Add ToS and privacy policy
Signed-off-by: eternal-flame-AD <>
This commit is contained in:
4 changed files with 202 additions and 0 deletions
Normal file
Normal file
@ -0,0 +1,81 @@
||| 的隱私權政策
ゆめちのくに (YumechiNoKuni) 堅決致力於保護使用者的隱私並證明我們是值得信賴的。本隱私權政策概述了我們收到的個人資訊的類型、如何處理這些資訊、採取了哪些措施來保護您的數據,以及如何驗證我們是否遵守我們的政策。
TL;DR 非正式版本:據我們所知,我們是聯邦宇宙中最透明、最保護隱私的實例之一。
## 個人資訊
### 我們收集的資訊
- **帳戶資訊**:當您註冊帳戶時,我們將收集您的使用者名稱、電子郵件地址和密碼等資訊。您的使用者名稱將公開顯示,但您的電子郵件地址將保密,管理員除外。您的密碼將使用 bcrypt 進行加密,如果不進行強力搜尋就無法恢復,因此設定一個不易被猜到的密碼至關重要。
- **個人資料資訊**:您可以選擇在您的個人資料中提供其他信息,例如顯示名稱、頭像和個人簡介。此資訊將公開顯示並與其他實例聯合,我們無法阻止這種情況。
- **貼文、頁面和其他內容**:您在網站上發布的任何內容都將儲存在我們的伺服器上,除非您將貼文設定為「私人」或「僅限追蹤者」(前提是您沒有不在我們實例上的追蹤者)”,我們不能保證您的內容不會被非預期方看到,任何其他實例也不會尊重您刪除資料的請求。這是聯合協議的硬性限制,我們無法更改這一點,但是我們非常願意允許您註冊一個專用於私人內容的新帳戶。
- **多媒體和檔案文件**:文件儲存功能允許您像雲端儲存服務一樣上傳文件,但請注意,任何擁有該文件 ID 或連結的人都可以存取該文件。雖然該 ID 理論上很難猜測,但它不被認為是安全的,不應該用於敏感資訊。它也沒有加密到您的帳戶,這意味著(雖然我們已採取措施防止這種情況)伺服器上的惡意程式可能會存取您的檔案。
- **IP 位址**:軟體支援記錄用於登入嘗試的 IP 位址,您可以在「安全」標籤的帳戶設定中查看。目前沒有自助方式可以停用此功能,但您可以聯絡我們請求我們不再記錄您的 IP 位址。
- **伺服器日誌**:我們記錄其他實例的查詢或導致錯誤的請求以用於偵錯目的。雖然它們通常不容易追蹤到特定用戶,但我們可能知道有人試圖存取特定資源。
- **指標**:我們在伺服器端收集指標。這些指標是高度聚合的,不包含任何標識信息,它包含的信息包括處理請求所用時間的直方圖(按發出的請求類型劃分)、請求是否成功、伺服器使用的內存量以及傳入和傳出聯合訊息的數量。
## 我們如何使用您的資訊(以及我們如何證明它)
### 審核
### 法律請求
### 程式碼訪問
與上游所需的 AGPL 許可證一樣,此實例的原始程式碼可從 取得。我們還努力確保環境可以輕鬆複製,無需手動幹預新功能(例如 Pgroonga 全文搜索),並且我們添加了提交哈希的構建時注入,以便您可以輕鬆查看到底是什麼版本代碼正在運行(您可以從任何不處於開發模式的正在運行的實例透過“/nodeinfo/2.1”端點存取它)。
### 電子郵件
- 使用 SPF、DKIM 和 DMARC 防止電子郵件欺騙。
- 使用 MTA-STS 確保您傳送給我們的所有電子郵件通訊已加密。
- 請所有外寄電子郵件均使用 STARTTLS 加密。
### 資料儲存
您的資料儲存在位於奧地利維也納的伺服器上。我們對伺服器套用了全碟加密,並將每項服務僅限於自己的用戶,並啟用強制存取控制以防止未經授權的存取您的資料。您可以聯絡我們索取您的資料副本,我們將在 7 天內處理您的請求,您可以要求我們認為相對完整的資料包,也可以指定您希望接收的資料類型。
### 網路請求
- 不使用會解密您與我們服務的連線的第三方 CDN。
- 使用預先載入 HSTS 的 HTTPS 來確保您的連線是加密且安全的。這意味著即使是新安裝的瀏覽器如果無法建立安全連線也會拒絕連線到我們的服務。
- 在您的瀏覽器上實施沙箱,以防止任何外部內容或意外腳本在我們的網頁上運行。它由多個 HTTP 標頭組成,包括嚴格的內容安全策略、內容類型選項和幀限制。
- 防止第三方網站追蹤您,我們使用嚴格的推薦人政策來防止您在我們的服務上點擊的任何連結被發送到第三方網站。我們還要求您的瀏覽器在我們的瀏覽器沙箱上停用已知具有可疑隱私屬性的功能,例如「fLoC」、「主題 API」、「歸因報告」和 DRM。您可以造訪 查看我們的安全標頭以及專業說明。
- 在所有媒體檔案前面放置一個代理,隱藏請求的來源並防止下載危險的檔案格式。代理程式的原始碼可在 取得。
#### 僅限追蹤者的帖子
雖然您的網頁請求永遠不會直接發送給第三方,但您查找外部資源的請求(例如透過 URL 上傳文件、遠端使用者和註釋查找)將導致從我們的伺服器向外部伺服器發出請求,並且取決於是否外部伺服器聲稱他們需要用戶身份驗證,該請求可能會追溯到您。
#### 第三方應用程式
雖然我們使用了所有主流瀏覽器強制執行的安全功能,但我們不能保證第三方應用程式將保持相同的安全等級。如果您使用網站或 PWA(「新增至主畫面」功能)以外的服務,您應該注意,我們無法保證我們在上一節中所做的承諾。
### 指標
雖然我們不允許公眾訪問生產中的指標端點(將來可能允許長期用戶訪問),但我們的暫存環境中的原始指標端點在 https://test0.mi.yumechi 上開放供公眾審查.jp/metrics和。
此資訊將發送至第三方服務 [Grafana Cloud]( 以進行視覺化和警報。我們定期發佈公共儀表板的 PDF 匯出,展示我們在 收集的指標。
## 您可以採取哪些措施來保護您的隱私
### 帳戶安全
- **使用強密碼**:為了確保我們的網站不依賴第三方服務,我們僅對失敗的登入嘗試使用冷卻期。請使用不易被猜到的強密碼。
- **啟用雙重認證**:我們支援使用 TOTP 或 WebAuthn 的雙重認證。您可以在「安全性」標籤的帳戶設定中啟用它。我們已經更改了上游的行為,這樣,如果您僅將硬體金鑰用於2FA,我們將不喜歡但不要求您使用密碼保護您的硬體金鑰,因為硬體金鑰的系統使用者通常會保留物理密鑰。
- **重置您的登入權杖**:這是目前從上游繼承的限制,我們正在研究解決方案,但與此同時,請不要依賴註銷功能、請轉到“設定”->“安全性”->“重新產生登入權杖”」以重置您的令牌、如果您懷疑您的登入會話不再安全。
Normal file
Normal file
@ -0,0 +1,83 @@
ZH version: [隐私政策](./
Privacy Policy of
ゆめちのくに (YumechiNoKuni) is strongly committed to protecting user's privacy and proving that we are trustworthy. This privacy policy outlines the types of personal information we receive, how it might be processed, what measures have been taken to protect your data, and how to verify our compliance with our policy.
The informal version: We are as far as we know the most transparent and privacy-preserving instance in the fediverse.
## Personal Information
### Information We Collect
- **Account Information**: When you sign up for an account, we will collect information such as your username, email address, and password. Your username will be publicly displayed but your email address will be kept private except to the administrators. Your password will be encrypted with bcrypt and will not be recoverable without a brute force search, thus it is paramount that you set a password that is not easily guessable.
- **Profile Information**: You may choose to provide additional information on your profile, such as a display name, avatar, and bio. This information will be publicly displayed and federated to other instances, and there is no way to prevent this.
- **Posts, Pages and other Content**: Any content you post on the site will be stored on our servers, unless you have set the post to be "private" or "followers-only (under the condition that you do not have followers not on our instance)", we cannot guarantee that your content will not be seen by unintended parties, nor any foreign instances will honor your request to delete the data. This is a hard limit of the federation protocol and we cannot change this, however we are more than willing to allow you to register a new account dedicated to private content.
- **Multimedia and Drive Files**: The drive feature allows you to upload files as if it were a cloud storage service, however please note that anyone who has the ID or link to the file can access it. While the ID is theoretically hard to guess, it is not considered secure and should not be used for sensitive information. It was also not encrypted to your account, which means (while we have taken measures to prevent this) it is possible a malicious program on the server could access your files.
- **IP Address**: There is built-in support for logging IP addresses used for login attempts, which you can review in your account settings in the "Security" tab. There is currently no self-service way to disable this feature, however you can request for us no longer to log your IP address by contacting us.
- **Server Logs**: Requests that result in queries to other instances or cause errors are logged for debugging purposes. While they are usually not easily traceable to a specific user, we may know someone was trying to access a specific resource.
- **Metrics**: We collect metrics on the server side. The metrics are highly aggregated and do not contain any identifying information, it contains information such as a histogram of time taken to process the request by the kind of request is being made and whether the request was successful, the amount of memory used by the server and the amount of incoming and outgoing federation messages.
## How We Use Your Information (and How we can Prove it)
### Moderation
We have required all moderators and administrators to not use their privileged accounts for any purpose other than moderation (or even logging in without a specific purpose). However we cannot guarantee that your data will not be accidentally accessed during routine system maintenance, for example many database management requires inspecting the data directly. We promise we will not make any use of any accidental access to your data and try our best to forget it as soon as possible.
### Legal
While I will make an effort to vet every legal request I receive, I cannot guarantee that I will be able to make every power to protect your data in the event of a legal request. I will make an effort to inform you of any legal request I receive and whether I have complied with it, unless I am legally prohibited from doing so. I am located in Texas, US.
### Code Access
As with the AGPL license required by upstream, the source code for this instance is available at We have also made effort to ensure that the environment can easily be replicated by not requiring manual intervention for new features such as Pgroonga full text search, and we have added build-time injection of the commit hash so you can easily see exactly what version of the code is running (you can access it via the `/nodeinfo/2.1` endpoint from any of our running instance that is not in development mode).
### Email
We do not use any third-party email services to send or receive emails. All email communications are handled completely in-house. We have taken measures to ensure our email safety by:
- Using SPF, DKIM, and DMARC to prevent email spoofing.
- Using MTA-STS to ensure that all email communications you sent to us are encrypted.
- Requiring all outgoing emails to be encrypted with STARTTLS.
However the moderator contact email may be handled by a third-party service. If this is not acceptable to you, please contact us through a direct message on the instance.
### Storage
Your data is stored on a server located in Wien, Austria. We have applied full disk encryption to the server and confined each service to its own user and enabled mandatory access control to prevent unauthorized access to your data. You may request a copy of your data by contacting us and your request will be processed within 7 days, you can either request for a package that we deemed to be relatively complete or specify the kind of data you want to receive.
If you are not satisfied with the data we provide, you can prepare using local environment and send in a SQL query you want the result of, provided it does not harm the integrity of the service or invade the privacy of other users.
### Network Requests
When you use our service, your device will make requests to our servers. We have taken measures to ensure that all communication you make while using our service is never observed by a third party. We have taken steps to ensure this by:
- Not using a third-party CDN that will decrypt your connection to our service.
- Using HTTPS with preloaded HSTS to ensure that your connection is encrypted and secure. This means even a newly-installed browser will refuse to connect to our service if it cannot establish a secure connection.
- Enforcing a sandbox on your browser to prevent any external contents or unintended scripts from running on our webpage. This consists of several HTTP headers including strict Content Security Policy, Content Type Options, and Frame Restrictions.
- Preventing third-party websites from tracking you, we have used a strict Referrer Policy to prevent any links you click on our service from being sent to the third-party website. We also requested your browser to disable features known to have questionable privacy properties such as `fLoC`, `Topics API`, `Attribution Reporting` and DRM on our browser sandbox. You can review our security headers along with a professional explanation by visiting
- Place a proxy in front of all media files that hides the origin of the request and prevents dangerous file formats from being downloaded. The source code of the proxy is available at
However, there are two exceptions to this:
#### Follower-only Posts
While your network requests are never directly sent to a third party, your requests to look up external resources such as uploading files by URL, remote user and note lookups, will result in a request from our server to the external server, and depending on whether the external server claims they require user authentication, this request might be traced back to you.
#### Third-party Apps
While we used security features that are enforced by all mainstream browsers, we cannot guarantee that third-party apps will maintain the same level of security. If you use services other than the website or PWA (the 'Add to Home Screen' feature), you should be aware that we cannot guarantee the promises we made in the previous section.
### Metrics
While we do not allow public access to our metrics endpoint in production (we may allow long-time users access in the future), the raw metrics endpoint in our staging environment is open for public review at and
This information is sent to a third-party service [Grafana Cloud]( for visualization and alerting. We post periodic PDF exports of a public dashboard demonstrating the metrics we collect at
## What you can do to Protect Your Privacy
### Account Security
- **Use a Strong Password**: In order to guarantee our website does not depend on a third-party service, we only use a cool-down period for failed login attempts. Please use a strong password that is not easily guessable.
- **Enable Two-Factor Authentication**: We support two-factor authentication using TOTP or WebAuthn. You can enable it in your account settings in the "Security" tab. We have changed the behavior from upstream such that if you only use your hardware key for 2FA, we will not prefer but not require you to password-protect your hardware key as it is a common practice for systematic users of hardware keys to keep a physically secure backup key.
- **Reset your Token**: This is currently a limitation inherited from upstream and we are working on a solution, but in the meantime, please go to Settings -> Security -> Regenerate Login Token from a secure device to invalidate all your sessions whenever you logged in from a public computer or suspect one of your sessions has been compromised.
Normal file
Normal file
@ -0,0 +1,19 @@
||| 實例規則 (經 Pari Network 授權轉載,並經修改)
ゆめちのくに (YumechiNoKuni) 鼓勵人們自由地創作與表達,因此以保護用戶隱私與改善體驗為目標,制定了以下實例規則。
- 停權:檔案內容被舉報並確認為兒童性虐待材料的使用者。
- 停權:宣揚在 Wikipedia 被認定的恐怖組織清單中列出的恐怖主義的用戶。
- 停權:使用 BLOCK ALERT BOT 等極度侵犯用戶隱私程式的用戶。
- 停權:發布欺詐、廣告與騷擾內容的用戶。
- 停權:發布侵犯個人隱私內容的用戶。
- 內容警告:色情、血腥、暴力與極端言論內容,需要使用 CW(隱藏內容)並在外部對可能令人不適的內容進行描述,或者添加 #nsfw 標籤。未按此條要求發佈相關內容的用戶在被多次警告或被檢舉後會被停權。
- 內容移除:因種族、膚色或性取向而貶低他人,煽動仇恨暴力而被檢舉報告的內容。
- 封鎖:使用 BLOCK ALERT BOT 等侵犯用戶隱私程式的實例。
- 封鎖:以欺詐、騷擾、廣告或攻擊為目的搭建的實例。
- 封鎖:存在大量違反上述用戶策略(敏感內容除外)的用戶且無人管理的實例。
- 封鎖:採用非正常方式獲取用戶資料與隱私的實例。
- 為保證互聯,實例管理並不會永久生效,所有實例級別的管理最新資訊請參閱 或使用「實例」功能於「關於」部分查看,或使用 `/api/federation/instances` 端點進行程式化查詢。
Normal file
Normal file
@ -0,0 +1,19 @@
Instance Rules for (Reproduced under permission from Pari Network, with modifications)
ゆめちのくに (YumechiNoKuni) encourages people to freely create and express themselves. To protect user privacy and improve the overall experience, the following instance rules have been established.
User and Content Management Policy:
- Account Suspension: Users whose content was reported and confirmed as child sexual abuse material.
- Account Suspension: Users who promote terrorism as listed in the Wikipedia-recognized list of terrorist organizations.
- Account Suspension: Users who use extreme privacy-invading programs like BLOCK ALERT BOT.
- Account Suspension: Users who post fraudulent, advertising, or harassing content.
- Account Suspension: Users who publish content that violates personal privacy.
- Content Warning: Pornographic, gory, violent, and extreme content must use CW (Content Warning) and include an external description of potentially disturbing content, or add the #nsfw tag. Users who fail to comply with these requirements after multiple warnings or reports will be suspended.
- Content Removal: Content that degrades others based on race, color, or sexual orientation, incites hate or violence, and is reported will be removed.
Instance Management Policy:
- Instance Blocking: Instances using privacy-invading programs like BLOCK ALERT BOT.
- Instance Blocking: Instances created for purposes of fraud, harassment, advertising, or attacks.
- Instance Blocking: Instances with a large number of users violating the above user policies (excluding sensitive content) and lacking active management.
- Instance Blocking: Instances that obtain user data and privacy through abnormal means.
- To ensure connectivity, instance management will not be permanently enforced for up-to-date of all instance-level moderation see or use the "Instances" feature in the About section, or programmatically with the `/api/federation/instances` endpoint.
Add table
Reference in a new issue