Izjava o privatnosti

Psiphon je posvećen zaštiti privatnosti svojih mušterija, krajnjih korisnika, distributora i dobavljača. Ovakva politika privatnosti ima za svrhu pružanje općih informacija kako Vaše osobne informacije mogu biti korištene. Psiphon je kanadska korporacija sa sjedištem u Ontariju, te je naša izjava o privatnosti razvijana u skladu s kanadskim i ontarijskim zakonima i statutima o privatnosti.

Za daljnje informacije vezane uz kanadske i ontarijske zakone o privatnosti, molimo posjetite:

Updates

From time to time, Psiphon will add entries to our Privacy Bulletin. This will happen for two reasons:

  • We modify the Privacy Policy. This can happen when new laws add different requirements, or if we start or stop using a third-party service. We will detail the changes made to the policy.
  • We temporarily deviate from our Privacy Policy by changing our information collection behaviour. This is typically done to resolve a problem with our service, or to give us more time to analyze our data relating to an interesting censorship event. We will describe the change, for example what was recorded, how long it was kept, and why.

Data Categories

User Activity and VPN Data

Zašto bi Vas bilo briga?

When using a VPN or proxy you should be concerned about what the VPN provider can see in your data, collect from it, and do to it.

When you use a VPN, all data to and from your device goes through it. If you visit a website that uses unencrypted HTTP, all of that site's data is visible to the VPN. If you visit a website that uses encrypted HTTPS, the site content is encrypted, but some information about the site might be visible to the VPN. Other apps and services on your device will also transfer data that is encrypted or unencrypted. (Note that this is distinct from the encryption that all VPNs provide. Here we're only concerned with data that is or is not encrypted inside the VPN tunnel.)

For unencrypted services, it is possible for a VPN provider to see, collect, and modify (e.g., injecting ads into) the contents of your data. For encrypted data, it is still possible for a VPN to collect metadata about sites visited or actions taken. You should also be concerned with your VPN provider sharing your data with third parties.

What does Psiphon NOT do with your data?

We DO NOT collect or store any VPN data that is not mentioned here.

We DO NOT modify the contents of your VPN data.

We DO NOT share any sensitive or user-specific data with third parties.

What kinds of user data does Psiphon collect?

We will define some categories of data to help us talk about them in the context of Psiphon.

User Activity Data

While a user's device is tunneled through Psiphon, we collect some information about how they're using it. We record what protocol Psiphon used to connect, how long the device was connected, how many bytes were transferred during the session, and some geographical and ISP information. For some domains (but very few, and only popular ones) or server IP addresses (e.g., known malware servers) that are visited, we also record how many bytes were transferred to it. (But never full URLs or anything more sensitive. And only domains of general interest, not all domains.)

The user's city, country, and ISP are derived from the user's IP address; the IP address is then immediately discarded. Users may also be asked to optionally allow access to their approximate location (accurate up to 3 km) using their device's location service (e.g., GPS).

An example of user activity data might be: At a certain time a user connected from New York City, using Comcast, and transferred 100MB from youtube.com and 300MB in total.

We consider user activity data the most sensitive category of data. We never, ever share this data with third parties. We keep user activity data for at most 90 days, and then we aggregate it and delete it. Backups of that data are kept for a reasonable amount of time.

Aggregated Data

Data is “aggregated” by taking a lot of sensitive user activity data and combining it together to form coarse statistical data that is no longer specific to a user. After aggregation, the user activity data is deleted.

An example of aggregated data might be: On a particular day, 250 people connected from New York City using Comcast, and transferred 200GB from youtube.com and 500GB in total.

Aggregated data is much less sensitive than activity data, but we still treat it as potentially sensitive and do not share it in this form.

Shareable Aggregated Data

When sharing aggregated data with third parties, we make sure that the data could not be combined with other sources to reveal user identities. For example, we do not share data for countries that only have a few Psiphon users in a day. We make sure that the data is anonymized.

We also never share domain-related information with third parties.

An example of shareable aggregated data might be: On a particular day, 500 people connected from New York City and transferred 800GB in total.

An example of data that is not shareable: On a particular day, 2 people connected from Los Angeles. Those people will be included in the stats for the entire US, but that is too few people to anonymously share city data for.

What does Psiphon do with User Activity and Aggregated Data?

