隐私政策

赛风致力于保护其客户、最终用户、分发商和供应商的隐私权益。本隐私政策旨提供有关如何使用个人隐私的一般信息。作为一家总部位于安大略省加拿大公司,赛风的隐私政策是根据加拿大和安大略省隐私法规法律制定。

有关加拿大和安大略省隐私法律的更多信息,请访问:

赛风旨在为用户提供在线内容的访问渠道,并不会提升在线隐私,因此不应视为或作为在线安全工具。

赛风收集用户的哪些信息?

为了解决问题,有时赛风可能需要收集其他信息。出现这种情况时,我们将在隐私公告 添加相关条目,说明数据的内容、保存时间和原因。`

Psiphon 客户端软件

广告网络

有时,为了支持我们提供的服务,赛风有时使用了广告系统。这可能使用诸如 Cookie 和 Web 信号的技术。为了能够根据用户的使用情况提供广告,我们的广告合作伙伴使用了 cookie。对于在该过程中收集的任何信息,其处理将遵循广告合作伙伴的隐私政策:

基于兴趣的广告使用 cookie,如需选择退出 cookie 使用,请访问:

Psiphon Websites

Google Analytics

我们在一些网站上使用 Google Analytics 来收集使用信息。Google Analytics 收集的用于对该特定网站用户浏览行为进行统计分析。我们从 Google Analytics 获取的信息并不能对个人进行识别,同时不会将其与其他来源获取的数据组合以生成可识别个人的信息。

Google Analytics 在浏览器中植入永久 cookie,以便下次访问某网站时将用户标识为唯一用户,不过只有 Google 可以使用该 cookie,其他域名服务也无法修改或获取这些收集的数据。

对于通过 Google Analytics 收集的本网站用户访问信息,Google 进行使用或分享时应遵循 Google Analytics 使用条款谷歌隐私政策。如需选择退出信息收集,可在浏览器的首选项设置中禁用 cookie。

存储访问日志

我们使用 Amazon S3 储存资料,例如网站文件和赛风服务器搜寻列表。我们有时启用文件下载日志记录,以便对日志进行分析来回答某些问题,如:“多少用户中断了服务器搜寻列表的下载?”,“下载的数据如何在网站资料及服务器搜寻间分配?”,以及“我们的网站是否面临拒绝服务攻击?”

S3 存储桶访问日志包含 IP 地址、用户代理以及时间戳。这些日志存储在 S3 本身,因此亚马逊将有权限访问这些日志。(不过,因为这些文件已经使用了 Amazon 服务器,他们本来已经可以获取这些信息。)Psiphon 开发者将下载这些日志,并对数据进行汇总和分析,然后删除日志。原始数据将保留更长时间,直到足以对其进行汇总,同时这些数据并不与第三方分享。

赛风服务器

通过收集以下数据,我们可查看赛风正常运行情况、哪些网站受欢迎以及哪些传播策略有效。这些信息将与合作伙伴分享,以便他们可了解他们网站来自赛风访问量以及来自哪些国家。

  • 请求客户端下载链接的电子邮件数量
  • 升级数量
  • 每种协议的使用频率,以及失败后的错误代码
  • 发现新服务器的频率
  • 会话数量以及时长
  • 传输总字节数和特定域名的传输字节数
  • 客户端平台(简化的操作系统列表,如:不提供详细信息的浏览器用户代理)

在日常运行中,赛风服务器不收集用户 IP 地址。赛风不要求用户注册帐户,因此,默认情况下,也不存在对电子邮箱、用户名或密码的信息收集。

事件日志包括时间戳、区域代码 (国家和城市)和非标识属性 (包括赞助商 ID,具有由赛风客户端版本确定)、客户端版本以及协议类型。页面浏览在生成日志之前按照时间和/或会话进行统计。

所有与赞助商共享的统计资料将进一步按照日期、赞助商和地区进行汇总。

User VPN Data

Why should you care?

When using a VPN or proxy you should be concerned about what the provider can see in your data, collect from it, and do to it. For some web and email connections, it is theoretically possible for a VPN to see, collect, and modify the contents.

What does Psiphon do with your VPN data?

Psiphon looks at your data only to the degree necessary to collect statistics about the usage of our system. We record the total bytes transferred for a user connection, as well as the bytes transferred for some specific domains. These statistics are discarded after 60 days.

Psiphon does not inspect or record full URLs (only domain names), and does not further inspect your data. Psiphon does not modify your data as it passes through the VPN.

Even this coarse data would be difficult to link back to you, since we immediately convert your IP address to geographical info and then discard the IP. Nor is any other identifying information stored.

Why does Psiphon need these statistics?

This data is used by us to determine how our network is being used. This allows us to do things like:

  • Estimate future costs: The huge amount of user data we transfer each month is a major factor in our costs. It is vital for us to see and understand usage fluctuations.
  • Optimize for traffic types: Video streaming has different network requirements than web browsing does, which is different than chat, which is different than voice, and so on. Statistics about the number of bytes transferred for some major media providers helps us to understand how to provide the best experience to our users.
  • Determine the nature of major censorship events: Sites and services often get blocked suddenly and without warning, which can lead to huge variations in regional usage of Psiphon. For example, we had up to 20x surges in usage within a day when Brazil blocked WhatsApp or Turkey blocked social media.
  • Understand who we need to help: Some sites and services will never get blocked anywhere, some will always be blocked in certain countries, and some will occasionally be blocked in some countries. To make sure that our users are able to communicate and learn freely, we need to understand these patterns, see who is affected, and work with partners to make sure their services work best with Psiphon.

Who does Psiphon share these statistics with?

When sharing with third parties, Psiphon only ever provides coarse, aggregate domain-bytes statistics. We never share per-session information or any other possibly-identifying information.

This sharing is typically done with services or organizations we collaborate with — as we did with DW a few years ago. These statistics help us and them answer questions like, “how many bytes were transferred through Psiphon for DW.com to all users in Iran in April?”

Again, we specifically do not give detailed or potentially user-identifying information to partners or any other third parties.

PsiCash

The PsiCash system only collects information necessary for the functioning of the system, monitoring the health of the system, and ensuring the security of the system.

The PsiCash server stores per-user information to allow for operation of the system, including:

  • generated user access tokens
  • balance
  • last activity timestamp
  • PsiCash earning history, including what the actions the rewards were granted for
  • PsiCash spending history, including what purchases were made

In the user's web browser, some data is stored to allow for earning rewards and making purchases. This data includes:

  • generated user access tokens
  • when a PsiCash reward is allowed to be claimed again

For monitoring system health and security, system activity data is collected and aggregated. This data includes:

  • user country
  • balance
  • user agent string
  • client version
  • PsiCash earning and spending details

Individual user data is never shared with third parties. Coarse aggregate statistics may be shared, but never in a form that can possibly identify users.

反馈

通过赛风提交反馈时,可选择是否包含诊断数据。这些数据可帮助我们解决您可能遇到的问题,并有助于维持赛风的正常平稳运行。是否发送这些数据完全是可选的。在发送之前,将对数据进行加密,并且只有赛风可对其进行解密。数据所含信息因平台而不同,但可能包含:

Windows:

  • 操作系统版本
  • 杀毒软件版本
  • 互联网连接方式(如,使用拨号连线或者通过代理连接)
  • 电脑可用内存

Android:

  • Android 版本
  • 设备型号
  • 您的设备以获得 root 权限?

电子邮件响应程序

当用户发送电子邮件请求下载链接时,邮件自动效应程序服务器可看到用户的电子邮箱地址。服务器将该地址保存在硬盘上,以便对用户邮件进行处理。一旦处理完成,即删除该信息(通常需几秒时间)。赛风不允许将用户电子邮箱地址写入系统日志文件。

我们的邮件自动效应程序服务器托管在 Amazon EC2 云上。对每个请求我们会回复两封电子邮件,其中一封采用了 Amazon SES 回复。这意味著 Amazon 能看到您发的邮件以及我们的回复。

对于每一封电子邮件,我们保存以下信息:

  • 收到邮件请求的日期和时间。
  • 回复邮件请求的日期和时间。
  • 邮件的大小。
  • 请求电子邮件来源的邮件服务器。(域名最不确切的三个部分。例如,收集的信息为 ne1.example.com,而不是 web120113.mail.ne1.example.com。)

在需要对故障进行诊断时,我们可能在短时间内记录完整的邮件服务器日志。如果您在这段时间内发了邮件,您的电子邮件地址将记录到系统日志中。这些日志在一周后删除。

应用商店

请注意,如果您的赛风来自 Google Play 商店或是亚马逊应用商店,该应用商店可能收集其他统计信息。例如,Google Play 收集信息的说明如下: https://support.google.com/googleplay/android-developer/answer/139628?hl=zh