隱私政策

賽風致力於保護其客戶、最終用戶、分發商和供應商的隱私權益。本隱私權政策旨在向您正常的一般資訊,包括您的個人資料如何可能被使用。賽風是一家加拿大公司,其總部設在安大略省。我們的隱私權政策基於加拿大和安大略省的隱私法規法律來制定。

要了解有關加拿大和安大略省隱私法律的更多資訊,請訪問:

Updates

From time to time, Psiphon will add entries to our Privacy Bulletin. This will happen for two reasons:

  • We modify the Privacy Policy. This can happen when new laws add different requirements, or if we start or stop using a third-party service. We will detail the changes made to the policy.
  • We temporarily deviate from our Privacy Policy by changing our information collection behaviour. This is typically done to resolve a problem with our service, or to give us more time to analyze our data relating to an interesting censorship event. We will describe the change, for example what was recorded, how long it was kept, and why.

Data Categories

用戶活動和 VPN 數據

為何要關心?

When using a VPN or proxy you should be concerned about what the VPN provider can see in your data, collect from it, and do to it.

When you use a VPN, all data to and from your device goes through it. If you visit a website that uses unencrypted HTTP, all of that site's data is visible to the VPN. If you visit a website that uses encrypted HTTPS, the site content is encrypted, but some information about the site might be visible to the VPN. Other apps and services on your device will also transfer data that is encrypted or unencrypted. (Note that this is distinct from the encryption that all VPNs provide. Here we're only concerned with data that is or is not encrypted inside the VPN tunnel.)

For unencrypted services, it is possible for a VPN provider to see, collect, and modify (e.g., injecting ads into) the contents of your data. For encrypted data, it is still possible for a VPN to collect metadata about sites visited or actions taken. You should also be concerned with your VPN provider sharing your data with third parties.

What does Psiphon NOT do with your data?

We DO NOT collect or store any VPN data that is not mentioned here.

我們不會更改您的VPN數據

我們不會向第三方分享任何敏感或用戶特定數據

賽風會收集哪些用戶數據?

We will define some categories of data to help us talk about them in the context of Psiphon.

用戶活動數據

While a user's device is tunneled through Psiphon, we collect some information about how they're using it. We record what protocol Psiphon used to connect, how long the device was connected, how many bytes were transferred during the session, and what city, country, and ISP the connection came from. For some domains (but very few, and only popular ones) or server IP addresses (e.g., known malware servers) that are visited, we also record how many bytes were transferred to it. (But never full URLs or anything more sensitive. And only domains of general interest, not all domains.)

Geographical location and ISP info are derived from user IP addresses, which are then immediately discarded.

An example of user activity data might be: At a certain time a user connected from New York City, using Comcast, and transferred 100MB from youtube.com and 300MB in total.

We consider user activity data the most sensitive category of data. We never, ever share this data with third parties. We keep user activity data for at most 90 days, and then we aggregate it and delete it. Backups of that data are kept for a reasonable amount of time.

匯總數據

Data is “aggregated” by taking a lot of sensitive user activity data and combining it together to form coarse statistical data that is no longer specific to a user. After aggregation, the user activity data is deleted.

An example of aggregated data might be: On a particular day, 250 people connected from New York City using Comcast, and transferred 200GB from youtube.com and 500GB in total.

Aggregated data is much less sensitive than activity data, but we still treat it as potentially sensitive and do not share it in this form.

可分享的匯總數據

When sharing aggregated data with third parties, we make sure that the data could not be combined with other sources to reveal user identities. For example, we do not share data for countries that only have a few Psiphon users in a day. We make sure that the data is anonymized.

我們不會向第三方分享網域相關資料

An example of shareable aggregated data might be: On a particular day, 500 people connected from New York City and transferred 800GB in total.

An example of data that is not shareable: On a particular day, 2 people connected from Los Angeles. Those people will be included in the stats for the entire US, but that is too few people to anonymously share city data for.

Psiphon 會如何處理用戶活動和匯總數據?

