Update formatting and some clarifications
This commit is contained in:
parent
64f14a17ca
commit
92cd895151
|
@ -116,15 +116,26 @@
|
||||||
data in any commercial capacity, and only stores data
|
data in any commercial capacity, and only stores data
|
||||||
necessary for service operation or security and auditing.
|
necessary for service operation or security and auditing.
|
||||||
</p>
|
</p>
|
||||||
|
<p>
|
||||||
|
Much of the data is stored unencrypted due to the nature of
|
||||||
|
the services provided. Remember that while there are access
|
||||||
|
controls, the best way to safeguard your data is to encrypt
|
||||||
|
it yourself.
|
||||||
|
</p>
|
||||||
<p>
|
<p>
|
||||||
If you are concerned or believe that there is something
|
If you are concerned or believe that there is something
|
||||||
missing here, please reach out via email or XMPP.
|
missing here, please reach out via email or XMPP.
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
|
<h3>
|
||||||
|
Data Accessible to the World
|
||||||
|
</h3>
|
||||||
<p>
|
<p>
|
||||||
The following data is made accessible to the world.
|
The following data is publicly accessible by anyone with an
|
||||||
|
internet connection.
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
<h3>LDAP</h3>
|
<h4>LDAP</h4>
|
||||||
<ul>
|
<ul>
|
||||||
<li>Chosen username.</li>
|
<li>Chosen username.</li>
|
||||||
<li>Personal information given on the account page.</li>
|
<li>Personal information given on the account page.</li>
|
||||||
|
@ -132,7 +143,7 @@
|
||||||
<li>Login shell.</li>
|
<li>Login shell.</li>
|
||||||
</ul>
|
</ul>
|
||||||
|
|
||||||
<h3>XMPP</h3>
|
<h4>XMPP</h4>
|
||||||
<p>Privacy settings can be configured with supported XMPP
|
<p>Privacy settings can be configured with supported XMPP
|
||||||
clients.</p>
|
clients.</p>
|
||||||
<ul>
|
<ul>
|
||||||
|
@ -146,13 +157,13 @@
|
||||||
</li>
|
</li>
|
||||||
</ul>
|
</ul>
|
||||||
|
|
||||||
<h3>Mumble</h3>
|
<h4>Mumble</h4>
|
||||||
<ul>
|
<ul>
|
||||||
<li>Chosen username.</li>
|
<li>Chosen username.</li>
|
||||||
<li>User channel info, if created.</li>
|
<li>User channel info, if created.</li>
|
||||||
</ul>
|
</ul>
|
||||||
|
|
||||||
<h3>E-Mail</h3>
|
<h4>E-Mail</h4>
|
||||||
<p>
|
<p>
|
||||||
Filters are not applied to outgoing mail. The following may
|
Filters are not applied to outgoing mail. The following may
|
||||||
be included in the e-mail headers:
|
be included in the e-mail headers:
|
||||||
|
@ -165,7 +176,7 @@
|
||||||
<li>Sender client identification string.</li>
|
<li>Sender client identification string.</li>
|
||||||
</ul>
|
</ul>
|
||||||
|
|
||||||
<h3>Akkoma</h3>
|
<h4>Akkoma</h4>
|
||||||
<p>Akkoma has built-in privacy settings.</p>
|
<p>Akkoma has built-in privacy settings.</p>
|
||||||
<ul>
|
<ul>
|
||||||
<li>
|
<li>
|
||||||
|
@ -180,11 +191,13 @@
|
||||||
</li>
|
</li>
|
||||||
</ul>
|
</ul>
|
||||||
|
|
||||||
<h3>IPFS</h3>
|
<h4>IPFS</h4>
|
||||||
<p>Due to the nature of IPFS, uploaded data can be accessed by
|
<p>
|
||||||
anyone with the CID.</p>
|
Due to the nature of IPFS, uploaded data can be accessed by
|
||||||
|
anyone with the CID.
|
||||||
|
</p>
|
||||||
|
|
||||||
<h3>Nextcloud</h3>
|
<h4>Nextcloud</h4>
|
||||||
<p>Nextcloud has built in privacy settings.</p>
|
<p>Nextcloud has built in privacy settings.</p>
|
||||||
<ul>
|
<ul>
|
||||||
<li>
|
<li>
|
||||||
|
@ -194,17 +207,21 @@
|
||||||
<li>Files shared publicly.</li>
|
<li>Files shared publicly.</li>
|
||||||
</ul>
|
</ul>
|
||||||
|
|
||||||
<h3>Shell access</h3>
|
<h4>Shell access</h4>
|
||||||
<p>
|
<p>
|
||||||
Files located under ~/public are accessible to the world, as
|
Files located under ~/public are accessible to the world, as
|
||||||
determined by their UNIX permissions.
|
determined by their UNIX permissions.
