Caveat: security & privacy

6 November 2009 Comments Off on Caveat: security & privacy

This post is intended for the information of all users of this site. Its contents have been divided into three sections:

  1. internet browsers (ex. Chrome, Firefox, Internet Explorer, Opera, Safari)
  2. internet service providers (ex., here in Canada: Bell, Rogers, Shaw, Telus; and UBC’s “visitor” and “secure” services)
  3. WordPress

Last revised/updated: 2013-04-09.

1. INTERNET BROWSERS

Visitors who do not wish to have cookies placed on their computers should set their browsers to refuse cookies before using this site. All the browsers with which I’m familiar or use regularly allow you, the user, to do this. Some suggestions for further reference:

  • Safari
    • Safari privacy and security: including blocking cookies by default, accepting them only from sites you visit; a “do not track” feature; and a “remove all website data” feature (all in the “Privacy” panel, once you’re using Safari)

2. SERVICE PROVIDERS

2A. GENERAL LEGAL CONSIDERATIONS

All the service providers with which I am familiar and/or have dealings collect IP addresses. Some collect more information. This is usually part of your Terms Of Service: that is, the contract that you have entered into with your service provider; by which they provide you with a service, and in return you pay them money and do not engage in illegal behaviour. The collection of IP addresses is a legal measure,  and (in theory etc.) a measure against criminal activities; be that preventative or for use in evidence if and when a crime has been committed, warrants issued, etc. “Legal” = applicable Canadian federal, provincial, and local laws and statutes, including:

There are legal limits to the collection, storage, use, and sharing of data: both personally-identifying data (your name, address, date of birth, photo, etc.) and IP addresses. Here in British Columbia, such activities are governed by the B.C. Freedom of Information and Protection of Privacy Act (FIPPA) and the Personal Information Protection Act (PIPA):

In other jurisdictions, other laws apply.

2B. UBC IT

If you are at UBC and using either the UBC Visitor wireless network or the UBC Secure one (faculty, staff, students): UBC IT acts as an intermediary here, on behalf of an external service provider. At the time of writing, this was Telus. Use of the UBC internet service is subject to terms and conditions, in addition to the usual internet provider ones. This includes the recording of IP addresses and the tracking of internet use / websites visited. How this information is used, for how long it is kept, and its archiving are unknowns at the time of writing; for further information, please contact UBC IT directly. In the act of using UBC’s internet service(s), you have agreed to conditions of its use. (Tangential side-note: for linguists, philologists, and philosophers: this is conceptually/academically interesting.) In the words of UBC IT’s page on Appropriate Use—excerpts, as most of the rest of that page is intended for system administrators and others who run and maintain websites (such as O’Brien here, for her teaching sites on UBC Blogs and Connect)—:

Your acceptance is implicit in your use of Virtual Server Services. […]

The user bears the primary responsibility for the material that he or she chooses to access, send or display. The computer facilities may not be used in any manner which contravenes the above policies, laws or statutes.

Those who do not adhere to these guidelines may be subject to suspension of computing privileges.

Use of Virtual Server Services denotes that the user takes responsibility for reading and understanding the guidelines as outlined here, and also denotes acceptance of the terms of use.

As for those “guidelines” and “terms of use”: if you are associated with UBC and using the internet on campus as part of work (faculty, staff, students): your use is also subject to further following rules, rights, and responsibilities.

From UBC IT’s page on Appropriate Use:

The computing and communications facilities and services provided by UBC are primarily intended for teaching, research, and administrative purposes. Their use is governed by all applicable University policies, including:

From UBC IT’s Information Security Office: Security Policies page and their Privacy page—University Policies #104 & #106 are the key items here—:

UBC Policy #104 Responsible Use of Information Technology Facilities and Services

This policy applies to faculty, staff and students and is intended for the general support of and to provide a foundation for responsible use of UBC’s information technology facilities.

UBC Policy #106 Access to and Security of Administrative Information Systems

This policy applies to the use [of] and access [to] Administrative Systems and Administrative Data by faculty, staff, and students.

Email and Privacy Legislation

View responses (PDF) to the questions that have been asked with respect to the Freedom of Information and Protection of Privacy Act (“FIPPA”) and email.

Learn more about Information and Privacy by visiting the Privacy section of the Office of the University Counsel

Some more on the terms of service/use for the UBC internet services:

3. WORDPRESS

This site is hosted by WordPress. It is possible that WordPress may collect (limited) statistical data on views of this site. Further information follows below, cited verbatim from WordPress’s own documentation (last retrieved: 2013-04-09).

This site carries no advertisements; Juliet O’Brien personally pays filthy hard lucre every year for this “ad-free” premium.

3A. WORDPRESS SUPPORT: PRIVATE USER DATA

In general, we keep the following private data about WordPress.com sites and users (we may have additional information for premium users as set forth in our privacy policy):

  • The email address used to create a blog
  • The IP address from which the blog was created
  • The date and time when a blog was created
  • The IP addresses from which blog posts have been published
  • The email and IP addresses of anyone who has left a comment on a blog
  • Other information disclosed in our privacy policy

This is a small amount of data compared to other internet service providers (we generally do not keep access logs, user names and addresses, etc). This data is covered by our privacy policy, which means that it is accessible to our employees and contractors, and to lawyers, courts, and government agencies – provided they comply with our policies for requesting such information (which may be found in our Legal Guidelines).