Activity and aggregated statistical data are vital for us to make Psiphon work best. It allows us to do things like:

  • Monitor the health and success of the Psiphon network: We need to know how many people are connecting, from where, how much data they're transferring, and if they're having any problems.
  • Monitor threats to our users' devices: We watch for malware infections that attempt to contact command-and-control servers.
  • Ensure users stay connected while foiling censors: We try to detect that a user is behaving like a real person and then reveal new Psiphon servers to them. (This is our obfuscated server list technology.)
  • 推估未來成本:每個月所傳輸的大量用戶數據佔了成本的大宗,因此很有必要關注與理解這個數據的波動變化。
  • 判定大型網路審查事件的本質:某些網站或服務常常突然、無預警地遭到屏蔽封鎖,這導致 Psiphon 在一些地區用量大增的情況。例如當巴西政府封鎖 WhatsApp 或是土耳其政府關閉社交網站服務,Psiphon 就遇上流量激增 20倍的情況。
  • 了解哪些人需要協助:有些網站絕不會被屏蔽,而有些網站則在某些國家遭到封鎖,或是偶而無法訪問。為了確保用戶能夠自由訪問使用網路,我們必須了解這些規律,知道哪些人受到波及,和合作伙伴共同努力改善 Psiphon 以提供最佳服務。

Who does Psiphon share Aggregated Data with?

Shareable aggregated data is shared with sponsors, organizations we collaborate with, and civil society researchers. The data can be used to show such things as:

  • How well Psiphon is working in a particular region.
  • The blocking patterns in a given country, for example during political events.
  • That the populace of a country is determined to access the open internet.

Again, only anonymized shareable aggregated data is ever shared with third parties.

Psiphon 客戶廣告網絡

我們有時使用廣告系統支持我們的服務,這可能使用諸如 Cookie 和 Web 信標技術。我們的廣告合作商使用 Cookie 使他們及其合作伙伴基於您的使用資料為您提供廣告。這一過程收集的任何資料將依於合作廣告商的隱私政策處理。

Psiphon 網站

Google Analytics

我們在一些網站上使用 Google Analytics 來收集使用量的資料。Google Analytics 所收集的資料只會用於用戶在此特定站點上瀏覽習慣的統計分析。我們從 Google Analytics 獲取的信息無關個人資料,也不會跟任何第三方資料作關連來製作個人資料。

Google Analytics sets a permanent cookie in your web browser to identify you as a unique user the next time you visit the site, but this cookie cannot be used by anyone except Google, and the data collected cannot be altered or retrieved by services from other domains.

谷歌使用或分享 Google Analytics 所收集用戶瀏覽資料的行為受限於 Google Analytics 使用條款谷歌隱私政策。閣下也可以選擇在瀏覽器的個人設置中關閉 cookie 以停用。

儲存訪問日誌

我們使用 Amazon S3 儲存資料,例如網站文件和 Psiphon 服務器搜尋列表等。我們有時允許記錄這些文件的下載。分析這些數據能夠幫助我們回答一些問題,例如“多少用戶中斷了服務器搜尋列表的下載?”,“下載的資料如何在網站資料及服務器搜尋間分配?”和“我們的網站是否面臨拒絕服務攻擊?”

S3 bucket 訪問日誌包含IP地址、用戶代理字符串以及時間戳記。這些日誌存儲在 S3 本身,因此亞馬遜將有權限訪問這些日誌。(不過,亞馬遜已經在提供這些文件,因此他們已經可以訪問此信息。)Psiphon 開發者將下載這些日誌,匯總並分析數據,然後刪除日誌。原始數據將保持較長時間以完成匯總,不會與第三方共享。

PsiCash

PsiCash 系統只收集維持系統運作、監測健康與確保安全所需的必要資訊,

PsiCash 伺服器儲存個別用戶資料以便於系統進行下列營運操作:

  • 產生用戶訪問的授權令牌
  • 餘額
  • 最近活動時間戳圖
  • PsiCash earning history, including what actions the rewards were granted for
  • PsiCash 交易記錄,包括購買方案。

Creating a PsiCash account is optional. If an account is created, account-specific information such as username, password, and email address (if provided) are stored on the server. When logged in to a Psiphon client, the username is also stored locally.

在用戶瀏覽器儲存了某些資料以便於賺取和購買,其包含:

  • 產生用戶訪問的授權令牌
  • 可再次索取 PsiCash 獎賞

為了監控系統健康安全,我們會收隻下列活動數據:

  • 用戶國家
  • 餘額
  • 用戶瀏覽器字串 
  • 客戶端版本
  • PsiCash 收支詳情

絕不會與第三方分享個別用戶的資料,我們或許會分享粗略加總的統計數據,但絕不包含可辨別身份的內容。

PsiCash server resources are stored in AWS, which means Amazon has access to the data.

my.psi.cash

Users create and manage their PsiCash accounts on the my.psi.cash website.

reCAPTCHA

my.psi.cash uses Google’s reCAPTCHA v3 (hereinafter “reCAPTCHA”), which protects websites from spam and abuse by non-human users (i.e., bots). reCAPTCHA collects personal information that is required for the functioning of the technology and is subject to its own privacy policy. Use of my.psi.cash indicates acceptance of Google’s Privacy Policy and Terms.

Our use of reCAPTCHA is strictly limited to ensuring the continued functioning of my.psi.cash. reCAPTCHA technology performs an automatic analysis for each site request without requiring the user to take any additional actions. This analysis is based on interactions made by the user, and is used to mitigate bot and other malicious behaviour on our website. The data collected during analysis is forwarded to Google, where Google will use this data to determine if you are a human user. This analysis takes place in the background, and users are not advised it is taking place.

For more information about Google’s reCAPTCHA technology, please visit https://www.google.com/recaptcha/about/.

Cookies

my.psi.cash only uses cookies and similar tracking technologies to carry out activities that are essential for the operation of the website. Essential cookies are necessary to ensure basic functions of the website. Cookies are small text files that are stored on your computer and saved by your browser, and do not represent any risk to your device. You can configure your browser settings to personalize how you would like your browser to handle cookies. Disabling essential cookies will degrade the functionality of this website.

反饋

當您選擇通過 Psiphon 提交回饋意見時,您將有提交診斷資料的選項。我們使用這些資訊來幫助我們解決您可能遇到的任何問題,並幫助我們維持 Psiphon 平穩運行。發送診斷資料是完全可行的。在您發送此資料之前,它已經被加密了,且只有我們可以解密。數據中的信息來自於不同平台,但它可能包括:

Windows:

  • 作業系統版本
  • 防毒軟體版本
  • 您如何連接到網路(例如,您是否使用撥號連線或者通過代理連接)
  • 您的電腦有多少可用記憶體

Android:

  • 安卓版本
  • 設備型號
  • 您的設備是否 root 過

電子郵件回復者

When you send an email request to our email auto-responder server, we are able to see your email address. While your email is being processed it is saved to the email server's disk, and it is deleted as soon as it is processed (usually in a few seconds). Your email address may be written to the server system logs. These logs are deleted after one week.

Our email auto-responder server is hosted in the Amazon EC2 cloud. This means that Amazon is able to see the email you send and our response to you.

我們每收到一封電子郵件,都會把訊息存儲到:

  • 收到該郵件請求的日期和時間。
  • 回復該郵件請求的日期和時間為:
  • 郵件的大小。
  • 電郵請求來源的郵件伺服器。(域名的最后三部分。例如ne1.example.com,而不是web120113.mail.ne1.example.com。)

應用程式商店

請注意如果在應用程式商店下載賽風,譬如谷歌商店或是亞馬遜商店,這些商店有可能會收集額外的資料。以下的例子是谷歌商店會收集的資料: https://support.google.com/googleplay/android-developer/answer/139628?hl=zh_TW