Improve tos.txt

Signed-off-by: Ari Archer <ari@ari.lt>
2025-02-04 17:49:24 +01:00 · 2024-08-21 06:51:05 +03:00 · 2024-08-21 06:51:05 +03:00 · 8a2988c685
commit 8a2988c685
parent fc5c1e5df5
1 changed files with 270 additions and 4 deletions
--- a/src/aw/views.py
+++ b/src/aw/views.py
@ -45,9 +45,156 @@ def tos() -> t.Any:
    return flask.Response(
        """
-The general guidelines & rules for ari.lt and ari.lt related communities, subcommunities, domains, and services:
+The ARI.LT Terms of Service
-1. Abide by Lithuanian and Swedish Laws
+Author: Ari Archer <ari@ari.lt> at 2024-08-21
 Last modified: 2024-08-21
 License: The Unlicense
 By using the services provided by ari-web, including but not limited to XMPP, Matrix, Vikunja, email,
 and email hosting, you agree to the following terms and conditions which apply since the last modification:
 0. Definitions
 * The Authoritative party: Refers to the owner of ari.lt which funds, manages, administrates, authorises, and moderates whole of ari.lt and its services.
 * Ari-web (ari-web): Refers to all volunteers working with/on ari.lt, referring to people authorised to do so by the Authoritative party. This encompasses the Authoritative party as well.
 * Hosters: Any people, not specifically a part of ari-web, who may host services on ari-web servers or use managed services relating to ari-web.
 * User: Any person using ari-web services.
 1. Parties
 * The Authoritative party: Ari Archer
    * Email: ari@ari.lt
    * Matrix: @ari:ari.lt
    * XMPP/Jabber: ari@ari.lt
    * Fediverse: @ari@ak.ari.lt
    * Form: https://ari.lt/#gb (public guestbook, which goes directly to the party
    * Public GPG key: https://ari.lt/4FAD63E936B305906A6C4894A50D5B4B599AF8A2.asc (signature 4FAD63E936B305906A6C4894A50D5B4B599AF8A2)
 * Other ari-web members
    * Cubiq (part of the ari-web git organization, front-end advisor)
        * Twitter/X: @CubiqNation
        * Instagram: @tennajivniblazenztgm
        * LinkedIn: @jakub-lajsek
        * Email: jlajsek@gmail.com
    * Zayd (administrates Akkoma (Fediverse))
        * IRC: zayd on libera.chat
        * Session (not checked often): 05d790add6647a049f58ce81c80aacc476859880af911cad105cf34fb8757b8872
        * Signal: https://signal.me/#eu/CDgDVDNMuKpx2BxAwHIcMq2iR3G-gw2XbKOOMm5BAg4XnhVXqHhKtJPvBXCDpwnu
        * Matrix: @zayd:imagisphe.re
        * XMPP: zayd@telepath.im
        * Telegram (avoid unless needed): https://t.me/nsa_employee
        * Website: https://wanderer.envs.net/
    * Joseph Winkie AKA jjj333_p (moderates parts of Matrix)
        * Signal: @jjj333_p.69
        * Telegram: @jjj333_p_1325
        * Matrix: @jjj333:pain.agency, @jjj333_p_1325:envs.net, @jjj333_p_1325:matrix.org, and more alternative accounts on their website
        * Phone: +1 (740) 481 1253
        * XMPP: jjj333@pain.agency
        * Snapchat: @jjj333_p
        * Email: jjj333.p.1325@gmail.com
        * Fediverse: @jjj333_p@ak.ari.lt
        * Twitter/X: @Jjj333P
        * Website: https://pain.agency/
    * LDA (moderates parts of Matrix)
        * Matrix: @lda:a.freetards.xyz, @fourier:ari.lt
        * Discord (avoid): ldasux
        * Fediverse: @lda@ak.ari.lt
        * XMPP: lda["at&t" without the "&t"]freetards.xyz
        * Website: https://freetards.xyz/
    * Morguldir (moderates parts of Matrix)
        * Matrix: @morguldir:sulian.eu, @morguwuldir:uwu.sulian.eu
        * Website: https://sulian.eu/
 * Hosters
    * T1nklas/Al (hosted/managed email Hoster)
        * Fediverese: @lyra@crumb.lt
        * Website: https://t1nklas.lt/
    * Lenvx (hosted/managed email Hoster)
        * Website: https://lenvx.dev/
 2. Purpose
 This document serves as a non-legally binding agreement between you, the User, ari-web, and the Authoritative party,
 regarding the use and management of ari-web's services. It outlines the expectations, responsibilities,
 and limitations for both parties.
