diff --git a/src/aw/views.py b/src/aw/views.py index 8f13374..670fe50 100644 --- a/src/aw/views.py +++ b/src/aw/views.py @@ -45,9 +45,156 @@ def tos() -> t.Any: return flask.Response( """ -The general guidelines & rules for ari.lt and ari.lt related communities, subcommunities, domains, and services: +The ARI.LT Terms of Service -1. Abide by Lithuanian and Swedish Laws +Author: Ari Archer at 2024-08-21 +Last modified: 2024-08-21 +License: The Unlicense + +By using the services provided by ari-web, including but not limited to XMPP, Matrix, Vikunja, email, +and email hosting, you agree to the following terms and conditions which apply since the last modification: + +0. Definitions + +* The Authoritative party: Refers to the owner of ari.lt which funds, manages, administrates, authorises, and moderates whole of ari.lt and its services. +* Ari-web (ari-web): Refers to all volunteers working with/on ari.lt, referring to people authorised to do so by the Authoritative party. This encompasses the Authoritative party as well. +* Hosters: Any people, not specifically a part of ari-web, who may host services on ari-web servers or use managed services relating to ari-web. +* User: Any person using ari-web services. + +1. Parties + +* The Authoritative party: Ari Archer + * Email: ari@ari.lt + * Matrix: @ari:ari.lt + * XMPP/Jabber: ari@ari.lt + * Fediverse: @ari@ak.ari.lt + * Form: https://ari.lt/#gb (public guestbook, which goes directly to the party + * Public GPG key: https://ari.lt/4FAD63E936B305906A6C4894A50D5B4B599AF8A2.asc (signature 4FAD63E936B305906A6C4894A50D5B4B599AF8A2) +* Other ari-web members + * Cubiq (part of the ari-web git organization, front-end advisor) + * Twitter/X: @CubiqNation + * Instagram: @tennajivniblazenztgm + * LinkedIn: @jakub-lajsek + * Email: jlajsek@gmail.com + * Zayd (administrates Akkoma (Fediverse)) + * IRC: zayd on libera.chat + * Session (not checked often): 05d790add6647a049f58ce81c80aacc476859880af911cad105cf34fb8757b8872 + * Signal: https://signal.me/#eu/CDgDVDNMuKpx2BxAwHIcMq2iR3G-gw2XbKOOMm5BAg4XnhVXqHhKtJPvBXCDpwnu + * Matrix: @zayd:imagisphe.re + * XMPP: zayd@telepath.im + * Telegram (avoid unless needed): https://t.me/nsa_employee + * Website: https://wanderer.envs.net/ + * Joseph Winkie AKA jjj333_p (moderates parts of Matrix) + * Signal: @jjj333_p.69 + * Telegram: @jjj333_p_1325 + * Matrix: @jjj333:pain.agency, @jjj333_p_1325:envs.net, @jjj333_p_1325:matrix.org, and more alternative accounts on their website + * Phone: +1 (740) 481 1253 + * XMPP: jjj333@pain.agency + * Snapchat: @jjj333_p + * Email: jjj333.p.1325@gmail.com + * Fediverse: @jjj333_p@ak.ari.lt + * Twitter/X: @Jjj333P + * Website: https://pain.agency/ + * LDA (moderates parts of Matrix) + * Matrix: @lda:a.freetards.xyz, @fourier:ari.lt + * Discord (avoid): ldasux + * Fediverse: @lda@ak.ari.lt + * XMPP: lda["at&t" without the "&t"]freetards.xyz + * Website: https://freetards.xyz/ + * Morguldir (moderates parts of Matrix) + * Matrix: @morguldir:sulian.eu, @morguwuldir:uwu.sulian.eu + * Website: https://sulian.eu/ +* Hosters + * T1nklas/Al (hosted/managed email Hoster) + * Fediverese: @lyra@crumb.lt + * Website: https://t1nklas.lt/ + * Lenvx (hosted/managed email Hoster) + * Website: https://lenvx.dev/ + +2. Purpose + +This document serves as a non-legally binding agreement between you, the User, ari-web, and the Authoritative party, +regarding the use and management of ari-web's services. It outlines the expectations, responsibilities, +and limitations for both parties. + +3. User Agreement + +By using ari-web's services, you acknowledge and agree to the terms outlined in this document. +You understand that exceptions authorized by the Authoritative party in writing with a digital signature may apply, +with or without notice, depending on the circumstances and opinion of the Authoritative party. + +4. Liability Disclaimer + +Ari-web disclaims all liability for any damages, data loss, dissatisfaction, or any other legal liability resulting +from your actions while using ari-web's services. You, as an individual user, are solely responsible for your actions +and their consequences and protecting yourself. + +5. Privacy and Data Protection + +The Authoritative party will make reasonable efforts to protect your privacy unless circumstances call for access termination, +transfer, or limitation with or without notice, such as in cases of legal compliance or suspected misuse of services. + +6. Modifications and Exceptions + +The Authoritative party reserves the right to modify these terms at any time without prior notice. +Exceptions to these terms may be granted by the Authoritative party in writing with a digital signature, at their