skip to main content

DEF CON Hacking Conference

Privacy Policy

DEF CON Privacy Policy

DEF CON wants to be up-front and transparent with what happens to the information that is gathered when you interact [1] with us.

SERVERS WE CONTROL

DEF CON controls the servers it uses, no clouds involved so no "third party doctrine" [2][3] issues to work around. For ALL services listed below we gather and keep the minimum data necessary, days not weeks, to troubleshoot issues, and rotate logs automatically.

- Firewall - These logs are used for debugging and detecting abuse and attacks against our services.

- Web server https://www.defcon.org/ - There are no access or error logs enabled here unless necessary for troubleshooting or identifying abuse that the firewall tips us off about.

- Forum server https://forum.defcon.org/ - We keep up to one month of web/php logs for debugging, auditing and abuse control, then we delete web logs from the forum server. If you are worried about your IP address in our logs consider using the Tor network or similar anonymizer.

Email addresses associated with forum accounts are private, but any forum admin or mod may view any user's forum-registered email address.

All JavaScript functions are served from our server but we may choose to direct web clients to pull JavaScript from maintainers outside of the DEF CON network while our local copy is upgraded to address a vulnerability.

When investigating complaints we only look at Private Messages (PM) when we have user's permission. No form Admins, Mods, Goons should ever ask you for your password. Ever. Full stop.

    - p2p servers - No bittorrent or eMule logs are generated or stored.

    - Mail servers - We mine our maillog looking for mail servers that support smtp-tls and add them to our access list, as well as search for abuse spam.

    - DNS servers - Because we support DNSSEC we are a popular target to be used in RAMP DDoS style attacks. We use logs to identify attackers and filter or block as best we can.

THIRD PARTY SERVERS WE USE

    - ebay.com - The DEF CON store is hosted on eBay. If you purchase something there you are dealing with their privacy policy [4]

    - amazon.com - We link our book recommendations to our Amazon account. [5]

    - Hotel attendee records - Attendees who reserve rooms in the DEF CON block are known to the hotel but not to us. DEF CON does not seek or receive a list of who is registered under our room block. [6]

WHAT WE DON'T DO:

Sell log files to anyone

Sell e-mail address to anyone

Turn over logs to anyone without a legal court order

Turn over e-mail to anyone without a legal court order

Turn over snail mail to anyone without a legal court order

IF YOU ATTACK US

If you attack DEF CON all bets are off, and these policies will not protect you. As hackers we won't fight with one arm tied behind our backs.

- The Dark Tangent

Please see our transparency report

[1] The sources of information that are collected come primarily from the services we offer, but could also include any snail mail you send us, Call for Paper submissions, payments you make on our PayPal store, etc.
[2] https://en.wikipedia.org/wiki/Third-Party_Doctrine
[3] https://www.theatlantic.com/technology/archive/2013/12/what-you-need-to-kno…
[4] http://pages.ebay.com/help/policies/privacy-policy.html
[5] https://www.amazon.com/gp/help/customer/display.html?nodeId=468496
[6] http://caesarscorporate.com/privacy/