Agora's Privacy Policy ---------------------- It is my policy to respect the privacy of all users to the fullest extent possible. Any information obtained by me as System Administrator will be held in the strictest confidence allowed by law, perhaps more if I believe the law is wrong and someone with deep pockets is willing to back me up. That said, it's a fact of life that as system administrator, I have full access to all files and data on this system, as well as data transmitted through my network. It would not be truthful to claim that the capability doesn't exist. I don't go snooping around on a whim, but often, in the course of tracking down problems, I have to look at user data (particularly in the case of email problems). The one time when I will deliberately search a user's files is when there is evidence elsewhere in the system that said user has breached security. Maintaining the integrity of the system is of paramount importance and I have a responsibility to all users to make sure that any breaches are corrected as soon as possible. As a result, I will use all means at my disposal to identify the perpetrator and the nature of the breach, both to bring them to justice and to rectify the problem. Any such searches will be limited to searching for evidence relating to the breach. You also need to be aware of the standard features of the system. Unix and the Internet were developed in an era of openness and sharing, and security concerns have only recently begun to be addressed. If you are a shell user and not just using agora as a router (i.e. SLIP/PPP users), Unix provides a number of ways for users to see what other users are doing (not in detail, but commands and command lines are easily accessible with the "ps" and "w" commands, for example). In the case of the Internet, one should always assume that your traffic can be monitored, either legitimately or illegitimately. For example, cable modem users are on shared media and it's very easy for anyone to monitor all traffic on their segment, wireless users are equally vulnerable, and there have been several cases of hackers breaking into a backbone network and sniffing traffic routed through that network. To minimize privacy risks, I've long had the default permissions on home directories set so that only the owner can see what's in them (in fact that is the reason personal web pages are in a non-standard location --- the normal location requires that your home directory be open to all local users), but it's up to you to manage your data according to your desired level of privacy up to and including high strength encryption (available with PGP, which is installed on agora). If you are not familiar with Unix, and are concerned about privacy, your best option is to keep all private data on your own computer and use a SLIP or PPP connection to access the Internet and other services. If you have specific concerns, I can help you address them; just send mail to support@rdrop.com. Finally, note that *you* are responsible for any use or abuse of your account, so use good passwords, change them regularly and don't give them to anyone else. Shared accounts, while not prohibited, detract from accountability and privacy. A separate account for private email (typically a $2/month Low Volume account) is inexpensive and avoids a number of potential issues. I want to reiterate that I will do everything I can to protect the privacy of agora's users, while still providing as secure an environment as possible for those users, but you as a user need to take reasonable precautions on your own as well. I'm quite happy to assist you in this endeavor.