Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
Jabber Privacy Policy
PSJB.ME public Jabber service privacy policy
Please read and understand the details described in this privacy policy.
Due to the location of the server and citizenship of the operator, this server is subject to the laws and regulations of the United States of America. Consider connecting through our Tor hidden service, and using OTR if you register an account on this server. If the policies and behavior of the United States government or this server concern you, you may wish to create an account on another Public XMPP Server hosted in a jurisdiction.
This page attempts to describe what personal information this jabber server stores about you. If you have any questions, please don't hesitate to contact me.
By default, the server stores the following data about you:
- The Jabber ID (jid), consisting of user name and domain, used for identifying your account.
- The password to your account for authorization when your client connects to the server. The password is stored as a SCRAM-SHA1 hash.
- The saved contacts (or the "Roster") of a user, plus information about the visibility between this account and the contacts. This ensures that your buddy list stays the same, no matter which client you are using.
- "Offline messages" (that are sent while the other party is offline) are wiped every 72hrs, if the other party does not log in again to receive it, along with the time the message was sent. (This is to prevent potential plain text messages from laying around)
If an error occurs while delivering messages, we save a log entry detailing who sent the message to whom at which point of time and why it failed. The actual content of the message is not a part of that entry. We only need the metadata to determine the root of the problem.
System Log files are only used for diagnostic purposes, and are only retained for 7 days.
Additionally, a Jabber client may store data on the server. If that data is accessible to others (like a vCard which contains contact details or photos) or accessible only to you (like configuration settings for a Jabber client) lies in the hand of the client you use.
The Jabber service itself does not store any regular connection information. This means we will never be able to tell in hindsight where you connected from.
However, the account registration process does notify the admins of the IP-Address used for registering an account, but only to help detecting automated registrations.
The webserver that serves this website keeps access logs that are stored for up to four weeks.
This includes access to HTTP based Jabber-services, e.g. web presence and any BOSH connections (usually done by web clients).
What happens to that data?
The Jabber IDs (JID) of users will not be published.
The information about our users are neither being used commercially nor sold or otherwise made available to third parties. No advertisements are being sent to the users of this service.
When a user stores data (specifically the vcard) to make it available to others it can be retrieved by those other users, so remember the only information that can be used, is provided by you the user.
Messages sent from a user to another one connected to a different server may be sent to the latter entity. How data is being treated at the receiving end can differ from what is described in this document. The same holds true for information the user has selected for display to other users or all users (e.g. information about the online status/the presence).
Users of gateways to other IM networks may find that the preservation of his/her privacy also depends on the other system. Specifically, some other systems allow third parties to see the presence/online status of users without their confirmation.
The Jabber server does not report the IP addresses of users to other users. All communication using the Jabber protocol (XMPP) takes place with the server as a middleman. Clients can, however, exchange IP addresses, for instance before starting a file transfer. The server will neither examine those addresses nor forward them to third parties.
Who can access this data?
Me and only me...
The server is hosted on a Virtual Machine in the United States utilizing snapshots to minimize backups. Any backups are stored using industry-standard mechanisms; specifically Advanced Encryption Standard (AES). Exercise best practices for roster management and always use OTR on this, or any, XMPP service.
Is SSL supported?
The cipher suite used is fixed by the service and will only accepts TLS 1.x connections. Based on the decision of the prosody team outlined here: http://blog.prosody.im/prosody-0-9-2-released/ , Perfect Forward Secrecy is supported although not enforced.
To ensure end-to-end confidentiality and integrity, use OTR as added protection when using this service. Also, consider connecting with Tor through our hidden service.
Although encryption is required for s2s and c2s connections, the connection between your roster buddies and their server may be in cleartext (due to the other user not using SSL). The same holds true for messages that need to be transmitted to other Jabber servers or other IM systems. In that case, it is recommended to use end-to-end encryption of single messages. Some clients can enable this behavior by using PGP, GnuPG or OTR; in this case, the message is also not comprehensible on the Jabber server itself.
I forgot my password! How do I recover my account?
You don't, Since I can not validate the identity of any given user based on the limited amount of data I have... you are on your own.
Sauce
This policy was originally shamelessly based on the policy of wtfismyip.com, who shamelessly copied it from jabber.at, who shamelessly copied it from web.jabber.ccc.de.
Questions?
Please contact mail[at]psjb.me or reach me on Twitter @psjbeisler
Feel free to compare the score of this server to others via the Public Directory https://xmpp.net/directory.php
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment