Browse Source

remove dns from privacy policy

master
Amolith 3 weeks ago
parent
commit
1b5382d4c9
Signed by: Amolith GPG Key ID: 5548AD9930655715
  1. 19
      privacy-policy.md

19
privacy-policy.md

@ -27,25 +27,8 @@ Your web browser communicates uniquely identifying information to all websites i
## Usage and storage of collected information
Whatever data is collected is stored on servers I have sole control over and it won't be shared with any third parties whatsoever.
## DNS services
In short:
* Haproxy TCP/HTTP logs are disabled. No IP addresses are collected.
* Unbound debug logs are enabled (verbosity: 1).
* Query amounts coming specifically from the DNS-over-TLS server aren't counted.
* Website/DNS-over-HTTPS gateway's NGINX logs are disabled.
To elaborate on Unbound's verbosity, if you have it installed, you can run `man unbound.conf`, search `verbosity` and read it yourself. More human-readably . . .
* Level 0 only outputs **errors**
* Level 1 gives **high-level operational information** (debug logs)
* Level 2 gives **detailed debug logs**
* Level 3 shows the admin what **queries** are going through Unbound
* Level 4 gives lower-level **algorithm** information
* Level 5 logs **client** information
There's no warranty, no uptime assurance, etc. so I recommend using multiple [resolvers](https://wiki.lelux.fi/dns/resolvers); that also improves privacy because the DNS queries are spread across multiple providers
# Exceptions
I do live in the US; I have three servers here, three in Germany, and another in Luxembourg. If, for whatever reason, I'm compelled by law enforcement to give up your email, IP address, or any other information, I will even though *I don't want to*. As such, I do whatever I can to make sure *I don't have that information*. If I don't have it, I can't share it.
I do live in the US; I have two servers here, one in Finland, and another in Luxembourg. If, for whatever reason, I'm compelled by law enforcement to give up your email, IP address, or any other information, I will even though *I don't want to*. As such, I do whatever I can to make sure *I don't have that information*. If I don't have it, I can't share it.
# Recommendations
To mitigate invasions of privacy like this, use a throwaway email address for registration, such as one from [anonbox](https://anonbox.net/) if you want a temporary address or [cock.li](https://cock.li/) for something a bit more permanent. Also provide a [fake name](https://fakena.me/fake-name/) and use the service from behind [Tor](https://www.torproject.org/) or a VPN. Rather than a VPN, however, I *strongly* recommend using Tor across all devices. They have an [Android version](https://www.torproject.org/download/#android) now and there's another browser they recommend for iOS called [Onion Browser](https://apps.apple.com/us/app/onion-browser/id519296448). I don't use iOS so I can't say whether or not it's any good, just that the Tor Project recommends it.

Loading…
Cancel
Save