Activity and aggregated statistical data are vital for us to make Psiphon work best. It allows us to do things like:

  • Monitor the health and success of the Psiphon network: We need to know how many people are connecting, from where, how much data they're transferring, and if they're having any problems.
  • Monitor threats to our users' devices: We watch for malware infections that attempt to contact command-and-control servers.
  • Ensure users stay connected while foiling censors: We try to detect that a user is behaving like a real person and then reveal new Psiphon servers to them. (This is our obfuscated server list technology.)
  • Procjena budućih troškova: Ogromna količina korisničkih podataka koje prenesemo svaki mjesec je velik faktor u našim troškovima. Od vitalne je važnosti da vidimo i razumijemo korisničke oscilacije.
  • Kako bi odredili narav svih velikih cenzorskih događaja: Stranice i usluge su često i iznenada blokirane bez upozorenja, što može dovesti do velikih varijacija u regionalnom korištenju Psiphona. Npr. imali smo 20 puta veću uporabu po danu kad je Brazil blokirao WhatsApp ili kad je Turska blokirala društvene medije.
  • Kako bi razumjeli kome trebamo pomoći: neke stranice i usluge nikad neće biti blokirane nigdje, neke će uvijek biti blokirane u određenim zemljama, i neke će biti povremeno blokirane u nekim zemljama. Kako bi osigurali da naši korisnici mogu slobodno komunicirati i učiti, moramo razumjeti ove uzorke, vidjeti tko je sve zahvaćen i raditi s našim partnerima kako bi osigurali da njihove usluge rade sa Psiphonom.

Who does Psiphon share Aggregated Data with?

Shareable aggregated data is shared with sponsors, organizations we collaborate with, and civil society researchers. The data can be used to show such things as:

  • How well Psiphon is working in a particular region.
  • The blocking patterns in a given country, for example during political events.
  • That the populace of a country is determined to access the open internet.

Again, only anonymized shareable aggregated data is ever shared with third parties.

Psiphon Client Advertising Networks

Nekad koristimo oglašavanje kako bi podržali naše usluge, što može koristiti tehnologiju kao što su kolačići i web beacon-i. Upotreba kolačića naših partnera oglašivača omogućuje njima i njihovim partnerima da poslužuju reklame temeljene na podatcima o Vašem korištenju. Svim informacijama skupljenim kroz ovaj proces se upravlja pod pravilima privatnosti naših partnera:

Psiphon Websites

Google Analytics

Koristimo Google Analytics na nekim našim stranicama kako bi prikupili informacije o korištenju. Informacije koje skupi Google Analytics će biti korištene samo za statističku analizu vezanu uz Vaše ponašanje prilikom pregledavanja ove stranice. Informacije koje dobijemo od Google Analytics-a nisu osobno identificirajuće, niti su kombinirane s informacijama iz drugih izvora, a u svrhu stvaranja osobno identificirajućih informacija.

Google Analytics sets a permanent cookie in your web browser to identify you as a unique user the next time you visit the site, but this cookie cannot be used by anyone except Google, and the data collected cannot be altered or retrieved by services from other domains.

Google-ova mogućnost da koristi i dijeli informacije prikupljene od strane Google Analytics-a o Vašim posjetima ovoj stranici je ograničena Google Analytics uvjetima korištenja i Google-ovom izjavom o privatnosti. Možete odustati od ovoga gašenjem kolačića u postavkama svog web preglednika.

Zapisivanje o pristupu pohrani

Koristimo Amazon S3 da bi pohranili resurse kao što su datoteke web stranica i popisi za otkrivanje Psiphon poslužitelja. Ponekad omogućimo stvaranje zapisa o preuzimanju tih datoteka. Analiziranje tih zapisa nam pomaže odgovoriti na pitanja kao što su "koliko korisnika pokreću ali ne završavaju preuzimanje popisa za otkrivanje poslužitelja?", "kako su preuzeti podatci podijeljeni između resursa web stranica i otkrivanja poslužitelja?" i "pokušavaju li napadači odraditi napade uskraćivanja usluge na našim stranicama?"

Zapisi o pristupu S3 kanti sadržavaju IP adrese, korisničke agente i vremenske žigove. Ovi zapisi su pohranjeni na samom S3, tako da im Amazon može pristupiti. (Kako bilo, Amazon već poslužuje te datoteke, tako da već mogu pristupiti tim informacijama.) Psiphon programeri će preuzeti zapise, skupiti i analizirati podatke, te zatim obrisati zapise. Sirovi podatci će biti zadržani onoliko koliko je potrebno da ih se skupi i neće biti dijeljeni s trećim strankama.

