Privacy Policy

This site is maintained by the Center for Democracy & Technology. If you have any concerns about this policy, please contact CDT via our feedback page (https://www.cdt.org/contact) or call (202) 637-9800. We can also be reached at 1634 Eye Street NW, Suite 1100, Washington DC 20006.

This Privacy Policy covers privacymsh.org, as well as other CDT-created or CDT-maintained sites that link directly to this Policy. Such other sites may also provide supplemental information in a site-specific policy.

What information does CDT automatically collect when you visit our Web site?

When you visit any Web page hosted at our Web site, we may record the following information about you in our log files:

  • Internet Protocol (IP) address - The address of your computer on the Internet. Your IP address gets transmitted whenever you communicate online or surf the Web so that the content you are looking at and the people you are talking to can find your computer on the network.
  • Browser type, version, and operating system –Knowing the browsers (for example, Internet Explorer 7 or Firefox 3.5.3) and operating systems (for example Windows XP or Mac OS X) used by our visitors helps us optimize the display and delivery of our site for visitors accessing it from differing software platforms.
  • Screen size - Knowing the screen sizes used by our visitors helps us optimize the display and delivery of our site for visitors.
  • Technologies supported by your browser for Java, Adobe Flash, Adobe Director, and Adobe PDF, and the audio formats supported by your browser for RealPlayer, QuickTime, and Windows Media Player – Knowing the formats supported by visitors’ browsers helps us optimize the content on our site for visitors accessing it with different browser configurations.
  • URL of the page that directed you to our site – If you arrive at our Web site through a link on another Web site - a blog, newspaper article, or search engine, for example - our Web server will record the address of the Web page that referred you to our site. If you arrive at our Web site by clicking on a search result returned by a search engine, our server will record the search terms that you used.
  • Whether you have bookmarked our Web site on your Web browser – This information is only reported for Internet Explorer users.
  • The Web pages within our site that you visit, the Web page you visit first on our site (the entry page), and the Web page you visit last on our site (the exit page).
  • Bandwidth used – The total number of bytes downloaded when you browse our site.
  • Amount of time you spend during a visit to our site
  • Time and date of your site visit

This individualized, non-aggregated data is stored in log files on our server that we will delete every 45 days. In the event of an attack on CDT's server, we may examine log files to ascertain the point of origin of the attack, but beyond the aggregated analysis described below, no other information from our log files is used. Log data is deleted every 45 days, and we do not have backup storage of the log files. Deleting your log files permanently erases them. For more information about the data we collect, you can visit http://awstats.sourceforge.net/.

Our site search function is supported by Vaniila Forums (http://vanillaforums.org/), an open source Web Forum Framework. CDT does record search terms used in searches of our Web site. We will retain search terms for no more than 45 days. We do not correlate search term data with IP address or any other information about our visitors.

What do we do with the information we automatically collect?

CDT uses two analytics programs: AWStats, (http://awstats.sourceforge.net/), and Urchin 5 (http://www.google.com/support/urchin45/), which analyze the search logs before they are deleted, and extracts in aggregate form useful information from the data that our server automatically collects. Once extracted and aggregated, we are not able to reverse the process to reconstruct the log file information.

Our analytics programs also perform a reverse DNS lookup on IP addresses in order to determine where your Internet service is based: much like your telephone number reveals where your phone service is based, your IP address can often reveal where your Internet service is based. For some IP addresses, our analytics program can determine where your Internet service is based down to the city level. If, for example, you access our Web site in Englewood, Colorado, then our analytics program will register this through an analysis of your IP address. All of the data obtained through a reverse DNS lookup is available to CDT only in aggregated form, and thus at no time are we able to connect your location to the specific web pages you viewed.

After aggregating all of the data, our analytics software creates reports on web site usage over one month. We also receive a basic breakdown of site activity (number of visits, the pages visited, the number of files requested from our server, and the bandwidth used) organized by day of the month, day of the week (for example, all visits on Fridays in August), and hour of the day (for example, all visits between 1:00am and 2:00am in August).

Consider, for example, a month during which five unique visitors come to our Web site. Our server would store logs containing the following hypothetical data (for brevity, not every data field is shown and we are using an example for the CDT main site):

IP address
Browser type
Last visit
Hits
Referring URL
111.111.111.111
Firefox 3.5.3
30 Aug 2009 – 10:55
10
http://www.google.com/search?q=policybeta
111.222.222.222
Safari
21 Aug 2009 – 16:27
5
http://en.wikipedia.org/wiki/Center_for_Democracy_and_Technology
90.44.90.44
Internet Explorer 7.0
14 Aug 2009 – 9:03
7
http://en.wikipedia.org/wiki/Leslie_Harris
111.111.321.321
Safari
14 Aug 2009 – 14:45
22
http://www.google.com/search?q=cdt
111.333.333.333
Firefox 3.5.3
3 Aug 2009 – 10:10
8
----

 

Our analytics packages would generate data such as the following based on these logs:

Browser
Number of Pages Viewed
MS Internet Explorer
7
Firefox
18
Safari
27

 

Referring URLs (excluding searches)
Hits
http://en.wikipedia.org/wiki/Leslie_Harris
7
http://en.wikipedia.org/wiki/Center_for_Democracy_and_Technology
5

 

 

 

 

 

 

 

 

 

 

 

 

Our analytics package may also conduct reverse DNS lookups to determine site visitors’ approximate locations (see above) and deliver that information in the aggregate, like so:

 

Countries
Regions
Cities
Hits
United States
District of Columbia
Washington
32
France
Unknown
Paris
15
United States
Colorado
Englewood
5

 

CDT uses information that we automatically collect for internal purposes alone. We do not sell, rent, exchange or otherwise disclose any information that we automatically collect about our site visitors, unless required by law.

