From 6e7ea212b9d0aea5548c3096c61d9f0c494dbe0e Mon Sep 17 00:00:00 2001 From: Tommy Date: Mon, 18 Jul 2022 23:55:56 -0400 Subject: [PATCH] Privacy Policy Signed-off-by: Tommy --- config.yml | 31 +++++++++++++++++++++++++---- content/{conduct.md => code.md} | 0 content/privacy.md | 35 +++++++++++++++++++++++++++++++++ 3 files changed, 62 insertions(+), 4 deletions(-) rename content/{conduct.md => code.md} (100%) create mode 100644 content/privacy.md diff --git a/config.yml b/config.yml index 5f41ac4..c9b2688 100644 --- a/config.yml +++ b/config.yml @@ -44,12 +44,12 @@ params: buttons: - name: About url: about - - name: Conduct - url: conduct + - name: Code + url: code + - name: Privacy + url: privacy - name: Donate url: donate - - name: Tags - url: tags socialIcons: - name: github @@ -111,7 +111,30 @@ menu: name: Search url: /search/ weight: 50 + - identifier: Tags + name: Tags + url: /tags/ + weight: 60 privacy: + disqus: + disable: true + googleAnalytics: + anonymizeIP: true + disable: true + respectDoNotTrack: true + useSessionStorage: false + instagram: + disable: true + simple: false + twitter: + disable: false + enableDNT: true + simple: false + vimeo: + disable: false + enableDNT: true + simple: false youtube: + disable: false privacyEnhanced: true \ No newline at end of file diff --git a/content/conduct.md b/content/code.md similarity index 100% rename from content/conduct.md rename to content/code.md diff --git a/content/privacy.md b/content/privacy.md new file mode 100644 index 0000000..7760e37 --- /dev/null +++ b/content/privacy.md @@ -0,0 +1,35 @@ +--- +title: "Privacy Policy" +--- + +PrivSec.dev as a project does not collect any personal information. We do not log your IPs, collect your fingerprints, or run any sort of analytics on you. In sort, we do not care who you are, what you do, or how you are using our website. It is none of our business. + +## Software + +We use [Hugo](https://gohugo.io/) to build our website. Hugo has fingerprinting capabilities, but we turn that off in our configuration. Hugo also has [additional privacy settings](https://gohugo.io/about/hugo-and-gdpr/) for GDPR compliance, and we configure it to be as privacy friendly as possible. + +Services like Disqus, Instagram, and Google Analytics are disabled. We do link to Twitter, Vimeo and Youtube in our blogs, and we turn on "enableDNT" and "privacyEnhanced" for those services. + +## Hosting Provider + +We use Google Domains, Google DNS, and Google Firebase Hosting to run our website. We turn Google Analytics off for our project, so it should not collect any data on you. + +For the Privacy Policy of Firebase Hosting, please check out [this link](https://firebase.google.com/support/privacy). + +## Git Repository + +We use GitHub to host our repository. In order to contribute to our website or to open a GitHub discussion, you will need a GitHub account. + +For the Privacy policy of GitHub, please check out [this link](https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement). + +## Matrix + +We use Matrix as our primary communication method. Since Matrix is a Federated protocol, the privacy of our conversaion depends on that of your homeserver and the homeserver of your contact. + +You should not have any expectation of privacy for your conversation in our public room, as anyone (be it a person or a bot) can access all of your messages and log them. Even if you "delete" your messages, it is merely a redaction request to the participating homeservers in the room, and any of them could choose to ignore said request. + +Direct or private messages with individuals are end to end encrypted by default. However, the Matrix protocol does not provide any metadata protection, and homeserver admins know who you have been talking to, how often you talk to them, and so on. + +## Email + +Our mail server is hosted by Tommy on his own Dedicated Server colocated in the United Kingdom. Many of us use our @privsec.dev email as an alias and forward it to another email provider. The privacy of your emails with us is the same as with any other person you communicate to using this protocol - the hosting providers can read all of your conversations with us unless you are using PGP, and even when you use PGP there is no metadata protection. \ No newline at end of file