Privacy policy.
Artist++ is committed to protecting the privacy interests of its customers, end users, distributors and suppliers. This Privacy Policy is intended to provide you with general information on how your personal information may be used. Artist++ is a Canadian corporation with its head office located in Ontario, and our Privacy Policy has been developed to reflect Canadian and Ontario privacy laws and statutes.
For further information regarding Canadian and Ontario privacy laws, please visit:
Updates
From time to time, Artist++ will add entries to our Privacy Bulletin. This will happen for two reasons:
We modify the Privacy Policy. This can happen when new laws add different requirements, or if we start or stop using a third-party service. We will detail the changes made to the policy.
We temporarily deviate from our Privacy Policy by changing our information collection behaviour. This is typically done to resolve a problem with our service, or to give us more time to analyze our data relating to an interesting censorship event. We will describe the change, for example what was recorded, how long it was kept, and why.
Data Categories
User Activity and Data
What does Artist++ NOT do with your data?
We DO NOT collect or store any data that is not mentioned here.
We DO NOT modify the contents of your data.
We DO NOT share any sensitive or user-specific data with third parties.
What kinds of user data does Artist++ collect?
We will define some categories of data to help us talk about them in the context of Artist++.
User Activity Data
While a user's device is tunneled through Artist++, we collect some information about how they're using it. We record what protocol Artist++ used to connect, how long the device was connected, how many bytes were transferred during the session, and some geographical and ISP information. For some domains (but very few, and only popular ones) or server IP addresses (e.g., known malware servers) that are visited, we also record how many bytes were transferred to it. (But never full URLs or anything more sensitive. And only domains of general interest, not all domains.)
The user's city, country, and ISP are derived from the user's IP address; the IP address is then immediately discarded. Users may also be asked to optionally allow access to their approximate location (accurate up to 3 km) using their device's location service (e.g., GPS).
An example of user activity data might be: At a certain time a user connected from New York City, using Comcast, and transferred 100MB from youtube.com and 300MB in total.
We consider user activity data the most sensitive category of data. We never, ever share this data with third parties. We keep user activity data for at most 90 days, and then we aggregate it and delete it. Backups of that data are kept for a reasonable amount of time.
Aggregated Data
Data is “aggregated” by taking a lot of sensitive user activity data and combining it together to form coarse statistical data that is no longer specific to a user. After aggregation, the user activity data is deleted.
An example of aggregated data might be: On a particular day, 250 people connected from New York City using Comcast, and transferred 200GB from youtube.com and 500GB in total.
Aggregated data is much less sensitive than activity data, but we still treat it as potentially sensitive and do not share it in this form.
Shareable Aggregated Data
When sharing aggregated data with third parties, we make sure that the data could not be combined with other sources to reveal user identities. For example, we do not share data for countries that only have a few Aritst++ users in a day. We make sure that the data is anonymized.
We also never share domain-related information with third parties.
An example of shareable aggregated data might be: On a particular day, 500 people connected from New York City and transferred 800GB in total.
An example of data that is not shareable: On a particular day, 2 people connected from Los Angeles. Those people will be included in the stats for the entire US, but that is too few people to anonymously share city data for.
What does Artist++ do with User Activity and Aggregated Data?
Activity and aggregated statistical data are vital for us to make Artist++ work best. It allows us to do things like:
Monitor the health and success of the Artist++ network: We need to know how many people are connecting, from where, how much data they're transferring, and if they're having any problems.
Monitor threats to our users' devices: We watch for malware infections that attempt to contact command-and-control servers.
Ensure users stay connected while foiling censors: We try to detect that a user is behaving like a real person and then reveal new Artist++ servers to them. (This is our obfuscated server list technology.)
Estimate future costs: The huge amount of user data we transfer each month is a major factor in our costs. It is vital for us to see and understand usage fluctuations.
Determine the nature of major censorship events: Sites and services often get blocked suddenly and without warning, which can lead to huge variations in regional usage of Artist++. For example, we had up to 20x surges in usage within a day when Brazil blocked WhatsApp or Turkey blocked social media.
Understand who we need to help: Some sites and services will never get blocked anywhere, some will always be blocked in certain countries, and some will occasionally be blocked in some countries. To make sure that our users are able to communicate and learn freely, we need to understand these patterns, see who is affected, and work with partners to make sure their services work best with Artist++.
Who does Artist++ share Aggregated Data with?
Shareable aggregated data is shared with sponsors, organizations we collaborate with, and civil society researchers. The data can be used to show such things as:
How well Artist++ is working in a particular region.
The blocking patterns in a given country, for example during political events.
That the populace of a country is determined to access the open internet.
Again, only anonymized shareable aggregated data is ever shared with third parties.
Artist++ Client Advertising Networks
We sometimes use advertisements to support our service, which may use technology such as cookies and web beacons. Our advertising partners' use of cookies enable them and their partners to serve ads based on your usage data. Any information collected through this process is handled under the terms of our advertising partners' privacy policies.
Artist++ Websites
Google Analytics
We use Google Analytics on some of our websites to collect information about usage. The information collected by Google Analytics will only be used for statistical analysis related to your browsing behaviour on this specific site. The information we obtain from Google Analytics is not personally identifying, nor is it combined with information from other sources to create personally identifying information.
Google Analytics sets a permanent cookie in your web browser to identify you as a unique user the next time you visit the site, but this cookie cannot be used by anyone except Google, and the data collected cannot be altered or retrieved by services from other domains.
Google’s ability to use and share information collected by Google Analytics about your visits to this site is restricted by the Google Analytics Terms of Use and the Google Privacy Policy. You may choose to opt out by turning off cookies in the preferences settings in your web browser.
Storage Access Logging
We use Amazon S3 to store assets such as website files and Artist++ server discovery lists. We sometimes enable logging of downloads of these files. Analyzing these logs helps us to answer questions like "how many users are starting but not completing the download of the server discovery list?", "how is the downloaded data split between website assets and server discovery?", and "is an attacker making a denial-of-service attempt against our websites?"
S3 bucket access logs contain IP addresses, user agents, and timestamps. These logs are stored in S3 itself, so Amazon has access to these logs. (However, Amazon already serves the files, so they can already access this information.) Artist++ developers will download the logs, aggregate and analyze the data, and then delete the logs. Raw data will be kept only long enough to aggregate it and will not be shared with third parties.
Cookies
artistplus.plus only uses cookies and similar tracking technologies to carry out activities that are essential for the operation of the website. Essential cookies are necessary to ensure basic functions of the website. Cookies are small text files that are stored on your computer and saved by your browser, and do not represent any risk to your device. You can configure your browser settings to personalize how you would like your browser to handle cookies. Disabling essential cookies will degrade the functionality of this website.
App Stores
Note that if you get Artist++ from an "app store", such as the Google Play Store or Apple App Store, additional statistics may be collected by that store. For example, here is a description of what the Google Play Store collects: https://support.google.com/googleplay/android-developer/answer/139628?hl=en