You can see a complete example of an AWStats analytics report at the Web site below:

http://www.nltechno.com/awstats/awstats.pl?config=destailleur.fr

For a list of tools that help you surf the Web more anonymously, seehttp://www.cdt.org/privacy/guide/tools.php.

We use the data we collect for the purposes of analyzing general traffic patterns and performing routine system maintenance. This information shows us which features are being used or read most often, from which areas of the country and the world our site is attracting visitors, and how people are finding our site. All of this information helps us determine how to make our Web site more accessible and useful. If you sign up to the site, CDT places a persistent cookie in your web browser to maintain login state.

If you are logged in to the site, we may collect information about when you have visited the site in order to order to publicly display on your profile page the number of times you have visited the site and the date of your most recent activity. We may also display to you the IP address from which you are accessing the site or from which you most recently accessed the site.

What information can you choose to share with CDT?

Signing Up and Login

You can provide us with a username, email address, and password in order to sing up or login to participate on the site. All public posts and edits you do will be attributed to your user name and/or any other name you give at the time of posting or editing. We also collect the date that you sign up and publicly display that on your profile page, as well as the IP address from which you signed up which may be displayed only to you on your profile page.

Mailing Lists

You can participate in a public mailing list by going to https://calmail.berkeley.edu/manage/list/. Any information you submit on that website is governed by its own privacy policy.

Public Forums

You can participate in a public forum on privacymsh.org where you can post and respond to other posts publicly.

Wiki

You can contribute and edit text to a public wiki.

How do we use the information you share with CDT?

Except as noted here, CDT uses information that you share with us only for internal purposes. We do not sell, rent, exchange or otherwise disclose any information that we collect about our site visitors, unless required by law. We use specific types of information for:

Signing Up, Login, and Attribution

We use your username, password, and/or other name provided during posting to attribute your public comments to the identity that you choose. We use your email address you provide during login to initially verify your email address and to subsequently provide you login credentials if you forget your username or password.

Public Posts and Wiki Edits

Posts that you voluntarily submit on public forums such as the message board, of course, be displayed publicly along with the name you submit and the time at which you submitted the comment. If you post as a registered user, then your username will be displayed along with your comment. Edits to the wiki will be logged and publicly available by the name you submit and/or your username if you are a registered user.

Email

You can configure the message boards to send you email when someone interacts with you on the site. We will also use your email address to send you credentialing information if you forget your username or password.

Profile Page

You will have a public profile page associated with the username you provided during signup. That page may publicly display the date you signed up, the number of times you have used the site, and the date of your most recent activity. If you upload a picture, that will also be displayed on your profile, as well as on individual posts. The page will also privately display just to you the IP address from which you signed up, the IP address from which you last accessed the site, and the time of your most recent activity.

Administration and Fraud Detection

CDT staff, as well as Ross Schulman of CCIA and Nick Doty of the University of California at Berkeley, are administrators/moderators of the site, and have access to all information you provide to the site (except passwords, which are stored in hashed form). We use this information in the event that we suspect misuse or fraudulent use of the site. We reserve the right to share information with law enforcement if we believe illegal activity has occurred.

CAPTCHA – Signing Up

If you choose to sign up to participate on the forums, we will ask you to complete a CAPTCHA, which involves identifying a blurry word to prove that you are a human and not a computer. When you complete the CAPTCHA, a traditional cookie will be deposited on your computer. This cookie is a session cookie, which means it will be automatically deleted when you close your Web browser.

Third Party Data Collection and Use

CDT does not affirmatively incorporate third party content on the site. However, if someone embeds third party content into a post on the site, then the privacy policy that hosts that embedded content will govern the collection, use, and retention of that information.

Our Disclosure Policies

CDT does not sell, rent, exchange or otherwise disclose any information that we collect about our site visitors other than described herein. We will, however, comply with lawful requests from law enforcement that follow appropriate legal standards and procedures. If the law or a lawful order requires us to disclose information about your activities on our Web site, we will (unless prohibited by law from doing so) attempt to contact you prior to such disclosure, and attempt to disclose to you the fact that we have submitted information to legal authorities (including disclosing which information we have submitted). We will object to disclosure requests that we believe are improper.

Our Retention Policies

All data that is collected into log files by our Web server is deleted every 45 days. We do not have backup storage of our log files. Deleting our log files permanently erases them. Aggregated data about visitors to our Web site – which cannot be linked back to individual visitors – is maintained indefinitely.

Sign up/login information is retained indefinitely, or until you contact us to delete your credentials (however, we cannot guarantee that the information will be deleted from every potential backup copy we have made of the data).

Any information you provide us via email or publicly post on our Web site (as well as responses, if any, to your inquiry or comment) may be retained indefinitely. Contact information you provide when making a donation online will be retained indefinitely unless you ask us to delete it.

Changes to the Privacy Policy

If we make substantial changes to our Privacy Policy, we will post a large notification on our homepage and include a notice to a mailing the public mailing list about our Privacy Policy. If you would like to be added to this list, click here: https://calmail.berkeley.edu/manage/list/.