Privacy Policy

Last updated: Nov 23 2008

At Colorado Indymedia, we understand that independent journalists and whistle blowers are often subject to harassment or threats to their safety. We also understand that average, everyday citizens who are trying to "be the media" may not want their personal information spread across the web, especially in the face of large data mining operations where a users identity is sold to advertisers. We recognize that the right to privacy and anonymity is vitally important to a free society and the freedom of expression.

Here's what you need to know: Colorado Indymedia and its servers do not log or store any personally-identifiable information about you without your explicit permission. We don’t know who you are or what you’re doing on our servers. We don’t let anybody see what is on our servers without a valid court order or other legal justification and we do not process out-of-jurisdiction requests. We will challenge any requests that we believe to be illegitimate. Access to personally-identifiable information is tightly controlled and transparent. We will even delete the information we have on you at your request. For more information on how this works keep reading.

What Information We Collect

Colorado Indymedia servers do not log any information about you. The only personal information we store on our servers is the information you explicitly provide to us through registering accounts, subscribing to mailing lists, posting to mailing list, and other normal uses of our servers. We try to require as little information as possible from you. If you think we’re asking too much, remember that you can usually lie.

In order to maintain our servers properly and diagnose problems, we may log personally-identifiable information for short periods of time while we work on the problem. After the problem has been fixed and the logs are no longer needed, the logs will be securely deleted.

If the site encounters an error, then information on who caused that error may be stored to our logs including the username, IP address, user agent, time, and what the user was trying to do. We log these in case people try and break the security on our site. These logs should not be generated in normal course of utilizing the site.

Access Control

Access to personally-identifiable information, encryption keys, servers, and passphrases is very tightly controlled. If we grant access to personally-identifiable information on the basis of a single case, we will notify you beforehand as detailed in the section about communications later in the policy. If we are to grant access on a unilateral level such as root access to our servers, passphrases for our encryption, etc. then we will announce it on our website and through our mailing lists.

Communications

If you contact us, we will store those communications as long as they are needed and then delete them. In most cases sending an email to us will give us your name, your IP address, and your email address. In some cases, such as sending mail to the general email address that is meant for the webmaster, your email could automatically be given to several people. If something needs to be referred to another person, we will forward the email to them and then delete the email in accordance with our privacy policy. We will notify you before forwarding your email unless it has been sent to the wrong email address, in which case it will be forwarded without your explicit permission. When we delete our communications with you, we will notify you via email. If you do not receive a notification email, please remind us. This privacy policy is only as good as those who follow it and those who keep them in check.

Some communications (you know what these are) with us including but not limited to baseless legal threats and threats against an individual may be shared (without your explicit permission) among the collective and anybody else who we feel needs to see it, which could be the entire world.

Who We Give Information To

Colorado Indymedia does not give our information up to anybody without a valid court order or other legal justification. We do not respond to requests outside of our own jurisdiction. We will not respond to nice requests or demands for information (without legal justification). We will fight any court order or any other legally-sanctioned order if we believe it to be illegitimate.

Purging Your Personal Information

We understand that as time goes on your level of comfort (or paranoia) with the distribution of your personal information will change. Assuming we are not retaining it for any other reason, we will delete any information about you at your request. If we have published information about you or your communications with us because you have threatened us or for some other reason then we will not un-publish it. You can not expect us to clean up the internet of references to you or compromise on issues of our principles to keep your mind at ease.

Most of our services provide an automated way to remove personally-identifiable information about yourself from our servers such as deleting an account. In the event that these ways do not work for you or do not exist, you can send an email to webmaster[at]coimc[dot]org to ask that your information is securely purged. We will notify you once we have purged your information.

A False Guarantee

While we make every effort possible to insure your privacy on our servers, there are still ways that it can be violated. We can’t guarantee that nobody will hack into our servers and steal your data or that somebody isn’t listening in on your communications with us. We also can’t guarantee the physical security of our servers, that your computer hasn’t been backdoored, or that the encryption algorithms we use will be unbreakable forever. We can’t guarantee that nobody will be able to steal our private keys (although we try really hard) or use a cold boot attack against us. We can’t guarantee that our group hasn’t been infiltrated by people interested in your information. We can’t guarantee that our web host and ISP isn’t listening in or handing over your information. In some cases, we may receive a court order to produce or hand over logs that is coupled with a legal gag order. In others, a member of our collective may be tortured or otherwise forced to violate this policy. While we hope that they resist such treatment, we do not and cannot expect it. In the end, the people that implement this privacy policy are human too. We make mistakes, err in our judgement, and occasionally have our own security policies violated by outsiders and factors beyond our control.

Ultimately, privacy is your responsibility. If you are concerned about the above threats to your privacy and ours, then consider taking additional measures to protect it such as encrypting your hard drive, encrypting your emails, and using proxy systems like Tor.

Direct any questions, clarifications, or suggestions to webmaster[at]coimc[dot]org or the "all" list.