GDPR/DMCA: 2nd draft under counsel

sections/legal/dmca.php

@@ -1,15 +1,14 @@
 <?php
 declare(strict_types=1);
 
-View::show_header('DMCA');
-?>
+View::show_header('DMCA'); ?>
 
 <h2>DMCA Information</h2>
 
 <section class="tldr">
   <p>
     <em>If</em> you're a copyright owner or an agent of one,
-    <em>and</em> you believe that user-generated content (UGC) on the domain
+    <em>and</em> you believe that user-generated content on the domain
     https://biotorrents.de infringes your copyrights:
     <em>then</em> you may notify our Digital Millennium Copyright Act (DMCA) agent in writing.
   </p>
@@ -17,27 +16,26 @@ View::show_header('DMCA');
   <ul class="p">
 
     <li>
-      Identification of the copyrighted work claimed to have been infringed.
+      Identification of the copyrighted work you claim is infringed.
       <em>Please include your copyright registration number or proof of status pending.</em>
       Claims for U.S. works require registration.
-      Requests without a registration number will be ignored.
     </li>
 
     <li>
-      Identification of the material that is claimed to be infringing.
+      Identification of the material you claim is infringing.
       To speed up processing, please include:
       (1) the permalink <code>[PL]</code> URI, <em>and</em>
       (2) the BitTorrent <code>info_hash</code>.
     </li>
 
     <li>
-      A statement that you have a good faith belief that use of the material in the manner complained of is not
-      authorized by the copyright owner, its agent, or the law.
+      A statement that you have a good faith belief that the material's use in the manner you complain of
+      isn't authorized by the copyright owner, its agent, or the law.
     </li>
 
     <li>
-      A statement that the information in the notification is accurate, and under penalty of perjury,
-      that you're authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.
+      A statement that the notification's information is accurate, and under penalty of perjury,
+      that you're authorized to act on behalf of an allegedly infringed exclusive right.
     </li>
 
 
@@ -56,23 +54,13 @@ View::show_header('DMCA');
     Omics Tools LLC reserves the right to ignore requests for unregistered works.
   </p>
 
-  <p>
-    We authenticate all valid requests.
-    As a stopgap pending investigation,
-    access to the targets of valid requests will be expeditiously disabled.
-  </p>
-
-  <p>
-    All relevant parties will be notified and updated during the investigation.
-    The targets of successful claims will then be deleted.
-  </p>
-
+  <?php
+  /*
   <p>
     Circumstances that may delay processing, including not limited:
   </p>
 
   <ul class="p">
-
     <li>
       URI formulations that violate BioTorrents.de's normal access rules,
       e.g., unsecured HTTP, <em>or</em> requests that fail to identify specific pieces of UGC.
@@ -88,7 +76,6 @@ View::show_header('DMCA');
       or encoded in other formats than UTF-8 or ASCII.
     </li>
 
-
     <li>
       PO boxes, addresses outside the U.S., or addresses that can't accept USPS Certified Mail.
       VoIP telephone numbers or numbers without a <code>+1</code> country code.
@@ -103,10 +90,11 @@ View::show_header('DMCA');
       Any email that violates
       <a href="https://www.law.cornell.edu/uscode/text/15/7704">15 USC 7704(a)</a>.
     </li>
-
   </ul>
+  */ ?>
 
   <p>
+    We'll expeditiously disable access to the targets of valid requests.
     Our agent to receive notifications of claimed infringement is:
   </p>
 

sections/legal/privacy.php

@@ -6,11 +6,10 @@ View::show_header('Privacy'); ?>
 <h2>Privacy Policy</h2>
 
 <section class="tldr">
-
   <p>
-    This policy explains how Omics Tools LLC handles the personal data we collect from you when you use our website.
-    You grant consent on account registration by checking the box that reads,
-    "I consent to the privacy policy and may revoke my consent at any time."
+    Omics Tools LLC safeguards the personal data we collect from you on our website.
+    You consent on account registration by checking the box labelled,
+    "I consent to the privacy policy."
   </p>
 
