The Computer Science Department Techstaff and the Server administrator have created this privacy statement in order to demonstrate our firm commitment to privacy. The following discloses the information gathering and dissemination practices for this web site.
Information Automatically Logged
With extreme specificity, this is EXACTLY what this site logs:
HTTP Apache Log format:
LogFormat “%h %l %u %t \”%r\” %>s %b \”%{Referer}i\” \”%{User-Agent}i\””
These codes can be decoded using the table found on this Apache document site related to mod_log_config.
In short, Apache logs remote host, remote user (from auth; only if supplied by your browser – it almost never is, and we don’t require or request it), a timestamp, the last status of the request made by your browser, size of the response sent (in bytes), the referring URL, and the useragent string of your browser (mozilla, IE, opera, etc).
We don’t enable IdentityCheck in Apache, so we don’t log the “remote logname from identd” even though the field is specified. These logs are kept indefinitely, and rotated occasionally, where indefinitely means “until hard drive space is low enough to worry about log files”.
FTP (VSFTPD) Log format:
VSFTPD is configured to use standard ftpd log format, and logs the following:
Timestamp, remote IP, login name (for anonymous, it logs whatever a user puts in the login name field; this is traditionally the user’s email address, but is never verified, and almost everyone leaves it blank or fills in bogus information – we only log what is provided voluntarily, and a valid email address is not required), the command made (GET, STOR, PWD, etc), the file requested, and the status of the request.
These logs are industry standard and do not log any information beyond what is required to provide adequate service to site visitors.
Only server administrators have access to log information. This data may be used to preserve the integrity of our computing resources, and will be supplied to any law enforcement agency with jurisdiction upon request and pending conformation of a properly executed warrant.
Personal Information
This site does not request any personal information or collect any information that personally identifies you or allows you to be personally contacted. The sole exception to this rule is, as stated above, that we log the contents of the “username” field for anonymous FTP connections. As stated, traditionally this field is the anonymous user’s email address, and some FTP clients suggest that the user provide their email address. This is never required; any user is given access to the site regardless of whether they supply anything (or nothing) in the “username” field; and any email address received in such fashion are never verified or used for any purpose. Since we have no control over what an FTP client asks a user to enter in this field, we have added the following to our login banner (provided by the FTP server upon connection): This is mirror.cs.vt.edu provided by the Computer Science Department at Virginia Tech. Anonymous login does NOT require a valid email address – see the privacy statement at http://mirror.cs.vt.edu/public_html/privacy.html.
Since we do not collect any personal information on this site, we do not share any personal information with any third parties nor do we use any personal information for any purposes.
Links to Virginia Tech Sites
This site contains links to other Virginia Tech pages. The privacy practices of other pages may vary with the purposes of the page. Consult the privacy statement on each page.
Links to External Sites
This site contains links to other sites. Virginia Tech is not responsible for the privacy practices or the content of such web sites.
Security
This site has security measures in place to protect the loss, misuse, and alteration of the information under our control.
User and password information is encrypted before it is transmitted across the network.
Users should also consult Virginia Tech’s Policy on Acceptable Use. Nothing on this document shall be represented as authoritative in favor of the Virginia Tech AUP.
Virginia Tech complies with all statutory and legal requirements with respect to access to information.
Contact Information
If you have questions about this site or this privacy statement, please contact the Server Administrator at [email protected].