update legal documents

parent 78e9886f
......@@ -16,20 +16,24 @@ What do these servers actually do? What kind of private information is stored? H
The edge nodes do not host private information of the users, only our master servers host user information.
The edge servers are owned by us, we can delete servers, migrate them, deploy new ones, change providers etc. We can force users in a country to stay away from a particular node and transit the parrot network from a node in another country.
The edge servers are owned by us, we can delete servers, migrate them, deploy new ones, change providers etc. We can force users in a country to stay away from a particular node and transit the parrot network from a node in another country if we beieve that such countries or providers may inspect user traffic.
We log user activities from the web server logs and use goaccess to monitor strange activities.
We log user activities from the web server logs and use log analyzers to investigate uncommon (malicious) activities and spot possible intrusions or cyber attacks.
Our sysadmin is the only person authorized to access the servers and handle the logs.
Sometimes we collect statistical usage data on our infrastructure usage (downloads, website hits, unique visitors, geographical distribution etc). Such data is aggregate and does not contain personal user information, and ip addresses and other components useful to identify specific users are stripped out before the data aggregation, or sometimes they are not collected at all.
Goaccess analyzes the logs for us to show aggregated data such as page hits, unique visitors, most used browsers, origin country, most requested addresses, most accessed domains etc. The data we retain is aggregated and does not reveal private user information.
We do NOT log user activities on some services, like the DNS resolvers, to respect user privacy, and we do not collect user information if we don't have a technical reason to log it.
The only private information directly visible from goaccess is the ip address of the users, but the servers already have automatic protections to ban misbehaving ip addresses, We store ip addresses temporarily in case of cyberattacks.
Our sysadmin is the only person authorized to access the servers and handle the logs, and no third parties have access to such data.
Logs are disabled on the edge nodes, so we can keep them secure on the central infrastructure where authorities or third parties can’t take them without our approval.
The only private information directly visible from goaccess is the ip address of the users, but the servers already have automatic protections to ban misbehaving ip addresses, We store ip addresses temporarily in case of cyberattacks against our web infrastructure.
Personal user data is not stored on our CDN edge nodes, so we can keep user data as safe as possible on the central infrastructure where authorities or third parties can’t take them without our approval.
We periodically delete logs from servers when we are sure that no attacks were received in that period of time, and we shred them for security before restarting the service.
When we dismiss a dedicated server or a VPS, we manually shred the hard disk with random data from a recovery unit to make data unrecoverable before the service deletion.
We have never received a warrant since we began this project. Please note our [warrant canary](warrant-canary.md).
......@@ -38,14 +42,15 @@ We have never received a warrant since we began this project. Please note our [w
We provide free DNS resolvers for the OpenNIC network. These servers have logs disabled by default.
There is a tiny log buffer that hosts the latest service hits for debugging purposes but this is just a buffer that keeps a bunch of recent elements it disappears
automatically as new requests come in and it is the standard behavior of the DNS resolver we use (PowerDNS).
There is a tiny log buffer that hosts the latest service hits for technical purposes, allowing the system to identify and automatically ban ip addresses abusing the service.
The temporary log is just a buffer that keeps a bunch of recent elements, and old entries disappear
automatically as new requests come in. It is the standard behavior of the DNS resolver we use (PowerDNS).
Since DNS logs are disabled, and the abuse prevention system is completely automatic, we don't have systems to manually analyze such logs, and we don't perform direct or indirect analysis of DNS services usage.
Last updated 26 Mar 2019
Last updated 25 Apr 2019
 
[Using Parrot](https://www.parrotsec.org/docs/info/start/) | [Troubleshooting](https://www.parrotsec.org/docs/trbl/start/) | [Linux Beginner Guide](https://www.parrotsec.org/docs/library/lbg-basics/) | [Home](https://www.parrotsec.org/docs/)
\ No newline at end of file
[Using Parrot](https://www.parrotsec.org/docs/info/start/) | [Troubleshooting](https://www.parrotsec.org/docs/trbl/start/) | [Linux Beginner Guide](https://www.parrotsec.org/docs/library/lbg-basics/) | [Home](https://www.parrotsec.org/docs/)
......@@ -24,7 +24,7 @@ Warrant Canaries have been found to be legal by the United States Justice Depart
![warrant canary](https://www.parrotsec.org/docs/img/warrant-canary.png)
Warrant Canary, March 16 2019
Warrant Canary, April 25 2019
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment