TY!
Those access logs are kept for 7 days on the server.
Yes, I think it's good in general but I missed that the Discourse logs (production.log
) are also recording access logs with IPs, so the redaction we're doing at the nginx proxy level is moot, unfortunately.
There's been past discussion on the Discourse forum about this [0] but the options highlighted don't seem appealing, they either involve modifying Discourse itself (and/or its dependencies), which is a non-starter, or changing the IP to a random one at the proxy level, which will mess with the built-in anti-abuse and rate-limiting.
[0] https://meta.discourse.org/t/possible-to-not-log-user-ip-addresses/46502
@lavamind, could you review the updated privacy policy and see if something technical is missing?
Due the ongoing issue with Fastly front domains (tpo/anti-censorship/team#135), and while it's not fixed on Tor Browser built-in bridge, let's create a template to help users from China to circumvent censorship with Snowflake.
I created a draft, but maybe we want to add the bridge-moji and other instructions?
https://rt.torproject.org/Articles/Article/Display.html?id=252
wdyt, @ebanam?
Done!
@ebanam let's add this snowflake bridge too:
snowflake 192.0.2.4:80 8838024498816A039FCBBAB14E6F40A0843051FA fingerprint=8838024498816A039FCBBAB14E6F40A0843051FA url=https://1098762253.rsc.cdn77.org fronts=docs.plesk.com ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.net:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn
Sounds good. I have modified the template with the updated instructions about connecting with snowflake.
I'll remove Google/AMP cache from the template: https://blocky.greatfire.org/detail/1074/http%3A%2F%2Fwww.google.com
Due the ongoing issue with Fastly front domains (tpo/anti-censorship/team#135), and while it's not fixed on Tor Browser built-in bridge, let's create a template to help users from China to circumvent censorship with Snowflake.
I created a draft, but maybe we want to add the bridge-moji and other instructions?
https://rt.torproject.org/Articles/Article/Display.html?id=252
wdyt, @ebanam?
Here is a draft:
# Tor Forum Privacy Policy
We are committed to protecting your privacy and handling your data in an open and transparent manner. This privacy policy sets out how we collect, use, store, and protect your personal information when you use our forum.
The Tor Forum is hosted by the Tor Project [sysAdmin Team](https://gitlab.torproject.org/tpo/tpa/team), and the service privacy policy is displayed below.
### What Information Do We Collect?
We collect information from you when you register on our site and gather data when you participate in the forum by reading, writing, and evaluating the content shared here.
When registering on our site, you may be asked to enter your name and e-mail address. You may, however, visit our site without registering. Your e-mail address will be verified by an email containing a unique link. If that link is visited, we know that you control the e-mail address.
When registered and posting, we record the IP address that the post originated from. We also may retain server logs which include the IP address of every request to our server.
Other information that we may collect:
* Your name, title, location, and any other information you choose to provide in your user profile.
* At the server level, our app container webserver collects access logs for operational purposes, but we anonymize these logs by removing IP addresses to protect your privacy. * In the case of errors, we may collect IP information, which is rotated regularly: 2 weeks for webserver logs and 1 month for application logs.
### Use of Your Information
Any of the information we collect from you may be used in one of the following ways:
* To improve our site - we continually strive to improve our site offerings based on the information and feedback we receive from you.
* To improve our user support - your information helps us to more effectively respond to your user support needs.
* To improve our forum, products and the services we offer based on feedback and interactions.
* To communicate with you, including sending notifications and responses to your inquiries.
### How do we protect your information?
We implement a variety of security measures to maintain the safety of your personal information when you enter, submit, or access your personal information.
* We collect only the minimum amount of information necessary for the forum to function and for us to address any issues.
* Access to your personal data is limited to trusted individuals and Tor core contributors with administrator-level access.
* We employ security measures to protect your information and keep our systems up-to-date.
### What is your data retention policy?
We retain the personal information you provide in your user profile for an undefined amount of time, as well as the IP addresses used for registration and last login. Backup retention details are managed according to our internal policies, and specific inquiries can be directed to Tor Project sysAdmin Team for more information.
If you wish to delete your forum account, we offer an anonymization option that removes all personal information from your account but retains your posts to preserve the integrity of forum discussions.
### Do we use cookies?
Yes. Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your Web browser (if you allow). These cookies enable the site to recognize your browser and, if you have a registered account, associate it with your registered account.
We use cookies to understand and save your preferences for future visits and compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future.
### Do we disclose any information to outside parties?
We do not sell, trade, or transfer your personally identifiable information to outside parties. We may release information when necessary to comply with the law, enforce our policies, or protect our or others' rights, property, or safety.
### Third-party links
Our forum may include or offer third-party products or services, for example, GitHub and Discord sign ups. These have separate and independent privacy policies, and we have no responsibility or liability for their content or activities.
### Children’s Online Privacy Protection Act Compliance
Our services are directed to people who are at least 13 years old. If you are under 13, do not use this forum in compliance with COPPA.
### Online Privacy Policy Only
This policy applies only to information collected through our forum and not to information collected offline.
### Your Consent
By using our forum, you consent to this privacy policy.
### Changes to Our Privacy Policy
We reserve the right to update or change our privacy policy at any time. Changes will be posted on this page, with the updated effective date.
This document is CC-BY-SA. It was last updated on 2024-03-01.