Privacy Policy (2024-01-01)
History of this privacy policy can be viewed: Codeberg, GitHub, GitLab
What data we (Divested Computing Group) collect¶
- Website¶
- What is received: Cookies (none currently), Page Visited, Referring Page, User Agent, and IP Address
- How often: On every page visit
- Why it is received: Used to serve the web pages to users
- When it will be deleted: Web server logs are kept for no longer than two weeks
- What else will it be used for: Nothing else
- How to anonymize: Visit the site using the Tor Browser
- Example:
[IP Address] - - [Timestamp] "GET /pages/privacy_policy HTTP/2.0" 200 3441 "-" "Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0"
- Operating System¶
- The operating system does not contain any analytics and any requests are used only for supporting it
- OS: Connectivity Checks¶
- What is received: Static User Agent, IP Address
- How often: On every Wi-Fi and cell connection
- Why it is received: Used to determine if there is a working connection and if there is a captive portal
- When it will be deleted: All requests to generate_204 are never logged
- What else will it be used for: Nothing else
- How to disable: Toggle in settings app (noted below) or
$ adb shell settings put global captive_portal_mode 0;
- Settings can be accessed via:
- 14.1/15.1: Settings > Network > Data usage > Disable Captive Portal
- 16.0/17.1: Settings > Network & Internet > Advanced > Captive portal mode
- 18.1/19.1/20.0: Settings > Network & Internet > Advanced > Internet connectivity check
- OS: Updater¶
- What is received: Device Model, Incremental Build ID, Default User Agent, IP Address
- How often: On every boot and also once per week (note: 14.1 only is daily)
- Why it is received: Used to serve system updates
- When it will be deleted: Web server logs are kept for no longer than two weeks
- What else will it be used for: Will be occasionally used to determine how many users we have and what percent are up-to-date or not
- How to anonymize: Install Orbot and enable 'Perform requests over Tor'
- How to disable: Disable 'Auto updates check'
- Settings can be accessed via:
- 9+: Settings > System > Advanced > DivestOS updates > 3dot > Preferences
- <9: Settings > About > DivestOS updates > 3dot > Preferences
- Example:
[IP Address] - - [Timestamp] "GET /updater.php?base=LineageOS&device=mata&inc=engemy20210814031730 HTTP/1.1" 200 276 "-" "Dalvik/2.1.0 (Linux; U; Android 11; PH-1 Build/RQ3A.210805.001.A1)"
- OS: DivestOS F-Droid Repos¶
- What is received: Repo Index Requests/App APK Requests/App Icon Requests, F-Droid Version, IP Address
- How often: Once per day
- Why it is received: Used to serve apps and their updates
- When it will be deleted: Web server logs are kept for no longer than two weeks
- What else will it be used for: Nothing else
- How to anonymize: Install Orbot and enable 'Use Tor' in F-Droid > Settings
- How to reduce: Decrease the 'Automatic update interval' in F-Droid > Settings
- How to disable: Disable the 'DivestOS' repos in F-Droid > Settings > Repositories
- Example:
[IP Address] - - [Timestamp] "HEAD /fdroid/official/index-v1.jar HTTP/1.1" 200 - "-" "F-Droid 1.13.1"
- App: Hypatia¶
- What is received: Signature Database Requests, IP Address
- How often: Manually
- Why it is received: Used to serve signature databases
- When it will be deleted: Web server logs are kept for no longer than two weeks
- What else will it be used for: Nothing else
- How to anonymize: Install Orbot and enable 'Download over Tor'
- Example:
[IP Address] - - [Timestamp] "GET /MalwareScannerSignatures/hypatia-sha1-bloom.bin HTTP/1.1" 304 - "-" "Hypatia"
- Chat rooms (MUC) available on xmpp:konvers.me¶
- What is received: JID, nickname, avatar, messages you send, your server IP address, your client IP address only if fetching an HTTP uploaded image
- How often: When you join and are connected to a room
- Why it is received: Used to provide the chat service to you
- When it will be deleted: Messages are not deleted per default MAM policy, but are pruned after backups. Access logs are deleted weekly. IP addresses are not stored in the access logs.
- What else will it be used for: Nothing else
- How to anonymize: Use a throwaway JID and nickname. Route your XMPP client over Tor.
What data third parties collect¶
Third parties are used to support basic functions along with features and apps.
- Website Payments¶
- Who: Stripe
- What they receive: Name, Bank Card, E-Mail Address, User Agent, Browser Fingerprint, IP Address, Location from Geo-IP
- What we receive: Name, Bank Name, E-Mail Address, User Agent, Location from Geo-IP
- How often: When you donate
- Why they receive: Used to process the payment
- What else will we use it for: Nothing else
- How to anonymize: Use a fake name, debit gift card, disposable e-mail address, and connect via a computer at your local library
- How to disable: Requests to Stripe's servers will not occur until you attempt to donate
- Privacy Policy: Stripe Privacy Policy
- OS: Connectivity Checks¶
- Who: Google
- Description: Used to determine if there is a working connection and if there is a captive portal
- What they receive: Static User Agent, IP Address
- How often: On every Wi-Fi and cell connection
- How to disable: Toggle in settings app (noted below) or
$ adb shell settings put global captive_portal_mode 0;
- Settings can be accessed via:
- 14.1/15.1: Settings > Network > Data usage > Disable Captive Portal
- 16.0/17.1: Settings > Network & Internet > Advanced > Captive portal mode
- 18.1/19.1/20.0: Settings > Network & Internet > Advanced > Internet connectivity check
- Privacy Policy: Google Privacy Policy
- OS: Network Time Protocol¶
- Who: pool.ntp.org volunteers
- Description: Used to set an accurate (clock) time
- What they receive: IP Address
- How often: On every boot
- Privacy Policy: unavailable
- OS: Fallback Domain Name System Lookups¶
- Who: Quad9
- Description: Used to translate domain names into IP addresses to establish network connections, only when no other DNS was advertised by the network
- What they receive: DNS requests, IP Address
- How often: Every network request to a non-cached and non-expired domain
- Privacy Policy: Quad9 Privacy Policy
- OS: F-Droid Official Repo¶
- Who: F-Droid
- What they receive: Repo Index Requests/App APK Requests/App Icon Requests, F-Droid Version, IP Address
- How often: Once per day
- Why they receive: Used to serve apps and their updates
- How to anonymize: Install Orbot and enable 'Use Tor' in F-Droid > Settings
- How to reduce: Decrease the 'Automatic update interval' in F-Droid > Settings
- How to disable: Disable the 'F-Droid' repos in F-Droid > Settings > Repositories
- Privacy Policy: F-Droid Security Information