የግላዊነት ፖሊሲ

ሳይፈን የደምበኞቹን፣ የመጨረሻ ተጠቃሚዎቹን፣ የአከፋፋዮቹን እና የአቅራቢዎቹን የጋላዊነት ፍላጎቶች ለመጠበቅ ይተጋል። ይህ የግላዊነት ፖሊሲ የታሰበው የግል መረጃዎችዎ እንዴት ጥቅም ላይ እንደሚውል አጠቃላይ መረጃ ለማቅረብ ነው። ሳይፈን ዋና መስሪያቤቱ በኦንታሪዮ የሚገኝ ካናዳዊ ኩባንያ ሲሆን የግላዊነት ፖሊሲያችን የካናዳን እና የኦንታሪዮን የግላዊነት ህጎች እና ደንቦች እንዲያንጸባርቅ ተደርጎ የተቀረጸ ነው።

የካናዳ እና ኦንታሪዮ የግላዊነት ህጎችን በተመለከተ የበለጠ መረጃ ለማግኘት እባክዎን የሚከተለውን ይጎብኙ፡-

ሳይፈን የሚሰበስበው የተጠቃሚዎች መረጃ ምን አይነት ነው?

ከአገልግሎታችን ጋር የተያያዙ ችግሮችን ለመፍታት ሳይፈን ከጊዜ ወደ ጊዜ ተጨማሪ መረጃዎችን ሊመዘግብ ይችላል። ይህ ሲከሰት ምን እንደተመዘገበ፣ ለምን ያህል ጊዜ እንደተቀመጠ እና ለምን እንደተመዘገበ የሚገልጽ ዓረፍተ ነገር በግላዊነት መመሪያው ላይ እናስገባለን።

User Activity and VPN Data

እርስዎን ለምን ሊያሳስብዎት ይገባል?

When using a VPN or proxy you should be concerned about what the VPN provider can see in your data, collect from it, and do to it.

When you use a VPN, all data to and from your device goes through it. If you visit a website that uses unencrypted HTTP, all of that site's data is visible to the VPN. If you visit a website that uses encrypted HTTPS, the site content is encrypted, but some information about the site might be visible to the VPN. Other apps and services on your device will also transfer data that is encrypted or unencrypted. (Note that this is distinct from the encryption that all VPNs provide. Here we're only concerned with data that is or is not encrypted inside the VPN tunnel.)

For unencrypted services, it is possible for a VPN provider to see, collect, and modify (e.g., injecting ads into) the contents of your data. For encrypted data, it is still possible for a VPN to collect metadata about sites visited or actions taken. You should also be concerned with your VPN provider sharing your data with third parties.

What does Psiphon NOT do with your data?

We DO NOT collect or store any VPN data that is not mentioned here.

We DO NOT modify the contents of your VPN data.

We DO NOT share any sensitive or user-specific data with third parties.

What kinds of user data does Psiphon collect?

We will define some categories of data to help us talk about them in the context of Psiphon.

የተጠቃሚ ውሂብ

While a user's device is tunneled through Psiphon, we collect some information about how they're using it. We record what protocol Psiphon used to connect, how long the device was connected, how many bytes were transferred during the session, and what city, country, and ISP the connection came from. For some domains (but very few, and only popular ones) or server IP addresses (e.g., known malware servers) that are visited, we also record how many bytes were transferred to it. (But never full URLs or anything more sensitive. And only domains of general interest, not all domains.)

Geographical location and ISP info are derived from user IP addresses, which are then immediately discarded.

An example of user activity data might be: At a certain time a user connected from New York City, using Comcast, and transferred 100MB from youtube.com and 300MB in total.

We consider user activity data the most sensitive category of data. We never, ever share this data with third parties. We keep user activity data for at most 60 days, and then we aggregate it and delete it.

Aggregated Data

Data is “aggregated” by taking a lot of sensitive user activity data and combining it together to form coarse statistical data that is no longer specific to a user. After aggregation, the user activity data is deleted.

An example of aggregated data might be: On a particular day, 250 people connected from New York City using Comcast, and transferred 200GB from youtube.com and 500GB in total.

Aggregated data is much less sensitive than activity data, but we still treat it as potentially sensitive and do not share it in this form.

Shareable Aggregated Data

When sharing aggregated data with third parties, we make sure that the data could not be combined with other sources to reveal user identities. For example, we do not share data for countries that only have a few Psiphon users in a day. We make sure that the data is anonymized.

We also never share domain-related information with third parties.

An example of shareable aggregated data might be: On a particular day, 500 people connected from New York City and transferred 800GB in total.

An example of data that is not shareable: On a particular day, 2 people connected from Los Angeles. Those people will be included in the stats for the entire US, but that is too few people to anonymously share city data for.

Psiphon (ሳይፈን) የተጠቃሚ እንቅስቃሴ እና የተጠራቀመ ውሂብን ምን ያደርጋል?

Activity and aggregated statistical data are vital for us to make Psiphon work best. It allows us to do things like:

  • Monitor the health and success of the Psiphon network: We need to know how many people are connecting, from where, how much data they're transferring, and if they're having any problems.
  • Monitor threats to our users' devices: We watch for malware infections that attempt to contact command-and-control servers.
  • Ensure users stay connected while foiling censors: We try to detect that a user is behaving like a real person and then reveal new Psiphon servers to them. (This is our obfuscated server list technology.)
  • Estimate future costs: The huge amount of user data we transfer each month is a major factor in our costs. It is vital for us to see and understand usage fluctuations.
  • Determine the nature of major censorship events: Sites and services often get blocked suddenly and without warning, which can lead to huge variations in regional usage of Psiphon. For example, we had up to 20x surges in usage within a day when Brazil blocked WhatsApp or Turkey blocked social media.
  • Understand who we need to help: Some sites and services will never get blocked anywhere, some will always be blocked in certain countries, and some will occasionally be blocked in some countries. To make sure that our users are able to communicate and learn freely, we need to understand these patterns, see who is affected, and work with partners to make sure their services work best with Psiphon.

Who does Psiphon share Aggregated Data with?

Shareable aggregated data is shared with sponsors, organizations we collaborate with, and civil society researchers. The data can be used to show such things as:

  • How well Psiphon is working in a particular region.
  • The blocking patterns in a given country, for example during political events.
  • That the populace of a country is determined to access the open internet.

Again, only anonymized shareable aggregated data is ever shared with third parties.

Psiphon Client Advertising Networks

አገልግሎታችንን ለመደገፍ እንድንችል እንደ ኩኪዎች እና የድር ቢከን ያሉ ቴክኖሎጂዎችን የሚጠቀሙ ማስታወቂያዎችን አልፎ አልፎ እንጠቀማለን። የማስታወቂያ አጋሮቻችን ኩኪዎችን መጠቀም እነርሱን እና አጋሮቻቸውን በእርስዎ የዳታ አጠቃቀም ላይ በመመስረት ማስታወቂያዎችን እንዲያስተላልፉ ያስችላቸዋል። በዚህ ሂደት የሚሰበሰብ ማንኛውም መረጃ የሚያዘው በማስታወቂያ አጋሮቻቻን የግላዊነት ፖሊሲዎች ውል መሰረት ነው፡-

የሚከተለውን በመጎብኘት ፍላጎትን መሰረት ካደረገ የማስታወቂያ ኩኪዎች አጠቃወም መውጣት ይችላሉ፡-

Psiphon Websites

የጎግል ትንታኔዎች

በአንዳንድ ድረ ገጾቻችን ላይ ስለ አጠቃቀም መረጃ ለመሰብሰብ Google Analyticsን እንጠቀማለን። በGoogle Analytics የሚሰበሰቡ መረጃዎች ጥቅም ላይ የሚውሉት በተለይ በዚህ ድረ ገጽ ላይ ያሎትን የዳሰሳ ባህሪ ስታትስቲካዊ ትንታኔ ለመስራት ብቻ ነው። ከGoogle Analytics የምናገኘው መረጃ የሰዎችን ማንነት አይገልጽም እንዲሁም የሰዎችን ማንነት የሚገልጹ መረጃዎችን ለመፍጠር ከሌሎች ምንጮች መረጃ ጋር አይቀላቀልም።

Google Analytics sets a permanent cookie in your web browser to identify you as a unique user the next time you visit the site, but this cookie cannot be used by anyone except Google, and the data collected cannot be altered or retrieved by services from other domains.