 
@@ -19,20 +18,41 @@ View::show_header('Privacy'); ?>
   </h3>
 
   <p>
-    We collect usernames, email addresses, GPG keys,
-    passphrases, API keys, site activity and preferences,
-    IP addresses, and server error logs.
+    We collect and use personal data defined as
   </p>
 
+  <ul>
+    <li>
+      usernames, email addresses, passphrases, and 2FA seeds;
+    </li>
+
+    <li>
+      GPG keys, IRC keys, API keys, passkeys, and authkeys;
+    </li>
+
+    <li>
+      IP addresses, and login and access timestamps;
+    </li>
+
+    <li>
+      account preferences, activity, and history;
+    </li>
+
+    <li>
+      and server error logs.
+    </li>
+  </ul>
+
   <p>
-    We don't collect access logs or compile personal data for any commercial reason.
-    Also, we explicitly deny all known browser features, including not limited:
-    camera, microphone, sensors, wake-lock, USB, encrypted media, autoplay, etc.
+    We don't collect cross-origin data.
+    Also, we don't access
+    <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy#directives">browser features</a>
+    such as camera, microphone, and sensors.
   </p>
 
   <p>
-    You directly provide us with most of the data we collect.
-    We collect and process your personal data when you
+    You directly provide us with most personal data.
+    We collect data when you
   </p>
 
   <ul>
@@ -45,11 +65,11 @@ View::show_header('Privacy'); ?>
     </li>
 
     <li>
-      participate in our forums and chat rooms, and
+      participate in our forums and chat rooms,
     </li>
 
     <li>
-      use our website with cookies or API keys.
+      and use our website with cookies or API keys.
     </li>
   </ul>
   <br />
@@ -60,32 +80,24 @@ View::show_header('Privacy'); ?>
   </h3>
 
   <p>
-    We only use your data to manage your account and administer the site.
-    We never sell or otherwise provide data to third parties, except by authenticated subpoena.
-  </p>
-
-  <p>
-    All data read, written, or deleted under this policy will only be managed by SQL queries,
-    and any data returned will only be provided as raw output (database dumps).
+    We use your personal data to manage your account and administer the site.
+    We don't sell or provide data to third parties, except as required by law.
   </p>
 
   <p>
-    We securely store your data on our hardened MariaDB instance.
-    Only Unix socket connections are allowed, and certain services like IRC are denied.
-    Database tools aren't accessible on the public internet.
+    We store your personal data on our own servers.
+    Sensitive data is encrypted or hashed, defined as:
+    email and IP addresses, private messages, passphrases, and API keys.
   </p>
 
   <p>
-    Email and IP addresses, and private messages between users,
-    are encrypted and then decrypted in memory.
-    Certain data is hashed before storage and therefore unrecoverable,
-    including passphrases and API keys.
-    Please don't request ciphertext.
+    We'll keep your personal data until account termination.
+    Please contact us to terminate your account.
+    Termination deletes your personal data and revokes your passkey.
   </p>
 
   <p>
-    We'll keep your data for your account's lifetime.
-    When that time expires, we'll delete your data by written request.
+    Note that we may need to keep data for archiving purposes.
   </p>
 
 
@@ -94,54 +106,49 @@ View::show_header('Privacy'); ?>
   </h3>
 
   <p>
-    We'd like to make sure you're fully aware of your data protection rights.
-    Each user is entitled to GDPR protection regardless of their jurisdiction.
-  </p>
-
-  <p>
-    Please attach a screenshot of your profile page to prove account ownership for any transaction.
-    It's okay to redact sensitive data like email and passkey.
+    EU residents are entitled to GDPR protections.
+    Please attach a screenshot of your profile page to prove account ownership,
+    and redact sensitive data if you wish.
   </p>
 
   <ul class="p">
     <li>
       <strong>Access.</strong>
-      You have the right to request copies of your data.
+      You have the right to request copies of your personal data.
       We may charge a small fee for this service.
     </li>
 
     <li>
       <strong>Rectification.</strong>
-      You have the right to request that we correct what you believe is inaccurate,
-      and to request that we complete what you believe is not.
+      You have the right to request we correct what you believe is inaccurate,
+      and to request we complete what you believe is not.
     </li>
 
     <li>
       <strong>Erasure.</strong>
-      You have the right to request that we erase your data, under certain conditions.
+      You have the right to request we erase your personal data on certain conditions.
     </li>
 
     <li>
       <strong>Restrict Processing.</strong>
-      You have the right to request that we restrict processing your data,
-      under certain conditions.
+      You have the right to request we restrict processing your personal data on certain conditions.
     </li>
 
     <li>
       <strong>Object to Processing.</strong>
-      You have the right to object to our processing your data, under certain conditions.
+      You have the right to object to our processing your personal data on certain conditions.
     </li>
 
     <li>
       <strong>Data Portability.</strong>
-      You have the right to request that we transfer data we've collected to you or to others,
-      under certain conditions.
+      You have the right to request we transfer personal data we've collected to you or to others,
+      on certain conditions.
     </li>
   </ul>
 
   <p>
     If you make a request, we have one month to respond.
-    Please contact us if you'd like to exercise any of these rights.
+    Please contact us if you'd like to exercise these rights.
   </p>
 
 
@@ -154,11 +161,6 @@ View::show_header('Privacy'); ?>
     When you log into our website, we save cookies to your browser's local storage.
   </p>
 
-  <p>
-    We strongly encourage you to use an updated browser with sandboxed tabs,
-    and to set your browser to deny disk access and wipe transient data on shutdown.
-  </p>
-
   <p>
     We use cookies to keep you signed in.
     Our secure session cookie parameters include:
@@ -208,9 +210,7 @@ View::show_header('Privacy'); ?>
   </h3>
 
   <p>
-    We regularly review our policy and publish updates here.
-    Updates will usually describe new security developments.
-    We last updated this policy on 2021-02-11.
+    We last updated this policy on 2021-02-12.
   </p>
 
 
@@ -219,9 +219,9 @@ View::show_header('Privacy'); ?>
   </h3>
 
   <p>
-    If you have any questions about our policy,
-    the data we hold on you,
-    or you'd like to exercise one of your data protection rights,
+    If you have questions about our policy,
+    the personal data we hold on you,
+    or you'd like to exercise your data protection rights,
     please don't hesitate to contact us.
   </p>
 
@@ -245,57 +245,6 @@ View::show_header('Privacy'); ?>
     gdpr at biotorrents dot de
   </p>
 
-
-  <h3>
-    How to contact the authorities
-  </h3>
-
-  <p>
-    Should you wish to report a complaint,
-    or if you feel that we haven't satisfactorily addressed your concerns,
-    contact the Information Commissioner's Office.
-  </p>
-
-
-  <h3>
-    COPPA
-  </h3>
-
-  <p>
-    Omics Tools LLC doesn't knowingly collect data from under-thirteens.
-    Our terms require that all users be 18 or older.
-    If you believe a child gave out personal data on BioTorrents.de,
-    please contact us at once.
-  </p>
-
-  <p>
-    <strong>
-      Email
-    </strong>
-    <br />
-    coppa at biotorrents dot de
-  </p>
-
-
-  <h3>
-    HIPAA
-  </h3>
-
-  <p>
-    Omics Tools LLC doesn't knowingly collect data that violates patient privacy.
-    We publish guides on how to anonymize data, and our rules restrict unsanitized data.
-    If you believe that content on BioTorrents.de compromises a patient's identity,
-    please contact us at once.
-  </p>
-
-  <p>
-    <strong>
-      Email
-    </strong>
-    <br />
-    hipaa at biotorrents dot de
-  </p>
-
   <p>
     Please use
     <a href="https://pgp.mit.edu/pks/lookup?op=get&search=0x760EBED7CFE266D7" target="_blank">GPG 760EBED7CFE266D7</a>

sections/register/step1.php

@@ -89,7 +89,7 @@ if (empty($Sent)) { ?>
       <td align="left">
         <input type="checkbox" name="readwiki" id="readwiki" value="1" <?php if (!empty($_REQUEST['readwiki'])) { ?>
         checked="checked"<?php } ?> />
-        <label for="readwiki">I consent to the privacy policy and may revoke my consent at any time</label>
+        <label for="readwiki">I consent to the <a href="/legal.php?p=privacy">privacy policy</a></label>
         <br /><br />
 
       </td>