CS.RIN.RU - Steam Underground Community

Cool members bookmark the index page.
It is currently Friday, 20 Apr 2018, 15:23

English | Русский

Post new topic This topic is locked, you cannot edit posts or make further replies.  [ 1 post ] 
Author Message

Post Post subject: Privacy Policy [last updated: 04.02.18]   
Posted: Sunday, 04 Feb 2018, 01:06   
User avatar
Joined: Tuesday, 15 Nov 2005, 17:09
Posts: 10799
Privacy Policy
For feedback, questions or any concerns regarding this policy, send a PM to RessourectoR or reply to this post.

This post is intended to inform users on

  • what kind of personal data is collected,
  • how long this data is stored,
  • who can access this data,
  • what users can do to control usage of their data.

04.02.18 - updated info on how to request account deletion
25.01.18 - update backup policy: database kept for 7 days
25.01.18 - policy only applies to forum
06.11.17 - removed liveinternet.ru counter
13.10.17 - webserver logs now kept for 7 days and securely deleted
03.04.17 - updated backup policy
02.04.17 - added HTTP referer to server log entries, removed [steaminfo] tag
10.03.17 - added info on Tapatalk emojis (they are always loaded, regardless of user display settings)
21.02.17 - updated tracking counters
29.01.17 - added info on editing posts
24.01.17 - first version


    This post is not legally binding. Improving user privacy and minimizing data collection is an ongoing effort. Due to our unique hosting situation, the practices outlined in this post are subject to change at any time, with or without previous notice. However, I (RessourectoR) promise to do my best to uphold the highest possible data protection standards, and to keep this post up-to-date with current practices. It is the goal of the forum administration to be as transparent as possible in this regard, in order to grant users the fullest feasible control over their personal data.
    Important: This policy only applies to the forum. The main site (http://engineeringtechnews.com) is hosted on a different server and not maintained by me.

What data is collected and stored? For how long is it stored?

    Server logs
      The web server logs every HTTP request made to the site. A log entry contains

      • the visitor's full IP address,
      • date and time of the request,
      • the exact URL (which may contain session IDs that identify a user account),
      • the [[Please login to see this link.]], which is essentially the URL of the site where the visitor has clicked a link to this forum,
      • the [[Please login to see this link.]] string (which may contain information about the client's web browser, operating system and some installed programs), if present.

      Server logs are kept for approximately 7 days, after which they are securely deleted.

    IP addresses and user agents
      IP addresses are stored in the forum database indefinitely, but as of January 1st, 2017, the last block (for IPv6 addresses, the last four blocks) is not recorded, and all addresses have been retroactively anonymized in this way. This provides users with plausible deniability, while preserving locational information for security purposes.
      Visitor sessions contain a user agent string (if available) and an anonymized IP address. Inactive sessions expire after one hour, but may be stored indefinitely within backups.

    Forum profile logs
      User profile changes are logged by the forum software. These logs contain anonymized IP addresses, as well as all e-mail addresses and usernames that have ever been associated with a specific account.
      These logs are kept indefinitely, unless the user requests them to be deleted.

    Forum ban lists and ban logs
      Ban lists may contain anonymized IP addresses and e-mail addresses, even belonging to user accounts that no longer exist. Ban lists are cleaned up regularly, but individual entries may be kept indefinitely. Banning and unbanning of usernames, e-mail addresses and anonymized IP addresses are also logged indefinitely.

    User-submitted data
      All (possibly) confidential data that is actively provided by a user, including but not limited to

      • e-mail addresses,
      • user preferences,
      • private messages,
      • attachments to private messages,
      • posts in private subforums,

      is stored in the forum database indefinitely. Account passwords are hashed with a salted MD5 function and are also stored indefinitely.

      Backups include the database, user avatars and attachments.
      On the web server, unencrypted database backups are stored for up to seven days, after which they are deleted and encrypted copies take their place for approximately one year. The encryption is done with GPG using AES-256, with the RSA decryption key not being stored on the server.
      Off-site, encrypted backups done by me (RessourectoR) are stored indefinitely for the database, and up to one year for avatars and attachments.
      Off-site backups made by the server owner are not encrypted and may be stored indefinitely; this is currently not known.
      All backups made prior to 2017 contain full (non-anonymized) IP addresses.

Who has access to the data?