የGoogle ሰለ ጎበኟቸው ድረ ገጾች በGoogle Analytics የተሰበሰቡ መረጃዎችን የመጠቀም እና የማካፈል ችሎታ በGoogle Analytics የአጠቃቀም ውሎች እና በGoogle የግላዊነት ፖሊሲየተወሰነ ነው። በድር መዳሰሻዎ የምርጫ ቅንብር ውስጥ ኩኪዎች በማጥፋት ከዚህ አማራጭ ራስዎን ሊያወጡ ይችላሉ።

የማጠራቀሚያ መዳረሻ መዝገብ

እንደ የድረ ገጽ ፋይሎች እና የሳይፈን አገልጋይ ማግኛ ዝርዝሮች ያሉ ሀብቶችን ለማጠራቀም Amazon S3ን እንጠቀማለን። አንዳንዴ ለእነኚህ መዛግበት የማውረጃ መዝገቦችን እናነቃለን። እነዚህን መዛግብት መተንተን ”ምን ያህል ተጠቃሚዎች የአገልጋይ ማግኛ ዝርዝሮችን ማውረድ ጀምረው አልጨረሱም?” ፣ “የወረደው ዳታ በድረ ገጹ ሀብቶች እና በአገልጋይ ማግኛ መካከል እንዴት ነው የሚካፈለው?” እና “አጥቂ በድረ ገጾቻችን ላይ ያገልግሎት ክልከላ ጥቃት ለመፈጸም እየሞከረ ነው?” እና የመሳሰሉትን ጥያቄዎች ለመመለስ ይረዳናል።

S3 የበኬት መዳረሻ መዝገቦች የIP አድራሻዎችን፣ የተጠቃሚ ኤጀንቶችን እና የጊዜ ማህተሞችን ይይዛሉ። እንዚህ መዝገቦች የሚጠራቀሙት በራሱ S3 ስለሆነ Amazon ሊያገኛቸው ይችላል። (ቢሆንም Amazon ሰነዱን ቀድሞውኑ ስለሚያቀርብ ይህን መረጃ ማግኘት ይችላል።) የሳይፈን አበልጻጊዎች መዝገቦቹን አውርደው ካጠቃለሉ እና ከተነተኑ በኋላ ዝርዝሩን ያጠፉታል።  ጥሬ ዳታ የሚቀመጠው እስኪጠቃለል ብቻ ሲሆን ለሶስተኛ ወገን አይጋራም።

PsiCash

The PsiCash system only collects information necessary for the functioning of the system, monitoring the health of the system, and ensuring the security of the system.

The PsiCash server stores per-user information to allow for operation of the system, including:

  • generated user access tokens
  • ቀሪ ሒሳብ
  • last activity timestamp
  • PsiCash earning history, including what actions the rewards were granted for
  • PsiCash spending history, including what purchases were made

In the user's web browser, some data is stored to allow for earning rewards and making purchases. This data includes:

  • generated user access tokens
  • when a PsiCash reward is allowed to be claimed again

For monitoring system health and security, system activity data is collected and aggregated. This data includes:

  • የተጠቃሚ ሐገር
  • ቀሪ ሒሳብ
  • user agent string
  • የተገልጋይ ሥሪት
  • PsiCash earning and spending details

Individual user data is never shared with third parties. Coarse aggregate statistics may be shared, but never in a form that can possibly identify users.

