[Juser] proposed changes to jabber.org service policy

Peter Saint-Andre stpeter at stpeter.im
Mon Aug 20 17:39:22 UTC 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 8/20/12 11:05 AM, ubsy at riseup.net wrote:
> Peter Saint-Andre wrote:
> 
>> NEW (Section 4) On occasion we receive court orders requesting
>> information about specific users of the jabber.org IM service.
>> Although we comply with such court orders, we do require a court
>> order (not just an informal request) before we will disclose
>> information about any user of the jabber.org IM service.
> 
> I think it would be nice to know in detail what information are 
> requested and disclosed.

First, please understand that this is not a fun topic. I do not like
to receive such requests. Unfortunately, they are a price that I have
to pay for offering the free service you all thank me for at jabber.org.

In the past, such requests have asked for information about the
following (note: those who are making such requests are not
necessarily very sophisticated about how XMPP or even IM works):

1. IP addresses, dates, and times associated with authentication attempts
2. roster contacts
3. addresses such as email or physical addresses
4. telephone numbers
5. MAC addresses
6. means of payment
7. user activity related to inbound and outbound communication
attempts (email headers or XMPP to/from addresses but not the contents
of such communications)
8. email attachments
(etc.)

Clearly, some of those data are relevant to ISPs or email service
providers but not to an IM service. Most of it we would never have in
the first place (e.g., jabber.org is a free service so we don't
payment information) or we lack the ability to capture it (e.g.,
logging all XMPP stanzas passing through the service is not feasible
given the limits of our infrastructure, so #7 is impossible).

In the past, we have provided information about the first two items
listed above, when specifically requested to do so under court order.

> And when such an request arrives it would be super if the user in
> question was notified about the procedure.

That would defeat the purpose, no? All of the requests I have received
have been related to ongoing criminal investigations and the court
orders have specifically enjoined me not to disclose the request to
the subject of the investigation.

Peter

- -- 
Peter Saint-Andre
https://stpeter.im/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAlAydkoACgkQNL8k5A2w/vzmDgCfc34BsBG3fDgpuUMJAWFkPiO3
GQMAoLnWAWVU3ZbCNMAV0W95/26ELgZs
=HBhp
-----END PGP SIGNATURE-----


More information about the JUser mailing list