3B. WORDPRESS SUPPORT: LEGAL GUIDELINES

Most of the information here relates to people who administer sites and/or write them—i.e. Juliet O’Brien, for ex. writing this present post—and comment on them—ex. commenting on this present post. I have excerpted the information that pertains to other readers and users of a WordPress site; for the full version, please clink the underlined highlighted “legal guidelines” link above.

These guidelines are intended for lawyers or government officials who seek information about a WordPress.com user or action against a resource hosted on our network.

What User Information Does WordPress.com Track?

WordPress.com collects certain information from users and commenters.  Our Privacy Policy describes the information that we collect in more detail.

The verified information we collect is:

  • The email address that is currently assigned to a site owner
  • The IP address from which a site was created
  • The date and time (UTC) at which a site was created
  • The PayPal transaction information for any upgrades that are purchased for a site (this does not include credit card, bank account, or address information)
  • IP address and user-agent for any post or revision on a site
  • Email address and IP address for any comment posted on a site

Before revealing any of this information to a party that is not the owner of the account, we require either a validly issued subpoena, warrant or court order that specifically requests it.  More information on our requirements for releasing private user information can be found below. […]

3C. WORDPRESS/AUTOMATTIC PRIVACY POLICY

NB: please note that IP addresses and other non-personally-identifying information is only collected for people writing on a site: i.e. Juliet O’Brien and any commenters. 
For people visiting, viewing, and reading the site, the following information is collected: the browser type, language preference, referring site, and the date and time of each visitor request.
As before, I have excerpted information pertaining to “passive” site visitors: you, gentle reader.

Your privacy is critically important to us. At Automattic we have a few fundamental principles:

  • We don’t ask you for personal information unless we truly need it. (We can’t stand services that ask you for things like your gender or income level for no apparent reason.)
  • We don’t share your personal information with anyone except to comply with the law, develop our products, or protect our rights.
  • We don’t store personal information on our servers unless required for the on-going operation of one of our services.
  • In our blogging products, we aim to make it as simple as possible for you to control what’s visible to the public, seen by search engines, kept private, and permanently deleted.

Below is our privacy policy which incorporates these goals: (Note, we’ve decided to make this privacy policy available under a Creative Commons Sharealike license, which means you’re more than welcome to steal it and repurpose it for your own use, just make sure to replace references to us with ones to you, and if you want we’d appreciate a link to Automattic.com somewhere on your site. We spent a lot of money and time on the below, and other people shouldn’t need to do the same.)

If you have questions about deleting or correcting your personal data please contact our support team.

Automattic Inc. (“Automattic”) operates several websites including automattic.comwordpress.comgravatar.com,intensedebate.com, and akismet.com. It is Automattic’s policy to respect your privacy regarding any information we may collect while operating our websites.

Website Visitors

Like most website operators, Automattic collects non-personally-identifying information of the sort that web browsers and servers typically make available, such as the browser type, language preference, referring site, and the date and time of each visitor request. Automattic’s purpose in collecting non-personally identifying information is to better understand how Automattic’s visitors use its website. From time to time, Automattic may release non-personally-identifying information in the aggregate, e.g., by publishing a report on trends in the usage of its website.

Automattic also collects potentially personally-identifying information like Internet Protocol (IP) addresses for logged in users and for users leaving comments on WordPress.com blogs. Automattic only discloses logged in user and commenter IP addresses under the same circumstances that it uses and discloses personally-identifying information as described below, except that blog commenter IP addresses are visible and disclosed to the administrators of the blog where the comment was left.

Gathering of Personally-Identifying Information

Certain visitors to Automattic’s websites choose to interact with Automattic in ways that require Automattic to gather personally-identifying information. The amount and type of information that Automattic gathers depends on the nature of the interaction. For example, we ask visitors who sign up for a blog at WordPress.com to provide a username and email address. Those who engage in transactions with Automattic – by purchasing access to the Akismet comment spam prevention service, for example – are asked to provide additional information, including as necessary the personal and financial information required to process those transactions. In each case, Automattic collects such information only insofar as is necessary or appropriate to fulfill the purpose of the visitor’s interaction with Automattic. Automattic does not disclose personally-identifying information other than as described below. And visitors can always refuse to supply personally-identifying information, with the caveat that it may prevent them from engaging in certain website-related activities.

NB: this present site has been set up so that there are no such “website-related activities” that require someone to provide any such information, with one exception: contacting the ERS, leaving general comments on the virtual feedback form, and subscribing to automatized updates. On all of which, see: About the Cluster.

Cookies

A cookie is a string of information that a website stores on a visitor’s computer, and that the visitor’s browser provides to the website each time the visitor returns. Automattic uses cookies to help Automattic identify and track visitors, their usage of Automattic website, and their website access preferences. Automattic visitors who do not wish to have cookies placed on their computers should set their browsers to refuse cookies before using Automattic’s websites, with the drawback that certain features of Automattic’s websites may not function properly without the aid of cookies.

3D. WORDPRESS SUPPORT: IP ADDRESSES

NB: please note that this means that WordPress does record IP addresses for all users, including all readers: from occasional visitors to regulars…

An IP address is your address on the internet and is used to route all traffic between your computer and the websites and other internet services that you use. When you use WordPress.com we record your IP address, whether you are adding a post, a comment, or just reading an article.

Please read our privacy policy regarding the collection of IP addresses.

Comments are closed.

What’s this?

You are currently reading Caveat: security & privacy at UBC Early Romance Studies Research Cluster.

meta

%d bloggers like this: