you. | |||
=== Your recovery e-mail address === | |||
Also in the account settings, you can provide a secondary, hidden e-mail address that will be used solely for account recovery in case you forget your FeministWiki password. This address is only visible to the [[FW:Technician|technician]]. However, despite state of the art security measures, please note that a data leak can never be ruled out 100%, so if keeping your identity secret is '''very''' important to you, consider leaving this empty and instead taking good care of your password. | |||
=== Data provided in the account request form === | |||
If you use the account registration/request form, if you leave out the primary e-mail address field, you are asked to fill out a secondary e-mail field so your account request can be responded to. While this address is not recorded in the member database (unless you explicitly opt in), it will appear in the automatic e-mail sent to admin@feministwiki.org. Likewise with the text you write in the "personal declaration" field of the form. The e-mail containing this data is stored on the mail server of the FeministWiki, meaning that the same data leak concerns as explained in the previous section might apply. That said, the technician will try to make sure that these e-mails are deleted after the account request is processed. (So far, a technical guarantee of this is not provided; this will come in a future rework of the account request system.) | |||
== Activity data == | |||
When you use any of the FeministWiki services, like visiting any part of the website, editing wiki pages, posting to the forum, sending chat messages, sending FeministWiki e-mail, uploading files, or writing or commenting on blog posts, you generate data that is stored on the server, some of which is also publicly shown. Details follow. | |||
=== Visiting pages === | |||
Absolutely '''every''' web page of the FeministWiki that you visit (including forum, blogs, the on-site chat or email clients, etc.) generate an "access log" entry on the web server which contains your IP address and time of access. (Heads up: this is a standard feature of web servers and is done by '''every''' website you visit, unless they've specifically turned this function off, which is unlikely.) This helps with alleviating abuse of the website and searching for technical problems when for instance someone is getting error messages when trying to open pages. | |||
=== Editing the wiki === | |||
All individual edits made to the wiki (including talk pages and other types of special pages) are permanently recorded, with the username of the editor and the date and time of the edit. These records remain even if the page is later edited by someone else so thoroughly that none of the content written by you remains. This recording of all edits helps to resolve issues with vandalism by malicious editors. (If someone removes all content on a page and replaces it with garbage, the original content can be recovered in a few clicks, and the edit logs will show who did the vandalism.) | |||
=== Posting on the forum === | |||
Most sections of the forum are publicly visible. Your username will appear aside your forum post, as well as the date and time of the post. There are sections of the forum that are only visible to members, but please remember that it's difficult to keep out 100% of malicious persons from getting a FeministWiki account. All forum posts are also stored on the server, and data leaks '''may''' happen despite state of the art security measures. | |||
=== Using the chat system === | |||
Chat messages sent through the FeministWiki chat service are only visible to the recipient(s) of the message. However, they are stored on the server to provide you your chat history when you log in to the chat with a different device. Ideally, don't ever send personal information through the FeministWiki chat service if you want it to remain absolutely secret. | |||
Furthermore, any device you use to log in to the chat system leads to an access log entry to be stored by the software. This helps identifying the cause of technical problems, like when someone is having difficulties logging in. | |||
=== Writing blog posts or comments === | |||
The blog posts as well as the comments beneath them are publicly visible, and have your username attached to them, as well as the date and time of the comment, much like public posts on the forum. | |||
=== Uploading files to the file storage system === | |||
The files you upload to the FeministWiki file storage are private by default. You have the option of sharing them with others by creating a sharing link or making files or whole folders accessible to other members. Since the files are stored on the server however, you should ideally never upload any files with personal information that you want to keep absolutely secret. | |||
=== Sending and receiving FeministWiki e-mail === | |||
The e-mails you send and receive with your ''(username)@feministwiki.org'' account are stored on the server. Ideally, don't send any e-mail that provides personal information which you want to keep absolutely secret. | |||
Furthermore, any e-mail client software you've configered to automatically fetch your received FeministWiki e-mail leads to access log entries to be stored by the e-mail server whenever the software in question opens a connection to look for any incoming mail. This helps with identifying technical problems like when someone is having difficulty receiving their FeministWiki e-mail, and is a standard feature of all e-mail servers, meaning your regular e-mail provider is doing it as well. | |||
== Contact for further questions == | |||
Please contact admin@feministwiki.org if you have any privacy related concerns or questions that aren't answered above. |
Versione delle 13:22, 18 ago 2019
This is not a real "privacy policy." I'm no lawyer and neither do I have one. This is an honest summary of everything you might want to know about the FeministWiki and privacy.
Data stored by the FeministWiki could be split in two categories: data stored about your account, and data generated by your usage of FeministWiki services like opening pages, editing pages, using the chat system, or uploading files.
Account data
At its core, the FeministWiki doesn't save anything about you other than your chosen username, a "cryptographic hash" of your current password, and the username of the member who added you. In addition, it can save an e-mail address and a "display name" of your choosing, if you enter these in the account settings page or provide them in the account request form. A detailed listing of all data stored in relation to your FeministWiki account follows.
The username
Your username doesn't need to correspond to your real identity in any way. If it does, note that other members can see it in some places such as the list of names in the chat service. It's almost impossible to keep 100% of malicious people from getting a FeministWiki membership, so a malicious person could end up seeing your username too. Furthermore, if you edit the wiki, post on public parts of the forum, publish a FeministWiki blog post etc., then your username will be publicly visible. If this is a problem for you, please contact the technician to change your username to one that doesn't relate to your real identity.