discretion. + +7. Limitation of Liability + +In no event shall ari-web be liable for any indirect, special, incidental, or consequential damages related to your use of its services. + +8. Servers + +* Processing server 0 + * IPv4: 153.92.126.2 + * IPv6: 2a0e:dc0:2:11f1::/64 (Primary 2a0e:dc0:2:11f1::1) + * Location: Stockholm, Sweden + * Hosting provider: HostHatch + * Hardware: 4 AMD EPYC cores (2 dedicated, 2 fair-shared), 16 GB of DDR4 RAM, 75 GB of NVMe storage, 4 TB of network bandwidth + * Purpose: Processing of all requests, traffic, and hosting as well as processing of data and services. + * Access: Only explicitly allowed traffic is allowed, exposed traffic is rate limited and sometimes strongly authenticated where needed. +* Storage server 0 + * IPv4: 153.92.126.215 + * Location: Stockholm, Sweden + * Hosting provider: HostHatch + * Hardware: 1 vCPU core, 1024 MB of RAM, 1000 GB of HDD storage, 2500 GB of network bandwidth. + * Purpose: Storing data + * Access: Cut off from the rest of the internet except rate limited and strongly autheticated port 22 traffic for SSH. + +8. Transparency + +The Authoritative party is committed to providing the utmost transparency in its operations and services wherever possible. +This commitment includes, but is not limited to, clear communication regarding the use of data, service functionality, and +any changes to terms or policies. While the Authoritative party strives to maintain this level of transparency, +it acknowledges that certain circumstances may limit the extent of disclosure. Users are encouraged to reach out with any +questions or concerns regarding transparency in the services provided. Ari-web will do their best to nodify of changes +of ToS, but it is your responsibility to keep up with the changes. + +9. Services + +Ari-web provides the following services: + +* Matrix homeserver at matrix.ari.lt running Dendrite (contact the Authoritative party for registration) +* XMPP/Jabber server at most standard ports of this protocol on ari.lt servers running Prosody (contact the Authoritative party for registration) +* Git Forge instance at https://git.ari.lt/ running Forgejo (open registration, requires email) +* Email mailboxes on ari.lt (contact the Authoritative party for registration) +* Email hosting on ari.lt servers (only possible if the Authoritative party and the User have established trust) +* Vikunja at https://vi.ari.lt/ (open registration, requires an email) +* PrivateBin at https://pb.ari.lt/ (free encrypted pastebin, nobody can see the contents of your paste without knowing the secret key) + +Other hosted services by others: + +* https://db.cubiq.dev/ pocketbase hosting (private) +* https://t1nklas.lt/ email hosting +* https://lenvx.dev/ email hosting +* https://git.kappach.at/ Forgejo hosting +* More to come... + +10. Community standards + +You are expected to comply with the following standards while using ari.lt and ari-web related services: + +1. Abide by United States of America, Lithuanian, and Swedish Laws 2. Maintain a Healthy Environment 3. Uphold Human Decency. This includes: - Tolerance. @@ -65,8 +212,126 @@ The general guidelines & rules for ari.lt and ari.lt related communities, subcom 9. Sending sexually explicit or suggestive messages is not allowed. 10. Follow Admin Guidelines - any behaviour deemed abusive by the administrators will be considered a violation of these guidelines. -Author: Ari Archer at 2024-07-07 00:00 EEST -License: The Unlicense (https://unlicense.org/) +11. Compliance + +Ari-web is committed to complying with the General Data Protection Regulation (GDPR) and the Digital Millennium Copyright Act (DMCA). + +It adheres to the principles outlined in the GDPR, ensuring that all personal data is processed lawfully, fairly, and transparently. +I collect and process personal data only for specified, legitimate purposes and ensure that such data is accurate, up-to-date, and +retained only as long as necessary for those purposes. Users have rights regarding their personal data, including access, +rectification, and erasure, which we honor in accordance with GDPR requirements. + +It also respects intellectual property rights and complies with the provisions of the DMCA. We have implemented procedures to +address any claims of copyright infringement and provide a mechanism for copyright holders to report alleged infringements. +We take such claims seriously and will respond promptly to any notices of claimed infringement. + +If you see any resource violating the law, GDPR, or DMCA, contact the Authoritative party with all information and full paths +and URLs/URIs of the violating content. Without sufficient information, the Authoritative party cannot