Service Policy

The Jabber.org IM Service is committed to the privacy and security of your information and communications. This Service Policy governs your use of the service.

1. Purpose
2. Our Default Privacy Policy
3. Information We Gather or Store
4. Passwords
5. Private Messages
6. Chatrooms
7. Discussion Lists
8. Cookies
9. Scripts
10. Data Backup
11. Changes to This Policy
12. How to Contact Us

1. Purpose

The Jabber.org IM service exists primarily to so that instant messaging users all around the world can have an open IM experience. The service is not built to host automated bots, distributed file exchange systems, or other high-volume applications. If you run such an application, your account might be subject to rate limits or or it might be disabled completely, at the sole discretion of the admin team. Low-bandwidth helper bots are acceptable.

2. Our Default Privacy Policy

Our default privacy policy is never to gather or store information about you, to log your conversations, or to engage in any other behavior that would compromise your privacy and security in any way. However, if you choose to use our services (especially the jabber.org IM service) we sometimes need to gather or store information so that you can use the relevant service (e.g., we require authentication for IM login, so we need to store your password). The following sections describe exactly what information we might gather and store.

3. Information We Gather or Store

We do not automatically gather any personal information (name, address, etc.) about you at jabber.org; the only exceptions are information that you may voluntarily submit as described below.

When you create an IM account at the jabber.org IM service, you provide a username and password. We do not gather any other personal information about you when you create an account.

When you add people to your contact list (XMPP “roster”), that information is stored on the server so you can retrieve it whenever you log in; the roster information can contain the names or nicknames of your contacts if you assign such names in your roster. This data is never made public and is accessible only by you.

The jabber.org IM service supports an XMPP extension for storing vCard data on the server: the vcard-temp protocol. If your Jabber client also supports this feature and you choose to create a vCard (a kind of “electronic business card”), that data will be stored on the server. Your vCard data is publicly accessible so that other people can learn more about you (i.e., retrieve your electronic business card). Please check with the developers of your preferred Jabber client software about their support for this feature.

The jabber.org IM service supports an XMPP extension for storing generic XML data on the server: the Private XML Storage protocol. If your Jabber client also supports this feature, it might store bookmarked chatrooms, client preferences, and other data on the server. However, this data is never made public and is accessible only by you. Please check with the developers of your preferred Jabber client software about their support for this feature.

The jabber.org IM service supports an XMPP extension for publishing generic XML data through the server: the Personal Eventing Protocol (a profile of the XMPP publish-subscribe technology). If your Jabber client also supports this feature and you configure your client to enable that feature, it might use the jabber.org service as a way to publish information about the tunes you listen to on your computer, your mood, and other “rich presence” data; furthermore, this data may be temporarily stored in our database so that it can be retrieved by your contacts when they log in. This data is never made public unless you so choose, and by default is accessible only by your contacts. Please check with the developers of your preferred Jabber client software about their support for this feature.

The jabber.org IM service does not log information about your Internet Protocol (IP) address when you connect to the service. However, we reserve the right to block specific IP addresses that pose a threat or cause harm to our network services, and to keep a list of such offending IP addresses; this list of blacklisted IPs will not be made public.

4. Passwords

Passwords are not required to access the jabber.org website.

Passwords are required to access the jabber.org IM service. We strongly encourage you to log in with an encrypted connection so that your password is not exposed to eavesdroppers; you can easily do this by connecting on the legacy port 5223 for Secure Sockets Layer (SSL) or by upgrading your connection on the standard port 5222 to an encrypted connection using the Transport Layer Security (TLS) protocol. The Jabber.org IM service may in the future mandate this support and disallow unencrypted connections.

Please note that currently your account password at the jabber.org IM service is stored as plaintext, not in hashed or encrypted form. Although access to the machine on which the jabber.org IM service runs is highly restricted and protected, any of the trusted administrators with access to the machine can view your password, and if the machine is hacked then the hacker would be able to learn your password. It is a good security practice to always use a strong and unique password for each service or website that you access, and we strongly encourage you to use a strong and unique password at the jabber.org IM service as well (e.g., a password generated using a tool such as PasswordMaker). Furthermore, we are also exploring options for encrypted storage of your IM password, or for doing away with passwords altogether.

5. Private Messages

Private messages are IMs that you send to your friends at the jabber.org service or at other XMPP-based services on the Internet (such as Google Talk). If your messages are sent through other services then it is possible that those services can log your messages, and we do not have control over those services. However, your private messages are never intentionally logged at the jabber.org service.

If you are not online when someone sends you a message, the message is stored on our server for delivery when you log in again. These “offline messages” are not encrypted when stored on our server.

6. Chatrooms

We host a number of chatrooms at the conference.jabber.org domain. Conversations in some of these rooms are archived for future reference at <http://logs.jabber.org/> — please visit that link to find out which rooms are archived. If you do not want your chatroom messages archived, please do not join these specific rooms. All other rooms on conference.jabber.org are unlogged, and logging can be enabled only by asking the server admins to enable logging (please ask in the jabber@conference.jabber.org room).

Our chatroom software enables you to register a nickname across conference.jabber.org, and if you register a nickname then we store in the database an association between your JabberID and that nickname.

7. Discussion Lists

We (and the XSF) host a number of email discussion lists using the common Mailman list manager software. All messages to these lists are archived for future reference. If you do not want your messages archived, please do not post to these lists.

8. Cookies

The jabber.org website is deployed using a common software package called WordPress, which uses cookies for session IDs and other features. If you are not comfortable with these cookies, we encourage you to disable or track them using a common web browser plugin such as CookieSafe for Mozilla Firefox.

9. Scripts

The jabber.org website might use JavaScript to provide enhanced functionality. If you are not comfortable with these scripts, we encourage you to disable them using a common web browser plugin such as NoScript for Mozilla Firefox.

10. Data Backup

In order to prevent service interruptions, we back up data related to our services. This data is backed up either at our secure data center (US Secure Hosting Center) or at the ASET service maintained by Penn State University.

11. Changes to This Policy

All changes to this policy must be approved by the Jabber.org admin team, in consultation with the XSF Board of Directors as a “sanity check”. Potential changes to this policy will be posted at www.jabber.org and the juser@jabber.org email list 30+ days before they take effect, and notice will also be sent via instant message to all registered users of the jabber.org IM service.

12. How to Contact Us

If you have any questions or suggestions regarding this Service Policy, please send email to privacy@jabber.org or to the public juser@jabber.org discussion list (also accessible via web forum and news group).