AlphaChat IRC Network Privacy Policy
Effective date of the commencement of this Privacy Policy: 2018-05-25
History:
This document lays out the information that the AlphaChat IRC Network (hereinafter referred to as "this network") collects, how that information is used (and what for), and how to view, correct or remove this information.
This network collects both personal and non-personal information from its users. Personal information is information that could be used to identify you (whether by itself or in combination with other information). Non-personal information is all other information. Information that is voluntary (i.e. you can choose whether or not to divulge it) is denoted by an asterisk (*). Note that having a services account is not required to use this network (but it may be required for some channels, subject to the whims of the founders and operators of those channels, and it may be required for some forms of network access, such as via the Tor Hidden Service).
Personal information collected:
Non-personal information collected:
Nicknames are used to tell clients on the network apart, to properly route private messages, and are displayed in your /WHOIS output.
Host Names are used to enforce bans (both network bans ("K-Lines") and channel bans).
IP Addresses are used to enforce bans (both network bans and channel bans), to check against DNS Block Lists at connection time, to scan for open proxies at connection time, and to enforce session limits (maximum simultaneous number of permitted connections to this network from the same host). Note that when you connect to this network, your IP address will be sent to various providers of DNS Block Lists to check whether any other IRC networks have sufferred abuse from the address or whether a machine using that address has been compromised (e.g. become part of a botnet or is running an abuseable open proxy). If you do not consent to this check, you must not connect to this network, as there is no way to opt out of it; it is necessary for us to prevent large scale abuse of this network. This is the only information that we share with third parties.
E-mail Addresses are used during services account registration (to confirm your E-mail address), to enable your password to be reset should you forget it, to enable important information to be delivered to you by network staff (such as a data breach notification, or a new password should it become necessary for us to change it on your behalf), and to have copies of any memos sent to you to be delivered to your e-mail inbox (opt-in).
User Names are used to tell multiple clients behind the same address apart for the purposes of banning one of them (from either the network or individual channels), and are displayed in your /WHOIS output.
Real Names are used to enforce bans (both network bans and channel bans), and are displayed in your /WHOIS output. It is recommended that you not provide this information if you do not wish for this to be visible to other people.
Services Accounts are used to provide you with a persistent identity, to retain your access to channels and groups (and to enable you to register channels and groups), and to prevent others from using your identity.
The only information we hold about you of a non-transitory nature is the information related to your services
account (if any). All of this information (minus your services password and its hash) can be viewed with the
following commands:
Any information we hold about you that is inaccurate or out of date can be rectified through use of the
NickServ SET command. For example:
If you wish for us to permanently remove all information associated with your services account, you can drop
the account with the NickServ DROP command. Note that this command will need to be confirmed (you will receive
instructions). Usage:
If you have any further inquiries, please use /msg NickServ HELP COMMANDS and /msg NickServ HELP SET; or /join #help; or email admin@alphachat.net.
Services Accounts will expire if they are unused (not logged into) for 90 days. However, the services database is backed up every night, and those backups are kept for 30 days. Thus, the maximum amount of time that your information will be retained is 120 days after you stop using your account, or 30 days after you drop your account (see above), whichever is sooner.
The only information we share with third parties is your IP address (in accordance with the conditions as described above). We will never share any other information, including your e-mail address (for any purpose); nor will we use or share your IP address for a purpose other than as described above.
[1] As provided by your IRC client, e.g. nickname!username@hostname [realname]
If you use our WebChat, this is the nickname you fill out on the connection details page
[2] As provided by your IRC client, e.g. nickname!username@hostname [realname]
If you use our WebChat, the username is a fixed non-configurable string "acwebchat"
[3] As provided by your IRC client, e.g. nickname!username@hostname [realname]
If you use our WebChat, the realname is a fixed link back to the webchat webpage
[4] This is never visible to network staff (or anyone else other than you). It is strongly hashed at the point that
it is supplied (during registration or when setting a new account password) or validated (during login). For our
more technically-minded users, our password hashing scheme is as follows:
Salt = CSPRNG(32)
Iterations = 64000
SaltedPassword = PBKDF2(PRF=HMAC-SHA2-256, password=<Password>, salt=<Salt>, c=<Iterations>, dkLen=32)
ServerKey = HMAC-SHA2-256(SaltedPassword, "Server Key")
ClientKey = HMAC-SHA2-256(SaltedPassword, "Client Key")
StoredKey = SHA2-256(ClientKey)
Store(Iterations + Salt + ServerKey + StoredKey) -> Database
This is, in effect, SCRAM (RFC 5802),
with SHA2-256 as the underlying digest algorithm (RFC 7677).
[5] If you send a memo to someone, it will be stored in the services database for them to retrieve later. If someone sends a memo to you, likewise; however, you can opt out of receiving memos with the /msg NickServ SET NOMEMO ON command. If you have not opted out of receiving memos, and you have opted in to receive them by email with the /msg NickServ SET EMAILMEMOS ON command, a copy of any memos you receive will be sent to you by e-mail; but the memo will still exist in the services database for future reference, until you delete it.