 3. User Agreement
 By using ari-web's services, you acknowledge and agree to the terms outlined in this document.
 You understand that exceptions authorized by the Authoritative party in writing with a digital signature may apply,
 with or without notice, depending on the circumstances and opinion of the Authoritative party.
 4. Liability Disclaimer
 Ari-web disclaims all liability for any damages, data loss, dissatisfaction, or any other legal liability resulting
 from your actions while using ari-web's services. You, as an individual user, are solely responsible for your actions
 and their consequences and protecting yourself.
 5. Privacy and Data Protection
 The Authoritative party will make reasonable efforts to protect your privacy unless circumstances call for access termination,
 transfer, or limitation with or without notice, such as in cases of legal compliance or suspected misuse of services.
 6. Modifications and Exceptions
 The Authoritative party reserves the right to modify these terms at any time without prior notice.
 Exceptions to these terms may be granted by the Authoritative party in writing with a digital signature, at their discretion.
 7. Limitation of Liability
 In no event shall ari-web be liable for any indirect, special, incidental, or consequential damages related to your use of its services.
 8. Servers
 * Processing server 0
    * IPv4: 153.92.126.2
    * IPv6: 2a0e:dc0:2:11f1::/64 (Primary 2a0e:dc0:2:11f1::1)
    * Location: Stockholm, Sweden
    * Hosting provider: HostHatch
    * Hardware: 4 AMD EPYC cores (2 dedicated, 2 fair-shared), 16 GB of DDR4 RAM, 75 GB of NVMe storage, 4 TB of network bandwidth
    * Purpose: Processing of all requests, traffic, and hosting as well as processing of data and services.
    * Access: Only explicitly allowed traffic is allowed, exposed traffic is rate limited and sometimes strongly authenticated where needed.
 * Storage server 0
    * IPv4: 153.92.126.215
    * Location: Stockholm, Sweden
    * Hosting provider: HostHatch
    * Hardware: 1 vCPU core, 1024 MB of RAM, 1000 GB of HDD storage, 2500 GB of network bandwidth.
    * Purpose: Storing data
    * Access: Cut off from the rest of the internet except rate limited and strongly autheticated port 22 traffic for SSH.
 8. Transparency
 The Authoritative party is committed to providing the utmost transparency in its operations and services wherever possible.
 This commitment includes, but is not limited to, clear communication regarding the use of data, service functionality, and
 any changes to terms or policies. While the Authoritative party strives to maintain this level of transparency,
 it acknowledges that certain circumstances may limit the extent of disclosure. Users are encouraged to reach out with any
 questions or concerns regarding transparency in the services provided. Ari-web will do their best to nodify of changes
 of ToS, but it is your responsibility to keep up with the changes.
 9. Services
 Ari-web provides the following services:
 * Matrix homeserver at matrix.ari.lt running Dendrite (contact the Authoritative party for registration)
 * XMPP/Jabber server at most standard ports of this protocol on ari.lt servers running Prosody (contact the Authoritative party for registration)
 * Git Forge instance at https://git.ari.lt/ running Forgejo (open registration, requires email)
 * Email mailboxes on ari.lt (contact the Authoritative party for registration)
 * Email hosting on ari.lt servers (only possible if the Authoritative party and the User have established trust)
 * Vikunja at https://vi.ari.lt/ (open registration, requires an email)
 * PrivateBin at https://pb.ari.lt/ (free encrypted pastebin, nobody can see the contents of your paste without knowing the secret key)
 Other hosted services by others:
 * https://db.cubiq.dev/ pocketbase hosting (private)
 * https://t1nklas.lt/ email hosting
 * https://lenvx.dev/ email hosting
 * https://git.kappach.at/ Forgejo hosting
 * More to come...
 10. Community standards
 You are expected to comply with the following standards while using ari.lt and ari-web related services:
 1. Abide by United States of America, Lithuanian, and Swedish Laws
 2. Maintain a Healthy Environment
 3. Uphold Human Decency. This includes:
   - Tolerance.
@ -65,8 +212,126 @@ The general guidelines & rules for ari.lt and ari.lt related communities, subcom
 9. Sending sexually explicit or suggestive messages is not allowed.
 10. Follow Admin Guidelines - any behaviour deemed abusive by the administrators will be considered a violation of these guidelines.
