Commit 878d12ae authored by Dario's avatar Dario
Browse files

Added legal stuff

parent 9c242562
# Privacy Policy #
NOTE: This policy is incomplete (it does not yet cover all the infrastructure of the Parrot Project), we hope to finish it shortly.
### Parrot OS
The Parrot operating system does not include trackers or telemetry from the Parrot team or its partners, and we do not track our users on the system.
Parrot OS is a bundle of many complex programs and subsystems, and each of the programs installed on the system may implement it's own telemetry "features".
The Parrot Security Team does its best to provide a system completely clean from trackers, and no data is collected from our users, but additional programs installed on the system by the end user may change this statement. It is up to the end user to make sure that newly installed programs don't ship their own telemetry if privacy is required.
### Parrot's Content Delivery Network
What do these servers actually do? What kind of private information is stored? How is it stored? And what happens if an edge node is cloned and analyzed?
The edge nodes do not host private information of the users, only our master servers host user information.
The edge servers are owned by us, we can delete servers, migrate them, deploy new ones, change providers etc. We can force users in a country to stay away from a particular node and transit the parrot network from a node in another country if we beieve that such countries or providers may inspect user traffic.
We log user activities from the web server logs and use log analyzers to investigate uncommon (malicious) activities and spot possible intrusions or cyber attacks.
Sometimes we collect statistical usage data on our infrastructure usage (downloads, website hits, unique visitors, geographical distribution etc). Such data is aggregate and does not contain personal user information, and ip addresses and other components useful to identify specific users are stripped out before the data aggregation, or sometimes they are not collected at all.
We do NOT log user activities on some services, like the DNS resolvers, to respect user privacy, and we do not collect user information if we don't have a technical reason to log it.
Our sysadmin is the only person authorized to access the servers and handle the logs, and no third parties have access to such data.
The only private information directly visible from goaccess is the ip address of the users, but the servers already have automatic protections to ban misbehaving ip addresses, We store ip addresses temporarily in case of cyberattacks against our web infrastructure.
Personal user data is not stored on our CDN edge nodes, so we can keep user data as safe as possible on the central infrastructure where authorities or third parties can’t take them without our approval.
We periodically delete logs from servers when we are sure that no attacks were received in that period of time, and we shred them for security before restarting the service.
When we dismiss a dedicated server or a VPS, we manually shred the hard disk with random data from a recovery unit to make data unrecoverable before the service deletion.
We have never received a warrant since we began this project. Please note our [warrant canary](<./Warrant>).
### The Parrot Project's OpenNIC DNS Servers
We provide free DNS resolvers for the OpenNIC network. These servers have logs disabled by default.
There is a tiny log buffer that hosts the latest service hits for technical purposes, allowing the system to identify and automatically ban ip addresses abusing the service.
The temporary log is just a buffer that keeps a bunch of recent elements, and old entries disappear
automatically as new requests come in. It is the standard behavior of the DNS resolver we use (PowerDNS).
Since DNS logs are disabled, and the abuse prevention system is completely automatic, we don't have systems to manually analyze such logs, and we don't perform direct or indirect analysis of DNS services usage.
Last updated 25 Apr 2019
......@@ -22,8 +22,13 @@
- [Hash and key verification](<./24.- Hash and key>)
- [AppArmor](<./25.->)
- [Troubleshooting]()
- [F.A.Q.]()
- [Legal]()
- [Privacy Policy](<./Privacy>)
- [Warrant Canary](<./Warrant>)
- [Parrot on Docker](<./22.- Parrot on>)
# Warrant Canary #
signed with:
Lorenzo "Palinuro" Faletra
GPG ID: B350 5059 3C2F 7656 40E6 DDDB 97CA A129 F4C6 B9A4
Parrot Archive Keyring
GPG ID: 813E EFE8 0280 C579 E2A1 F5E6 B56F FA94 6EB1 660A
![warrant canary](./images/warrant-canary.png)
Warrant Canary, July 6 2020
Hash: SHA256
Signed Warrant Canary n.2: no incidents or warrants as of July 6 2020
This page is to inform users that Parrot Security has not been served with a secret government subpoena for its servers (Parrot Project, Parrot Security CIC, Lorenzo Faletra or other directly involved partners), software (Parrot OS and its official derivatives), or services (community services, gitlab instance, email service, cryptpad service, cloud platform, CDN nodes, hosted portals etc).
If a warrant canary has not been updated in the time period specified by Parrot Security, or if this page disappears, users are to assume that Parrot Project has indeed been served with a secret subpoena.
The intention is to allow Parrot Security to warn users of the existence of a subpoena passively, without disclosing to others that the government has sought or obtained access to information or records under a secret subpoena.
Warrant Canaries have been found to be legal by the United States Justice Department, so long as they are passive in their notifications.
This message is signed with the GPG keys of the Parrot OS archive keyrings and the Team Leader (and actual legal holder) of Parrot Security.
Every new canary update since July 10 2019 will be digitally signed, and older versions of the canary will be archived and made available in a public archive.
signed with:
Lorenzo "Palinuro" Faletra
GPG ID: B350 5059 3C2F 7656 40E6 DDDB 97CA A129 F4C6 B9A4
Parrot Archive Keyring
GPG ID: 813E EFE8 0280 C579 E2A1 F5E6 B56F FA94 6EB1 660A
[Warrant Canary n.0](
[Warrant Canary n.1](
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment