diff --git a/templates/main/rules.html.ep b/templates/main/rules.html.ep
index 9ebb70f..fae2cd8 100644
--- a/templates/main/rules.html.ep
+++ b/templates/main/rules.html.ep
@@ -116,15 +116,26 @@
data in any commercial capacity, and only stores data
necessary for service operation or security and auditing.
+
+ Much of the data is stored unencrypted due to the nature of
+ the services provided. Remember that while there are access
+ controls, the best way to safeguard your data is to encrypt
+ it yourself.
+
If you are concerned or believe that there is something
missing here, please reach out via email or XMPP.
+
+
+ Data Accessible to the World
+
- The following data is made accessible to the world.
+ The following data is publicly accessible by anyone with an
+ internet connection.
- LDAP
+ LDAP
- Chosen username.
- Personal information given on the account page.
@@ -132,7 +143,7 @@
- Login shell.
- XMPP
+ XMPP
Privacy settings can be configured with supported XMPP
clients.
- Mumble
+ Mumble
- Chosen username.
- User channel info, if created.
- E-Mail
+ E-Mail
Filters are not applied to outgoing mail. The following may
be included in the e-mail headers:
@@ -165,7 +176,7 @@
Sender client identification string.
- Akkoma
+ Akkoma
Akkoma has built-in privacy settings.
- IPFS
- Due to the nature of IPFS, uploaded data can be accessed by
- anyone with the CID.
+ IPFS
+
+ Due to the nature of IPFS, uploaded data can be accessed by
+ anyone with the CID.
+
- Nextcloud
+ Nextcloud
Nextcloud has built in privacy settings.
-
@@ -194,17 +207,21 @@
- Files shared publicly.
- Shell access
+ Shell access
Files located under ~/public are accessible to the world, as
determined by their UNIX permissions.
-
- The following information is stored by the services, and
- accessible by users on UNIX.dog.
-
- Shell access
+
+ Data Accessible to UNIX.dog Users
+
+
+ The following data can be accessed by people with a
+ registered UNIX.dog account.
+
+
+ Shell access
- Last login times and IP, via WTMP logs.
-
@@ -224,66 +241,91 @@
+
+ Data Accessible to Administrators
+
- The following information is stored by the services, and
- accessible to administrators.
-
- HTTP
-
- The HTTP server stores access logs, including source IP and
- headers.
+ The following data is stored on the server, and is thus
+ accessible by administrators.
- LDAP
-
- The LDAP server stores no logs. It does store the data
- mentioned in previous sections.
-
+ HTTP
+
+ -
+ Access logs, which include source IP, request headers,
+ request path, and time.
+
+ -
+ Request data (i.e. POST or form data) is not
+ logged.
+
+
- Akkoma
-
- The Akkoma server stores only error logs. Any data uploaded
- to the Akkoma server (including post and DM content)
- is accessible by administrators. Please
- keep in mind that ActivityPub is not a secure protocol, and
- should not be used for sensitive communications.
-
+ LDAP
+
+ - Password hashed with Argon2ID.
+
- XMPP
- If you use OMEMO encryption, message content is encrypted.
+ Akkoma
+
+ ActivityPub is not a secure protocol, and
+ should not be used for sensitive communications. Post
+ content can be deleted if needed, but posts could still
+ exist on other servers because of the nature of federation.
+
+
+ -
+ Post and DM content, regardless of post visibility
+ setting.
+
+ - Error logs.
+
+
+ XMPP
+
+ If you use OMEMO encryption, message content is encrypted.
+ XMPP is also a federated protocol, so your data may be exposed
+ and stored on the server of the contacts you communicate with.
+
- Your XMPP roster.
- - Uploaded files are published at an obfuscated URL.
+ - Uploaded files, published at an obfuscated URL.
-
- Message content is cached for 7 days in MAM, for both
+ Message content, cached for 7 days in MAM, for both
private messages and group chats (MUCs).
-
- Connection and authentication logs are stored, which
+ Connection and authentication logs, which
includes connection IP.
- Legacy service XMPP bridges
- The legacy service XMPP bridges are hosted on a seperate
- server, not woofer.
+ Legacy service XMPP bridges
+
+ The legacy service XMPP bridges are hosted on a seperate
+ server, not woofer.
+
-
Provided credentials to authorize to the legacy service,
unencrypted.
-
- Legacy contacts get synced to the UNIX.dog XMPP server.
+ Legacy contacts, synced to the UNIX.dog XMPP server.
+
+ -
+ Messages are stored unencrypted on the XMPP
+ server, and are thus also cached in MAM for 7 days.
- Forgejo
+ Forgejo
- Any uploaded repositories.
- Error logs.
- E-Mail
+ E-Mail
E-Mail is an unencrypted protocol. Consider using PGP or
other encryption if you require secure communications.
@@ -291,11 +333,11 @@
- E-Mail content in your home directory.
- Authentication logs, including connection IP.
- - Transport logs, including source and destination email.
+ - Transport logs, including source and destination address.
- Error logs.
- Nextcloud
+ Nextcloud
- File content.
- Contacts and Calendar content.
@@ -303,7 +345,7 @@
- Error logs.
- Mumble
+ Mumble
- Client certificate public key, for authorization.
-
@@ -313,7 +355,7 @@
- Error logs.
- SSH
+ SSH
-
Authentication logs, which include connection IP,
@@ -321,7 +363,7 @@
- IPFS Upload Service
+ IPFS Upload Service
- Pinned CIDs, associated with a user.