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
<p>
|
<h3>
|
||||||
The following information is stored by the services, and
|
Data Accessible to UNIX.dog Users
|
||||||
accessible by users on UNIX.dog.
|
</h3>
|
||||||
</p>
|
<p>
|
||||||
<h3>Shell access</h3>
|
The following data can be accessed by people with a
|
||||||
|
registered UNIX.dog account.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<h4>Shell access</h4>
|
||||||
<ul>
|
<ul>
|
||||||
<li>Last login times and IP, via WTMP logs.</li>
|
<li>Last login times and IP, via WTMP logs.</li>
|
||||||
<li>
|
<li>
|
||||||
|
@ -224,66 +241,91 @@
|
||||||
</li>
|
</li>
|
||||||
</ul>
|
</ul>
|
||||||
|
|
||||||
|
<h3>
|
||||||
|
Data Accessible to Administrators
|
||||||
|
</h3>
|
||||||
<p>
|
<p>
|
||||||
The following information is stored by the services, and
|
The following data is stored on the server, and is thus
|
||||||
accessible to administrators.
|
accessible by administrators.
|
||||||
</p>
|
|
||||||
<h3>HTTP</h3>
|
|
||||||
<p>
|
|
||||||
The HTTP server stores access logs, including source IP and
|
|
||||||
headers.
|
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
<h3>LDAP</h3>
|
<h4>HTTP</h4>
|
||||||
<p>
|
<ul>
|
||||||
The LDAP server stores no logs. It does store the data
|
<li>
|
||||||
mentioned in previous sections.
|
Access logs, which include source IP, request headers,
|
||||||
</p>
|
request path, and time.
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
Request data (i.e. POST or form data) is not
|
||||||
|
logged.
|
||||||
|
</li>
|
||||||
|
</ul>
|
||||||
|
|
||||||
<h3>Akkoma</h3>
|
<h4>LDAP</h4>
|
||||||
<p>
|
<ul>
|
||||||
The Akkoma server stores only error logs. Any data uploaded
|
<li>Password hashed with Argon2ID.</li>
|
||||||
to the Akkoma server (including post and DM content)
|
</ul>
|
||||||
is accessible by administrators. Please
|
|
||||||
keep in mind that ActivityPub is not a secure protocol, and
|
|
||||||
should not be used for sensitive communications.
|
|
||||||
</p>
|
|
||||||
|
|
||||||
<h3>XMPP</h3>
|
<h4>Akkoma</h4>
|
||||||
<p>If you use OMEMO encryption, message content is encrypted.</p>
|
<p>
|
||||||
|
ActivityPub is not a secure protocol, and
|
||||||
|
should not be used for sensitive communications. Post
|
||||||
|
content can be deleted if needed, but posts could still
|
||||||
|
exist on other servers because of the nature of federation.
|
||||||
|
</p>
|
||||||
|
<ul>
|
||||||
|
<li>
|
||||||
|
Post and DM content, regardless of post visibility
|
||||||
|
setting.
|
||||||
|
</li>
|
||||||
|
<li>Error logs.</li>
|
||||||
|
</ul>
|
||||||
|
|
||||||
|
<h4>XMPP</h4>
|
||||||
|
<p>
|
||||||
|
If you use OMEMO encryption, message content is encrypted.
|
||||||
|
XMPP is also a federated protocol, so your data may be exposed
|
||||||
|
and stored on the server of the contacts you communicate with.
|
||||||
|
</p>
|
||||||
<ul>
|
<ul>
|
||||||
<li>Your XMPP roster.</li>
|
<li>Your XMPP roster.</li>
|
||||||
<li>Uploaded files are published at an obfuscated URL.</li>
|
<li>Uploaded files, published at an obfuscated URL.</li>
|
||||||
<li>
|
<li>
|
||||||
Message content is cached for 7 days in MAM, for both
|
Message content, cached for 7 days in MAM, for both
|
||||||
private messages and group chats (MUCs).
|
private messages and group chats (MUCs).
|
||||||
</li>
|
</li>
|
||||||
<li>
|
<li>
|
||||||
Connection and authentication logs are stored, which
|
Connection and authentication logs, which
|
||||||
includes connection IP.