-Author: Ari Archer <ari@ari.lt> at 2024-07-07 00:00 EEST
+11. Compliance
-License: The Unlicense (https://unlicense.org/)
+
 Ari-web is committed to complying with the General Data Protection Regulation (GDPR) and the Digital Millennium Copyright Act (DMCA).
 It adheres to the principles outlined in the GDPR, ensuring that all personal data is processed lawfully, fairly, and transparently.
 I collect and process personal data only for specified, legitimate purposes and ensure that such data is accurate, up-to-date, and
 retained only as long as necessary for those purposes. Users have rights regarding their personal data, including access,
 rectification, and erasure, which we honor in accordance with GDPR requirements.
 It also respects intellectual property rights and complies with the provisions of the DMCA. We have implemented procedures to
 address any claims of copyright infringement and provide a mechanism for copyright holders to report alleged infringements.
 We take such claims seriously and will respond promptly to any notices of claimed infringement.
 If you see any resource violating the law, GDPR, or DMCA, contact the Authoritative party with all information and full paths
 and URLs/URIs of the violating content. Without sufficient information, the Authoritative party cannot do anything about
 the violations.
 By using our services, you acknowledge our commitment to these regulations and understand that we will take all necessary steps
 to ensure compliance with the law, GDPR, and DMCA.
 12. Privacy and Logging
 This describes how Privacy and Logging work on all ari-web provided services. By using the services I provide, you agree with these terms
 and policies, and acknowledge the fact that it won't be public unless it is obviously made to be public (for instance, in case of Git forge public repositories).
 No private data (such as email data) will be released or even exported or read without a serious need to do so (for example, need to comply with law enforcement
 or back email data up to avoid data loss).
 * Website: Your IP is stored temporarily in memory for rate limiting purposes. Nothing is logged.
 * Matrix homeserver: All data you sent to the Matrix homeserver is stored (including, but not limited to:
  sessions (including their IPs) for as long as you don't log out, media (for as long as needed), ciphertext
  of messages in encrypted rooms and plaintext ones in non-encrypted rooms, profile pictures, and
  generally decentralised Matrix events). For maximum privacy, it is recommended you use encrypted rooms,
  so the Authoritative party may not see your messages. This data is required for ensuring security and usability
  of the service and you can delete this data by deleting events yourself and deactivating your account.
  For full data deletion only on ari.lt, due to how the Matrix protocol works, contact the Authoritative party,
  which will delete it manually from the database only for ari.lt (as other servers may still have this data due
  to the decentralised nature of Matrix). Non-identifiable errors on the server are logged for a period of time.
  You may request deletion of these logs at any point without deleting your account.
 * XMPP/Jabber server: All data you sent to the XMPP/Jabber server is stored (including, but not limited to muti-user-chat
  (MUC) state, non-encrypted media, and message ciphertext). For maximum privacy, it is recommended you use encrypted MUCs,
  so the Authoritative party may not see your messages in any way. This data is required for ensuring security and usability
  of the service and you can delete this data by deleting events yourself and deactivating your account. For full
  data deletion only on ari.lt, due to how the XMPP/Jabber protocol works, contact the Authoritative party, which will delete
  it manually from the database only for ari.lt (as other servers may still have this data due to the decentralised nature of XMPP/Jabber).
  Nothing personal is truly logged except non-identifiable Prosody errors.
 * Git forge: All data you store and send there, including private repositories, is stored on the server unencrypted alongside all
  user profile data, such as email, avatar, description, email, password hashes, git commits, public GPG and SSH keys,
  2-factor-authentication (2FA), preferences, blocked users, organizations, etc. This data can be deleted by you deleting your
  account. Your IP address and what endpoints it is hitting is logged in memory for a period of time until it is either restarted,
  cleared, or overwritten. You may request deletion of these logs at any point without deleting your account.
 * Email mailboxes: They log the following information for security, moderation, legal, diagnostic, and functionality purposes:
  Your IP address(es), Login/logout (authentication) attempts, Rate limit triggers, Origin and target of e-mails, Email subject
  matter and spam score. Some of these logs are purely in memory, though some (last two) are stored for a prologed period of time
  for diagnostic, moderation, and legal purposes. You may request deletion of these logs at any point without deleting your mailbox.