do anything about +the violations. + +By using our services, you acknowledge our commitment to these regulations and understand that we will take all necessary steps +to ensure compliance with the law, GDPR, and DMCA. + +12. Privacy and Logging + +This describes how Privacy and Logging work on all ari-web provided services. By using the services I provide, you agree with these terms +and policies, and acknowledge the fact that it won't be public unless it is obviously made to be public (for instance, in case of Git forge public repositories). +No private data (such as email data) will be released or even exported or read without a serious need to do so (for example, need to comply with law enforcement +or back email data up to avoid data loss). + +* Website: Your IP is stored temporarily in memory for rate limiting purposes. Nothing is logged. +* Matrix homeserver: All data you sent to the Matrix homeserver is stored (including, but not limited to: + sessions (including their IPs) for as long as you don't log out, media (for as long as needed), ciphertext + of messages in encrypted rooms and plaintext ones in non-encrypted rooms, profile pictures, and + generally decentralised Matrix events). For maximum privacy, it is recommended you use encrypted rooms, + so the Authoritative party may not see your messages. This data is required for ensuring security and usability + of the service and you can delete this data by deleting events yourself and deactivating your account. + For full data deletion only on ari.lt, due to how the Matrix protocol works, contact the Authoritative party, + which will delete it manually from the database only for ari.lt (as other servers may still have this data due + to the decentralised nature of Matrix). Non-identifiable errors on the server are logged for a period of time. + You may request deletion of these logs at any point without deleting your account. +* XMPP/Jabber server: All data you sent to the XMPP/Jabber server is stored (including, but not limited to muti-user-chat + (MUC) state, non-encrypted media, and message ciphertext). For maximum privacy, it is recommended you use encrypted MUCs, + so the Authoritative party may not see your messages in any way. This data is required for ensuring security and usability + of the service and you can delete this data by deleting events yourself and deactivating your account. For full + data deletion only on ari.lt, due to how the XMPP/Jabber protocol works, contact the Authoritative party, which will delete + it manually from the database only for ari.lt (as other servers may still have this data due to the decentralised nature of XMPP/Jabber). + Nothing personal is truly logged except non-identifiable Prosody errors. +* Git forge: All data you store and send there, including private repositories, is stored on the server unencrypted alongside all + user profile data, such as email, avatar, description, email, password hashes, git commits, public GPG and SSH keys, + 2-factor-authentication (2FA), preferences, blocked users, organizations, etc. This data can be deleted by you deleting your + account. Your IP address and what endpoints it is hitting is logged in memory for a period of time until it is either restarted, + cleared, or overwritten. You may request deletion of these logs at any point without deleting your account. +* Email mailboxes: They log the following information for security, moderation, legal, diagnostic, and functionality purposes: + Your IP address(es), Login/logout (authentication) attempts, Rate limit triggers, Origin and target of e-mails, Email subject + matter and spam score. Some of these logs are purely in memory, though some (last two) are stored for a prologed period of time + for diagnostic, moderation, and legal purposes. You may request deletion of these logs at any point without deleting your mailbox. + All data you send and recevie to it is stored on the server in an encrypted and compressed format, though that does not mean that the + plain text is unrecoverable as the secret keys are stored on the server as well. It is your responsiblity to ensure privacy yourself + by using encryption such as RSA or GPG. +* Email hosting: Same logging policy applies to email hosting as email mailboxes, except with the addition of DMARC reports which show errors + and deliverability problems in certain email servers if you choose the DMARC policies the Authoritative party recommends. All data you send + and recevie to it is stored on the server in an encrypted and compressed format, though that does not mean that the plain text is unrecoverable + as the secret keys are stored on the server as well. It is your responsiblity to ensure