ግብረመልስ

በሳይፈን በኩል ግብረመልስ ማስገባትን በሚመርጡበት ወቅት የምርመራ ዳታን የመጨመር አማራጭ አለዎት። ይህን ዳታ ሊያጋጥሞት የሚችሉትን ችግሮች ለመፍታት እና ሳይፈን ያለ ምንም ችግር እንዲሰራ እንዲያግዘን እንጠቀምበታለም። ይህንን ዳታ መላክ ሙሉ በሙሉ በምርጫ የሚደረግ ነው። ዳታው እርስዎ ሳይልኩት በፊት የሚመሰጠር ሲሆን የሚፈታውም በእኛ ብቻ ነው። በዳታው ውስጥ ያለው መረጃ በሚጠቀሙት አእማድ ሊለያይ ቢችልም የሚከተለውን ሊያካትት ይችላል፡-

Windows፡-

  • የስርአተ ክወና ስሪት
  • ጸረ ቫይረስ ስሪት
  • ከኢንተርኔቱ ጋር የተገናኙበት መንገድ (ለምሳሌ የሚጠቀሙት የዳይል አፕ ከሆነ ወይም የተገኛኙት በተኪ ከሆነ)
  • ኮምፒውተሮ ምን ያህል ነጻ የሜሞሪ ቦታ አለው

Android፡-

  • የአንድሮይድ ስሪት
  • የመሳሪያ ሞዴል
  • መሳሪያዎ ሩትድ መሆኑ ወይም አለመሆኑ

የኢሜል መላሽ

በራሱ ኢሜል ወደሚመልሰው አገልጋያችን የኢሜል ጥያቄ በሚልኩበት ወቅት የኢሜል አድራሻዎን ማየት እንችላለን ። ኢሜልዎ በሂደት ላይ እያለ የኢሜል አገልጋይ ዲስክ ላይ ይቀመጣል እናም ሂደቱ ከተጠናቀቀ በኋላ (አብዛኛውን ጊዜ በጥቂት ከሰንዶች ውስጥ) ወዲያውኑ ይሰረዛል። የኢሜል አድራሻዎ በስርአቱ የመዝገብ ሰነድ ላይ እንዲጻፍ አንፈቅድም።

የኢሜል ራስ መላሽ አገልጋያችን በAmazon EC2 ክላውድ ላይ ይስተናገዳል። ለእያንዳንዱ ጥያቄ ሁለት የኢሜል ምላሾችን እንልካለን እናም ከሁለቱ ለአንዱ ምላሽ የAmazon SESን እንጠቀማለን። ይህ ማለት Amazon እርሶ የላኩትን ኢሜል እና የእኛን ምላሽ ማየት ይችላል ማለት ነው።

ለእያንዳንዱ ለሚደርሰን ኢሜል የሚከተሉትን መረጃዎች እናስቀምጣለን፡-

  • የኢሜል ጥያቄውን የተቀበልንበትን ቀን እና ሰአት።
  • ለኢሜል ጥያቄው ምላሽ የተሰጠበትን ቀን እና ሰአት።
  • የኢሜሉን መጠን።
  • የኢሜል ጥያቄው የመጣበት የሜል አገልጋይ። (የጎራ ስሙ እጅግ የማይታወቁ ሶስት ክፍሎች። ለምሳሌ ne1.example.com እንጂ web120113.mail.ne1.example.com አይደለም።)

አንድን ችግር ለመመርመር ከፈለግን ለአጭር ጊዜ የሙሉ ሜል አገልጋይ መዝገብን ልናነቃ እንችላለን። በዛ ጊዜ ኢሜል ከላኩ የኢሜል አድራሻዎ በስርአት መዝገብ ውስጥ ይመዘገባል። እነዚህ መዛግብት ከአንድ ሳምንት በኋላ ይሰረዛሉ።

መተግበሪያ መደብሮች

ያስተውሉ ሳይፈንን እንደ Google Play Store ወይም Amazon AppStore ካሉ የ“የመተግበሪያ መደብሮች“ ላይ ካወረዱ በመደብሩ ተጨማሪ ስታትስቲኮች ሊሰበሰብ ይችላል። ለምሳሌ Google Play Store ምን ምን እንደሚሰበስብ ገለጻ ይኸውልዎ፡- https://support.google.com/googleplay/android-developer/answer/139628?hl=am