  All data you send and recevie to it is stored on the server in an encrypted and compressed format, though that does not mean that the
  plain text is unrecoverable as the secret keys are stored on the server as well. It is your responsiblity to ensure privacy yourself
  by using encryption such as RSA or GPG.
 * Email hosting: Same logging policy applies to email hosting as email mailboxes, except with the addition of DMARC reports which show errors
  and deliverability problems in certain email servers if you choose the DMARC policies the Authoritative party recommends. All data you send
  and recevie to it is stored on the server in an encrypted and compressed format, though that does not mean that the plain text is unrecoverable
  as the secret keys are stored on the server as well. It is your responsiblity to ensure privacy yourself by using encryption such as RSA or GPG.
 * Vikunja: Similarly to Git forge, Vikunja stores your IP and endpoints you access in it temporarily in memory. You may request the deletion of
  these logs at any point without the deletion of your account. All data you store in Vikuja is stored in plain text, unless otherwise encrypted by you.
 * PrivateBin: Does not log anything and ari-web in no capacity can see you IP address or the contents of your pastes without the secret key.
  Knowing the ID will only allow the deletion of content, but not modification or decryption.
 * Other services: The Hosters are the ones who are responsible for handling the privacy and logging aspect of them.
  Ari-web only provides the infrastructure for them, but it is not responsible for anything relating to them, except
  having the ability to limit, transfer, or terminate access to the said infrastructure.
 13. Service Availability
 Ari-web does not provide any guarantees regarding service availability or uptime. Users and hosts of ari-web services are permitted
 to assume a maximum of 95% yearly uptime; however, this assumption is not to be construed as a guarantee.
 The Authoritative party disclaims any liability for service interruptions or downtime, and users acknowledge that they are using
 the services at their own risk. This statement does not create any contractual obligation or liability on the part of ari-web
 regarding service performance.
 14. Termination, Limitation, and Transfer
 Ari-web reserves the right to terminate, limit, or transfer services, infrastructure, or general access in certain circumstances, as outlined below:
 Termination or Limitation of Services: ari-web may terminate or limit services if the Authoritative party deems the service too difficult to control or moderate,
 or if a constant pattern of violations or one extreme and severe violation is detected. For individuals, services may be terminated without notice if they continue
 to violate the terms of service or engage in behavior that the Authoritative party considers unacceptable. Such decisions will be based on the Authoritative party's
 interpretation of this document and their own discretion.
 Transfer of Services: Ari-web will only transfer access to services in two scenarios:
 * User-Requested Transfer: Upon proof of identity, a user may request a transfer of their service to another party.
 * Legal Compliance Transfer: The Authoritative party may be required by law to transfer access to a user's service, with or without notice, to legal authorities.
 In both cases, the Authoritative party reserves the right to make the final determination regarding the transfer of services based on their interpretation
 of the law and the circumstances surrounding the request.
 Users acknowledge and agree that the Authoritative party's decisions regarding service termination, limitation, and transfer are final and not subject
 to appeal or legal action.
 15. Governing law
 Ari-web and its services are subject to the laws of the United States of America, Lithuania, and Sweden.
 Users acknowledge that these jurisdictions govern the use of ari-web services and any disputes that may arise in connection with them.
 This statement is intended to clarify the legal framework applicable to the services offered by ari-web and does not create any
 binding obligations beyond this acknowledgment.
 ---
 By continuing to use ari-web's services, you agree to be bound by these terms and acknowledge the Authoritative party's right
 to enforce them as needed. This document serves as a general guide for accessing and using ari-web's services and is not
 intended to be a legally binding contract.
 You understand and accept that ari-web is not a legal entity or company, but rather a service provided by a random person.
 As such, the terms outlined in this document are non-binding and subject to change without notice.
 The Authoritative party reserves the right to enforce these terms as deemed necessary, but makes no guarantees regarding
 the consistency or enforceability of the policies described herein. Users are advised to use ari-web's services at their
 own risk and discretion.
 By continuing to access and use ari-web's services, you signify your understanding and acceptance of these non-binding
 terms of service. If you do not agree with the terms, you are advised to discontinue using ari-web's services immediately.
 """.strip(),
        mimetype="text/plain",
    )
@ -425,6 +690,7 @@ def lh(_: str) -> Response:
        code=302,
    )
@views.get("/gpg", alias=True)
@views.get("/gpg/", alias=True)
@views.get("/4FAD63E936B305906A6C4894A50D5B4B599AF8A2.asc/", alias=True)