privacy yourself by using encryption such as RSA or GPG. +* Vikunja: Similarly to Git forge, Vikunja stores your IP and endpoints you access in it temporarily in memory. You may request the deletion of + these logs at any point without the deletion of your account. All data you store in Vikuja is stored in plain text, unless otherwise encrypted by you. +* PrivateBin: Does not log anything and ari-web in no capacity can see you IP address or the contents of your pastes without the secret key. + Knowing the ID will only allow the deletion of content, but not modification or decryption. +* Other services: The Hosters are the ones who are responsible for handling the privacy and logging aspect of them. + Ari-web only provides the infrastructure for them, but it is not responsible for anything relating to them, except + having the ability to limit, transfer, or terminate access to the said infrastructure. + +13. Service Availability + +Ari-web does not provide any guarantees regarding service availability or uptime. Users and hosts of ari-web services are permitted +to assume a maximum of 95% yearly uptime; however, this assumption is not to be construed as a guarantee. + +The Authoritative party disclaims any liability for service interruptions or downtime, and users acknowledge that they are using +the services at their own risk. This statement does not create any contractual obligation or liability on the part of ari-web +regarding service performance. + +14. Termination, Limitation, and Transfer + +Ari-web reserves the right to terminate, limit, or transfer services, infrastructure, or general access in certain circumstances, as outlined below: + +Termination or Limitation of Services: ari-web may terminate or limit services if the Authoritative party deems the service too difficult to control or moderate, +or if a constant pattern of violations or one extreme and severe violation is detected. For individuals, services may be terminated without notice if they continue +to violate the terms of service or engage in behavior that the Authoritative party considers unacceptable. Such decisions will be based on the Authoritative party's +interpretation of this document and their own discretion. + +Transfer of Services: Ari-web will only transfer access to services in two scenarios: + +* User-Requested Transfer: Upon proof of identity, a user may request a transfer of their service to another party. +* Legal Compliance Transfer: The Authoritative party may be required by law to transfer access to a user's service, with or without notice, to legal authorities. + +In both cases, the Authoritative party reserves the right to make the final determination regarding the transfer of services based on their interpretation +of the law and the circumstances surrounding the request. + +Users acknowledge and agree that the Authoritative party's decisions regarding service termination, limitation, and transfer are final and not subject +to appeal or legal action. + +15. Governing law + +Ari-web and its services are subject to the laws of the United States of America, Lithuania, and Sweden. +Users acknowledge that these jurisdictions govern the use of ari-web services and any disputes that may arise in connection with them. +This statement is intended to clarify the legal framework applicable to the services offered by ari-web and does not create any +binding obligations beyond this acknowledgment. + +--- + +By continuing to use ari-web's services, you agree to be bound by these terms and acknowledge the Authoritative party's right +to enforce them as needed. This document serves as a general guide for accessing and using ari-web's services and is not +intended to be a legally binding contract. + +You understand and accept that ari-web is not a legal entity or company, but rather a service provided by a random person. +As such, the terms outlined in this document are non-binding and subject to change without notice. + +The Authoritative party reserves the right to enforce these terms as deemed necessary, but makes no guarantees regarding +the consistency or enforceability of the policies described herein. Users are advised to use ari-web's services at their +own risk and discretion. + +By continuing to access and use ari-web's services, you signify your understanding and acceptance of these non-binding +terms of service. If you do not agree with the terms, you are advised to discontinue using ari-web's services immediately. """.strip(), mimetype="text/plain", ) @@ -425,6 +690,7 @@ def lh(_: str) -> Response: code=302, ) + @views.get("/gpg", alias=True) @views.get("/gpg/", alias=True) @views.get("/4FAD63E936B305906A6C4894A50D5B4B599AF8A2.asc/", alias=True)