The password
Your password is not saved in plain text. Rather, a "salted SHA1 hash" of your password is saved. In layperson terms, this means: even in case of a data leak, attackers won't immediately know your password, though it's technically possible for them to figure it out if they spend a lot of time processing the leaked data. For this reason, the password you use here should not be a very important one, such as the password you use for online banking. (This issue applies to almost all websites that use passwords; the FeministWiki is not any less secure in this regard than other websites.) All FeministWiki services use encrypted communication, so your password doesn't travel over the network in plain text either.
The member who added you
The username of the FeministWiki member who created your account is visible to the technician, if she/he cares to look it up from the internally kept database.
Your regular e-mail address
In the account settings, you can set an e-mail address that should be associated with your FeministWiki account instead of the default address of (username)@feministwiki.org. (In the account request form, this corresponds to the address you provide in the first e-mail input field.) While this address won't be listed publicly anywhere, it's possible that other FeministWiki members may see it. Given that it's practically impossible to keep out 100% of malicious persons from getting a FeministWiki member account, you should consider the risk that a malicious person will see this e-mail address. As such, consider not providing one and just using the (username)@feministwiki.org address provided by the FeministWiki, or providing one that cannot be traced to your real identity, if keeping your identity hidden is important to you.
Your recovery e-mail address
Also in the account settings, you can provide a secondary, hidden e-mail address that will be used solely for account recovery in case you forget your FeministWiki password. This address is only visible to the technician. However, despite state of the art security measures, please note that a data leak can never be ruled out 100%, so if keeping your identity secret is very important to you, consider leaving this empty and instead taking good care of your password.
Data provided in the account request form
If you use the account registration/request form, if you leave out the primary e-mail address field, you are asked to fill out a secondary e-mail field so your account request can be responded to. While this address is not recorded in the member database (unless you explicitly opt in), it will appear in the automatic e-mail sent to admin@feministwiki.org. Likewise with the text you write in the "personal declaration" field of the form. The e-mail containing this data is stored on the mail server of the FeministWiki, meaning that the same data leak concerns as explained in the previous section might apply. That said, the technician will try to make sure that these e-mails are deleted after the account request is processed. (So far, a technical guarantee of this is not provided; this will come in a future rework of the account request system.)
Activity data
When you use any of the FeministWiki services, like visiting any part of the website, editing wiki pages, posting to the forum, sending chat messages, sending FeministWiki e-mail, uploading files, or writing or commenting on blog posts, you generate data that is stored on the server, some of which is also publicly shown. Details follow.
Visiting pages
Absolutely every web page of the FeministWiki that you visit (including forum, blogs, the on-site chat or email clients, etc.) generate an "access log" entry on the web server which contains your IP address and time of access. (Heads up: this is a standard feature of web servers and is done by every website you visit, unless they've specifically turned this function off, which is unlikely.) This helps with alleviating abuse of the website and searching for technical problems when for instance someone is getting error messages when trying to open pages.
Editing the wiki
All individual edits made to the wiki (including talk pages and other types of special pages) are permanently recorded, with the username of the editor and the date and time of the edit. These records remain even if the page is later edited by someone else so thoroughly that none of the content written by you remains. This recording of all edits helps to resolve issues with vandalism by malicious editors. (If someone removes all content on a page and replaces it with garbage, the original content can be recovered in a few clicks, and the edit logs will show who did the vandalism.)
Posting on the forum
Most sections of the forum are publicly visible. Your username will appear aside your forum post, as well as the date and time of the post. There are sections of the forum that are only visible to members, but please remember that it's difficult to keep out 100% of malicious persons from getting a FeministWiki account. All forum posts are also stored on the server, and data leaks may happen despite state of the art security measures.
Using the chat system
Chat messages sent through the FeministWiki chat service are only visible to the recipient(s) of the message. However, they are stored on the server to provide you your chat history when you log in to the chat with a different device. Ideally, don't ever send personal information through the FeministWiki chat service if you want it to remain absolutely secret.
Furthermore, any device you use to log in to the chat system leads to an access log entry to be stored by the software. This helps identifying the cause of technical problems, like when someone is having difficulties logging in.
Writing blog posts or comments
The blog posts as well as the comments beneath them are publicly visible, and have your username attached to them, as well as the date and time of the comment, much like public posts on the forum.
Uploading files to the file storage system
The files you upload to the FeministWiki file storage are private by default. You have the option of sharing them with others by creating a sharing link or making files or whole folders accessible to other members. Since the files are stored on the server however, you should ideally never upload any files with personal information that you want to keep absolutely secret.
Sending and receiving FeministWiki e-mail
The e-mails you send and receive with your (username)@feministwiki.org account are stored on the server. Ideally, don't send any e-mail that provides personal information which you want to keep absolutely secret.
Furthermore, any e-mail client software you've configered to automatically fetch your received FeministWiki e-mail leads to access log entries to be stored by the e-mail server whenever the software in question opens a connection to look for any incoming mail. This helps with identifying technical problems like when someone is having difficulty receiving their FeministWiki e-mail, and is a standard feature of all e-mail servers, meaning your regular e-mail provider is doing it as well.
Contact for further questions
Please contact admin@feministwiki.org if you have any privacy related concerns or questions that aren't answered above.