  • The server owner and the server provider(s) have full access to all data, except for the backup decryption key.
  • I (RessourectoR) have full access to all data; specifically, all encrypted data, and most data that has been deleted from the server since 2007.
  • Forum administrators have access to forum logs, e-mail addresses, user preferences, anonymized IP addresses and session user agents.
  • English, Russian and Junior moderators have access to forum logs, e-mail addresses and anonymized IP addresses.
  • All current staff members have access to private messages that have been reported by users, even if the messages have been deleted by either sender or receiver.
  • All current staff members and some retired staff members have access to encrypted backups. This does not include the decryption key(s). Other trusted individuals may be granted access at the administration's discretion.
  • Upload Crew members have access to forum logs without e-mail addresses or IP addresses.
  • To the best of my knowledge, no one else has access (at least not intentionally).

Who is the data shared with?

    The forum staff, as listed in "Who has access to the data?", will never share any personal information with third parties without explicit permission from the affected user(s). It is theoretically possible that the server owner shares data with third parties, but there is currently no reason to assume this.

    The forum pages contain advertisement and tracking code from the following domains:

    • youlamedia.com (Google AdExchange, [[Please login to see this link.]]),
    • yandex.st (Yandex Share button, [[Please login to see this link.]]),
    • liveinternet.ru / counter.yadro.ru (visitor stats, policy unknown),
    • count.rin.ru / engineeringtechnews.com/counter (visitor stats, not third-party, policy unknown).

    Pages outside of /forum may contain additional advertisement and tracking code.

    The forum allows users to embed content from other websites, which may be loaded by the visitor's browser, by using BBCodes:

    • [img] for images from arbitrary sites,
    • [youtube] to embed videos from youtube.com.

    All these sites may collect information such as full IP addresses, browser configuration and visited pages. YouTube videos are embedded using the "privacy-enhanced mode" (youtube-nocookie.com), for which Google claims that no information on forum visitors is stored unless they play the video.

    The [[Please login to see this link.]] for mobile browsing potentially has full access to all user data and anonymized IP addresses (full IP addresses prior to 2017). The Tapatalk mobile application has access to full IP addresses. See Tapatalk's [[Please login to see this link.]] for more information. I (RessourectoR) have not thoroughly reviewed its code, but instead plan on removing Tapatalk in the long run. To the best of my knowledge, the addon does not collect any private information of forum users that do not use the mobile application. However, Tapatalk emojis are loaded from a remote site and always displayed in posts, regardless of user settings.

What control do users have over their data?

    Users can change their nickname and e-mail address, edit their own posts, delete any of their own posts not followed by replies from other users, and delete private messages. Furthermore, they can request removal of

    • a small number of specific posts,
    • profile or ban logs of previous nicknames and e-mail addresses,
    • their entire account.

    Only accounts with very low post count (below 15 posts) and spambot accounts are eligible for deletion. Whether an account or specific posts are eligible for deletion is decided on a case-by-case basis, usually depending on how disruptive it would be to delete them. When an account is deleted, all data associated with it is removed from the database, except for

    • usernames in message quotes (as also occurs after account renaming),
    • usernames and e-mail addresses in ban lists and ban logs (if applicable),
    • contents of private messages sent to other users that have already been read,
    • the current username, which is contained in a log entry for account deletion.

    Accounts can also be merged, if some kind of proof of ownership is provided.
    Any data removal or account merging requests can be sent to RessourectoR via private message. In your request, please state exactly what you want removed. If you cannot send PMs, create a topic in the "Off Topic" section or post a message to the shoutbox. If your account is banned, you have to register a new account and request a temporary unban in the same way first. This will be improved in the future.

    Users can protect against tracking by blocking scripts from all domains other than engineeringtechnews.com and by blocking images from count.rin.ru, engineeringtechnews.com/counter and counter.yadro.ru when visiting the forum. Additionally, images and videos in posts, private messages and signatures can be replaced by links using the display options for images and Flash (even if the videos are not Flash-based).
    For privacy-conscious users, usage of the Tapatalk mobile application is strongly inadvisable, for the reasons already stated under "Who is the data shared with?". To block Tapatalk emojis, users can block emoji.tapatalk-cdn.com.

- End of privacy policy -

Display posts from previous:  Sort by  
Post new topic This topic is locked, you cannot edit posts or make further replies.  [ 1 post ] 

Who is online

Users browsing this forum: No registered users and 1 guest

Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Powered by phpBB® Forum Software © phpBB Group