Privacy Policy (2024-07-31)

History of this privacy policy can be viewed: Codeberg, GitHub, GitLab

What data we (Divested Computing Group) collect¶

  • Website¶
    • What is received: Cookies (none currently), Page Visited, Referring Page, User Agent, and IP Address
    • How often: On every page visit
    • Why it is received: Used to serve the web pages to users
    • When it will be deleted: Web server logs are kept for no longer than two weeks
    • What else will it be used for: Nothing else
    • How to anonymize: Visit the site using the Tor Browser
    • Example: [IP Address] - - [Timestamp] "GET /pages/privacy_policy HTTP/2.0" 200 3441 "-" "Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0"
  • Operating System¶
    • The operating system does not contain any analytics and any requests are used only for supporting it
  • OS: Connectivity Checks¶
    • What is received: Static User Agent, IP Address
    • How often: On every Wi-Fi and cell connection
    • Why it is received: Used to determine if there is a working connection and if there is a captive portal
    • When it will be deleted: All requests to generate_204 are never logged
    • What else will it be used for: Nothing else
    • How to disable: Toggle in settings app (noted below) or $ adb shell settings put global captive_portal_mode 0;
    • Settings can be accessed via:
      • 14.1/15.1: Settings > Network > Data usage > Disable Captive Portal
      • 16.0/17.1: Settings > Network & Internet > Advanced > Captive portal mode
      • 18.1/19.1/20.0: Settings > Network & Internet > Advanced > Internet connectivity check
  • OS: Updater¶
    • What is received: Device Model, Incremental Build ID, Default User Agent, IP Address
    • How often: On every boot and also once per week (note: 14.1 only is daily)
    • Why it is received: Used to serve system updates
    • When it will be deleted: Web server logs are kept for no longer than two weeks
    • What else will it be used for: Will be occasionally used to determine how many users we have and what percent are up-to-date or not
    • How to anonymize: Install Orbot and enable 'Perform requests over Tor'
    • How to disable: Disable 'Auto updates check'
    • Settings can be accessed via:
      • 9+: Settings > System > Advanced > DivestOS updates > 3dot > Preferences
      • <9: Settings > About > DivestOS updates > 3dot > Preferences
    • Example: [IP Address] - - [Timestamp] "GET /updater.php?base=LineageOS&device=mata&inc=engemy20210814031730 HTTP/1.1" 200 276 "-" "Dalvik/2.1.0 (Linux; U; Android 11; PH-1 Build/RQ3A.210805.001.A1)"
  • OS: DivestOS F-Droid Repos¶
    • What is received: Repo Index Requests/App APK Requests/App Icon Requests, F-Droid Version, IP Address
    • How often: Once per day
    • Why it is received: Used to serve apps and their updates
    • When it will be deleted: Web server logs are kept for no longer than two weeks
    • What else will it be used for: Nothing else
    • How to anonymize: Install Orbot and enable 'Use Tor' in F-Droid > Settings
    • How to reduce: Decrease the 'Automatic update interval' in F-Droid > Settings
    • How to disable: Disable the 'DivestOS' repos in F-Droid > Settings > Repositories
    • Example: [IP Address] - - [Timestamp] "HEAD /fdroid/official/index-v1.jar HTTP/1.1" 200 - "-" "F-Droid 1.13.1"
  • App: Hypatia¶
    • What is received: Signature Database Requests, IP Address
    • How often: Manually
    • Why it is received: Used to serve signature databases
    • When it will be deleted: Web server logs are kept for no longer than two weeks
    • What else will it be used for: Nothing else
    • How to anonymize: Install Orbot and enable 'Download over Tor'
    • Example: [IP Address] - - [Timestamp] "GET /MalwareScannerSignatures/hypatia-sha1-bloom.bin HTTP/1.1" 304 - "-" "Hypatia"
  • App: Carrion¶
    • What is received: Complaint Number Database Requests, IP Address
    • How often: Manually
    • Why it is received: Used to serve complaint number databases
    • When it will be deleted: Web server logs are kept for no longer than two weeks
    • What else will it be used for: Nothing else
    • How to anonymize: Install Orbot and set it to handle Carrion
    • Example: [IP Address] - - [Timestamp] "GET complaint_numbers.txt.gz HTTP/1.1" 304 - "-" "Carrion"
  • Chat rooms (MUC) available on xmpp:konvers.me¶
    • What is received: JID, nickname, avatar, messages you send, your server IP address, your client IP address only if fetching an HTTP uploaded image
    • How often: When you join and are connected to a room
    • Why it is received: Used to provide the chat service to you
    • When it will be deleted: Messages are not deleted per default MAM policy, but are pruned after backups. Access logs are deleted weekly. IP addresses are not stored in the access logs.
    • What else will it be used for: Nothing else
    • How to anonymize: Use a throwaway JID and nickname. Route your XMPP client over Tor.
    • Please note: third party volunteers may be appointed as moderators and be able to see your JID.

What data third parties collect¶

Third parties are used to support basic functions along with features and apps.

  • Website Payments¶
    • Who: Stripe
    • What they receive: Name, Bank Card, E-Mail Address, User Agent, Browser Fingerprint, IP Address, Location from Geo-IP
    • What we receive: Name, Bank Name, E-Mail Address, User Agent, Location from Geo-IP
    • How often: When you donate
    • Why they receive: Used to process the payment
    • What else will we use it for: Nothing else
    • How to anonymize: Use a fake name, debit gift card, disposable e-mail address, and connect via a computer at your local library
    • How to disable: Requests to Stripe's servers will not occur until you attempt to donate
    • Privacy Policy: Stripe Privacy Policy
  • OS: Connectivity Checks¶
    • Who: Google
    • Description: Used to determine if there is a working connection and if there is a captive portal
    • What they receive: Static User Agent, IP Address
    • How often: On every Wi-Fi and cell connection
    • How to disable: Toggle in settings app (noted below) or $ adb shell settings put global captive_portal_mode 0;
    • Settings can be accessed via:
      • 14.1/15.1: Settings > Network > Data usage > Disable Captive Portal
      • 16.0/17.1: Settings > Network & Internet > Advanced > Captive portal mode
      • 18.1/19.1/20.0: Settings > Network & Internet > Advanced > Internet connectivity check
    • Privacy Policy: Google Privacy Policy
  • OS: Network Time Protocol¶
    • Who: pool.ntp.org volunteers
    • Description: Used to set an accurate (clock) time
    • What they receive: IP Address
    • How often: On every boot
    • Privacy Policy: unavailable
  • OS: Fallback Domain Name System Lookups¶
    • Who: Quad9
    • Description: Used to translate domain names into IP addresses to establish network connections, only when no other DNS was advertised by the network
    • What they receive: DNS requests, IP Address
    • How often: Every network request to a non-cached and non-expired domain
    • Privacy Policy: Quad9 Privacy Policy
  • OS: F-Droid Official Repo¶
    • Who: F-Droid
    • What they receive: Repo Index Requests/App APK Requests/App Icon Requests, F-Droid Version, IP Address
    • How often: Once per day
    • Why they receive: Used to serve apps and their updates
    • How to anonymize: Install Orbot and enable 'Use Tor' in F-Droid > Settings
    • How to reduce: Decrease the 'Automatic update interval' in F-Droid > Settings
    • How to disable: Disable the 'F-Droid' repos in F-Droid > Settings > Repositories
    • Privacy Policy: F-Droid Security Information