PsiCash

The PsiCash system only collects information necessary for the functioning of the system, monitoring the health of the system, and ensuring the security of the system.

The PsiCash server stores per-user information to allow for operation of the system, including:

  • generated user access tokens
  • balance
  • last activity timestamp
  • PsiCash earning history, including what actions the rewards were granted for
  • PsiCash spending history, including what purchases were made

Creating a PsiCash account is optional. If an account is created, account-specific information such as username, password, and email address (if provided) are stored on the server. When logged in to a Psiphon client, the username is also stored locally.

In the user's web browser, some data is stored to allow for earning rewards and making purchases. This data includes:

  • generated user access tokens
  • when a PsiCash reward is allowed to be claimed again

For monitoring system health and security, system activity data is collected and aggregated. This data includes:

  • user country
  • balance
  • user agent string
  • client version
  • PsiCash earning and spending details

Individual user data is never shared with third parties. Coarse aggregate statistics may be shared, but never in a form that can possibly identify users.

PsiCash server resources are stored in AWS, which means Amazon has access to the data.

my.psi.cash

Users create and manage their PsiCash accounts on the my.psi.cash website.

reCAPTCHA

my.psi.cash uses Google’s reCAPTCHA v3 (hereinafter “reCAPTCHA”), which protects websites from spam and abuse by non-human users (i.e., bots). reCAPTCHA collects personal information that is required for the functioning of the technology and is subject to its own privacy policy. Use of my.psi.cash indicates acceptance of Google’s Privacy Policy and Terms.

Our use of reCAPTCHA is strictly limited to ensuring the continued functioning of my.psi.cash. reCAPTCHA technology performs an automatic analysis for each site request without requiring the user to take any additional actions. This analysis is based on interactions made by the user, and is used to mitigate bot and other malicious behaviour on our website. The data collected during analysis is forwarded to Google, where Google will use this data to determine if you are a human user. This analysis takes place in the background, and users are not advised it is taking place.

For more information about Google’s reCAPTCHA technology, please visit https://www.google.com/recaptcha/about/.

Kolačići

my.psi.cash only uses cookies and similar tracking technologies to carry out activities that are essential for the operation of the website. Essential cookies are necessary to ensure basic functions of the website. Cookies are small text files that are stored on your computer and saved by your browser, and do not represent any risk to your device. You can configure your browser settings to personalize how you would like your browser to handle cookies. Disabling essential cookies will degrade the functionality of this website.

Povratne informacije

Kad odlučite podnijeti povratne informacije kroz Psiphon, imati ćete opciju uključivanja dijagnostičkih podataka. Koristimo ove podatke kako bi nam pomogli u rješavanju problema koje možda imate, te ih koristimo da nam pomognu u održavanju glatkog rada Psiphon-a. Slanje ovih podataka je u potpunosti opcionalno. Podatci su enkriptirani prije nego ih pošaljete, te ih jedino mi možemo dekriptirati. Informacije uključene variraju od platforme do platforme ali mogu uključivati:

Windows:

  • Verzija operativnog sustava
  • Anti-virus verzija
  • Kako ste spojeni na internet (primjerice, koristite li dial-up ili ste spojeni preko proxy-a)
  • Koliko slobodne memorije Vaše računalo ima

Android:

  • Verzija Androida
  • Model uređaja
  • Da li je Vaš uređaj root-an

Emial odgovaratelj

When you send an email request to our email auto-responder server, we are able to see your email address. While your email is being processed it is saved to the email server's disk, and it is deleted as soon as it is processed (usually in a few seconds). Your email address may be written to the server system logs. These logs are deleted after one week.

Our email auto-responder server is hosted in the Amazon EC2 cloud. This means that Amazon is able to see the email you send and our response to you.

Za svaki email koji primimo, pohranjujemo sljedeće informacije:

  • Datum i vrijeme zaprimanja email zahtjeva.
  • Datum i vrijeme odgovora na email zahtjev.
  • Veličinu email-a.
  • Mail poslužitelj s kojeg je došao zahtjev. (Tri najmanje specifična dijela domenskog imena. Na primjer, ne1.example.com, ali ne web120113.mail.ne1.example.com.)

Trgovine aplikacija

Ako ste preuzeli Psiphon iz "app trgovine", primjerice Google Play ili Amazon AppStore, dodatne statistike mogu biti prikupljene od strane te trgovine. Za primjer, ovdje je opis što Google Play Trgovina skuplja: https://support.google.com/googleplay/android-developer/answer/139628?hl=hr