|
includes connection IP.
|
||||||
</li>
|
</li>
|
||||||
</ul>
|
</ul>
|
||||||
|
|
||||||
<h3>Legacy service XMPP bridges</h3>
|
<h4>Legacy service XMPP bridges</h4>
|
||||||
<p>The legacy service XMPP bridges are hosted on a seperate
|
<p>
|
||||||
server, not woofer.</p>
|
The legacy service XMPP bridges are hosted on a seperate
|
||||||
|
server, not woofer.
|
||||||
|
</p>
|
||||||
<ul>
|
<ul>
|
||||||
<li>
|
<li>
|
||||||
Provided credentials to authorize to the legacy service,
|
Provided credentials to authorize to the legacy service,
|
||||||
unencrypted.
|
unencrypted.
|
||||||
</li>
|
</li>
|
||||||
<li>
|
<li>
|
||||||
Legacy contacts get synced to the UNIX.dog XMPP server.
|
Legacy contacts, synced to the UNIX.dog XMPP server.
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
Messages are stored unencrypted on the XMPP
|
||||||
|
server, and are thus also cached in MAM for 7 days.
|
||||||
</li>
|
</li>
|
||||||
</ul>
|
</ul>
|
||||||
|
|
||||||
<h3>Forgejo</h3>
|
<h4>Forgejo</h4>
|
||||||
<ul>
|
<ul>
|
||||||
<li>Any uploaded repositories.</li>
|
<li>Any uploaded repositories.</li>
|
||||||
<li>Error logs.</li>
|
<li>Error logs.</li>
|
||||||
</ul>
|
</ul>
|
||||||
|
|
||||||
<h3>E-Mail</h3>
|
<h4>E-Mail</h4>
|
||||||
<p>
|
<p>
|
||||||
E-Mail is an unencrypted protocol. Consider using PGP or
|
E-Mail is an unencrypted protocol. Consider using PGP or
|
||||||
other encryption if you require secure communications.
|
other encryption if you require secure communications.
|
||||||
|
@ -291,11 +333,11 @@
|
||||||
<ul>
|
<ul>
|
||||||
<li>E-Mail content in your home directory.</li>
|
<li>E-Mail content in your home directory.</li>
|
||||||
<li>Authentication logs, including connection IP.</li>
|
<li>Authentication logs, including connection IP.</li>
|
||||||
<li>Transport logs, including source and destination email.</li>
|
<li>Transport logs, including source and destination address.</li>
|
||||||
<li>Error logs.</li>
|
<li>Error logs.</li>
|
||||||
</ul>
|
</ul>
|
||||||
|
|
||||||
<h3>Nextcloud</h3>
|
<h4>Nextcloud</h4>
|
||||||
<ul>
|
<ul>
|
||||||
<li>File content.</li>
|
<li>File content.</li>
|
||||||
<li>Contacts and Calendar content.</li>
|
<li>Contacts and Calendar content.</li>
|
||||||
|
@ -303,7 +345,7 @@
|
||||||
<li>Error logs.</li>
|
<li>Error logs.</li>
|
||||||
</ul>
|
</ul>
|
||||||
|
|
||||||
<h3>Mumble</h3>
|
<h4>Mumble</h4>
|
||||||
<ul>
|
<ul>
|
||||||
<li>Client certificate public key, for authorization.</li>
|
<li>Client certificate public key, for authorization.</li>
|
||||||
<li>
|
<li>
|
||||||
|
@ -313,7 +355,7 @@
|
||||||
<li>Error logs.</li>
|
<li>Error logs.</li>
|
||||||
</ul>
|
</ul>
|
||||||
|
|
||||||
<h3>SSH</h3>
|
<h4>SSH</h4>
|
||||||
<ul>
|
<ul>
|
||||||
<li>
|
<li>
|
||||||
Authentication logs, which include connection IP,
|
Authentication logs, which include connection IP,
|
||||||
|
@ -321,7 +363,7 @@
|
||||||
</li>
|
</li>
|
||||||
</ul>
|
</ul>
|
||||||
|
|
||||||
<h3>IPFS Upload Service</h3>
|
<h4>IPFS Upload Service</h4>
|
||||||
<ul>
|
<ul>
|
||||||
<li>Pinned CIDs, associated with a user.</li>
|
<li>Pinned CIDs, associated with a user.</li>
|
||||||
</ul>
|
</ul>
|
||||||
|
|
Loading…
Reference in New Issue