FeministWiki:Privacy policy: Difference between revisions

    From FeministWiki
    Tags: Mobile edit Mobile web edit
    Line 75: Line 75:
    == Contact for further questions ==
    == Contact for further questions ==


    Please contact admin@feministwiki.org if you have any privacy related concerns or questions that aren't answered above.
    Please contact technician@feministwiki.org if you have any privacy related concerns or questions that aren't answered above.

    Revision as of 08:33, 27 March 2020

    This is not a real "privacy policy." I'm no lawyer and neither do I have one. This is an honest summary of everything you might want to know about the FeministWiki and privacy.

    Data stored by the FeministWiki could be split in two categories: data stored about your account, and data generated by your usage of FeministWiki services like opening pages, editing pages, using the chat system, or uploading files.

    Account data

    At its core, the FeministWiki doesn't save anything about you other than your chosen username, a "cryptographic hash" of your current password, and the username of the member who added you. In addition, it can save an e-mail address and a "display name" of your choosing, if you enter these in the account settings page or provide them in the account request form. A detailed listing of all data stored in relation to your FeministWiki account follows.

    The username

    Your username doesn't need to correspond to your real identity in any way. If it does, note that other members can see it in some places such as the list of names in the chat service. It's almost impossible to keep 100% of malicious people from getting a FeministWiki membership, so a malicious person could end up seeing your username too. Furthermore, if you edit the wiki, post on public parts of the forum, publish a FeministWiki blog post etc., then your username will be publicly visible. If this is a problem for you, please contact the technician to change your username to one that doesn't relate to your real identity.

    The password

    Your password is not saved in plain text. Rather, a "salted SHA1 hash" of your password is saved. In layperson terms, this means: even in case of a data leak, attackers won't immediately know your password, though it's technically possible for them to figure it out if they spend a lot of time processing the leaked data. For this reason, the password you use here should not be a very important one, such as the password you use for online banking. (This issue applies to almost all websites that use passwords; the FeministWiki is not any less secure in this regard than other websites.) All FeministWiki services use encrypted communication, so your password doesn't travel over the network in plain text either.

    The member who added you

    The username of the FeministWiki member who created your account is visible to the technician, if she/he cares to look it up from the internally kept database.

    Your regular e-mail address

    In the account settings, you can set an e-mail address that should be associated with your FeministWiki account instead of the default address of (username)@feministwiki.org. (In the account request form, this corresponds to the address you provide in the first e-mail input field.) While this address won't be listed publicly anywhere, it's possible that other FeministWiki members may see it. Given that it's practically impossible to keep out 100% of malicious persons from getting a FeministWiki member account, you should consider the risk that a malicious person will see this e-mail address. As such, consider not providing one and just using the (username)@feministwiki.org address provided by the FeministWiki, or providing one that cannot be traced to your real identity, if keeping your identity hidden is important to you.

    Your recovery e-mail address

    Also in the account settings, you can provide a secondary, hidden e-mail address that will be used solely for account recovery in case you forget your FeministWiki password. This address is only visible to the technician. However, despite state of the art security measures, please note that a data leak can never be ruled out 100%, so if keeping your identity secret is very important to you, consider leaving this empty and instead taking good care of your password, or using an address that can't be traced to your real identity.

    Data provided in the account request form

    If you use the account registration/request form, if you leave out the primary e-mail address field, you are asked to fill out a secondary e-mail field so your account request can be responded to. While this address is not recorded in the member database (unless you explicitly opt in), it will appear in the automatic e-mail sent to admin@feministwiki.org. Likewise with the text you write in the "personal declaration" field of the form. The e-mail containing this data is stored on the mail server of the FeministWiki, meaning that the same data leak concerns as explained in the previous section might apply. That said, the technician will try to make sure that these e-mails are deleted after the account request is processed. (So far, a technical guarantee of this is not provided; this will come in a future rework of the account request system.)

    Activity data

    When you use any of the FeministWiki services, like visiting any part of the website, editing wiki pages, posting to the forum, sending chat messages, sending FeministWiki e-mail, uploading files, or writing or commenting on blog posts, you generate data that is stored on the server, some of which is also publicly shown. Details follow.

    Visiting pages

    Absolutely every web page of the FeministWiki that you visit (including forum, blogs, the on-site chat or email clients, etc.) generate an "access log" entry on the web server which contains your IP address, time of access, and optional information sent by your web browser. (Heads up: this is a standard feature of web servers and is done by every website you visit, unless they've specifically turned this function off, which is unlikely.) This helps with alleviating abuse of the website and searching for technical problems when for instance someone is getting error messages when trying to open pages.

    Usually, your IP address cannot be traced back to your real identity, although it reveals the location of your internet service provider and therefore possibly an approximate geographic location. If this is an issue for you, please look into software such as the Tor Project or other ways to hide your IP address from websites you visit.

    The FeministWiki will absolutely never reveal the contents of the access logs to anyone.

    Editing the wiki

    All individual edits made to the wiki (including talk pages and other types of special pages) are permanently recorded, with the username of the editor and the date and time of the edit. These records remain even if the page is later edited by someone else so thoroughly that none of the content written by you remains. This recording of all edits helps to resolve issues with vandalism by malicious editors. (E.g. if someone removes all content on a page and replaces it with garbage, the original content can be recovered in a few clicks, and the edit logs will show who did the vandalism.)

    Note: This is a standard feature of the wiki software MediaWiki that is also used by Wikipedia.

    Posting on the forum

    Most sections of the forum are publicly visible. Your username will appear aside your forum post, as well as the date and time of the post. There are sections of the forum that are only visible to members, but please remember that it's difficult to keep out 100% of malicious persons from getting a FeministWiki account. All forum posts are also stored on the server, and data leaks may happen despite state of the art security measures.

    Using the chat system

    Chat messages sent through the FeministWiki chat service are only visible to the recipient(s) of the message. However, they are stored on the server to provide you your chat history when you log in to the chat with a different device. Ideally, don't ever send personal information through the FeministWiki chat service if you want it to remain absolutely secret.

    Furthermore, any device you use to log in to the chat system leads to an access log entry to be stored by the software. This helps identifying the cause of technical problems, like when someone is having difficulties logging in.

    Writing blog posts or comments

    The blog posts as well as the comments beneath them are publicly visible, and have your username attached to them, as well as the date and time of the comment, much like public posts on the forum.

    Uploading files to the file storage system

    The files you upload to the FeministWiki file storage are private by default. You have the option of sharing them with others by creating a sharing link or making files or whole folders accessible to other members. Since the files are stored on the server however, you should ideally never upload any files with personal information that you want to keep absolutely secret.

    Sending and receiving FeministWiki e-mail

    The e-mails you send and receive with your (username)@feministwiki.org account are stored on the server. Ideally, don't send any e-mail that provides personal information which you want to keep absolutely secret.

    Furthermore, any e-mail client software you've configered to automatically fetch your received FeministWiki e-mail leads to access log entries to be stored by the e-mail server whenever the software in question opens a connection to look for any incoming mail. This helps with identifying technical problems like when someone is having difficulty receiving their FeministWiki e-mail, and is a standard feature of all e-mail servers, meaning your regular e-mail provider is doing it as well.

    Contact for further questions

    Please contact technician@feministwiki.org if you have any privacy related concerns or questions that aren't answered above.