您来自
 
 
隐私
 
Overview

We treat a user's privacy seriously, period. It is true whether or not he/she is registered or logged in or not. It is one of our fundamental objectives in the overall system design. The means by which we use to protect a user's privacy also have a plurality of technical advantages as compared to many other sites.

Registration Information

All registered users need to use a verifiable e-mail address as their login user name. Other information required at the present are their social name and web nickname of their choice.

The registered e-mail address of a user will be use for purposes of user identification and possibly peer communication through the site. It will not be exposed, or sold to any third party prior to a consent from the user is obtained.

Digital Certificates

Besides the manually operated private distributed certificate exchange mechanism, there is a more efficient public digital certificates database on the site. The user can choose to publish some of their digital certificates to the database, which provides a centralized channel to expand his/her public peer networks. Our system is designed to make it harder for uninvited parties to search a stranger's certificate without sufficient information about the user.

Cookies

A cookie is a small data set sent by the server to the user's machine to store. Most sites nowadays use cookies to distinguish a user from other ones so that his/her personal preferences can be kept. There are temporary ones which stay in memory or permanent ones which are written onto a user's hard disk. The information contained cookies sent by this site are not recorded by the server. Most of the said information is also encrypted (AES, 256 bit key) before sending to the user's machine so that it can not be explored on its way to the user or while stay on the user's machine in any meaningful way. Currently the user's geographic, language, and culture context selection information are included in the cookie.

Sensitive Information

Sensitive information includes information that the site need not know, but it nevertheless has to pass through the site. It includes, but not limited to, a user's credit card number or other sensitive messages between users. A user have three kind of means to use to send sensitive information

  • The conventional SSL channel, which is used by majority of sites in operation. It secures the data on its way to the server and authenticates the server only in most real deployments. It's up to the site to decide how the data is handled once it arrives at the server. The said data is encrypted (AES, 256 bit key) on this site before it enters the database. Only a system level administrator and a few transaction handler (which will be a machine in the future) who know the key can access the data.
  • Third party payment gateways. The user's sensitive data do not stay on the server, if it goes through it at all.
  • Entity to entity secured channel supported by our technology. Nobody except the receiver entity (which could have more than one individual behind it) selected by the user will be able to comprehend the said data. Most likely, a receiver could has nothing to do with the site at all. Both the identity of the sender and receiver are authenticated.