ChinWag, Privacy and Metadata
It’s now a handful of days until Australia’s new metadata retention laws come into effect, and I just wanted to publish a quick note about how this does and does not affect your usage of ChinWag for messaging, as ChinWag is Australian-hosted and pitched primarily as a provider of services primarily to Australians.
Firstly, the focus at ChinWag is reliable communication above all. This is not a heavily privacy-focussed server, although use of XMPP comes with some inherent advantages from requiring mandatory encryption and other privacy options for all end-users to take advantage of.
However, it should be made clear that we do not do extra above-and-beyond work to ensure additional anonymity. Server logs are kept for a couple of weeks, the logs are not explicitly scrubbed of IP addresses or identifying information, backups are made and transferred offsite, and conference room chats may be logged on the server for diagnostic purposes at times. The disks that our servers use are hosted by third parties who may have the ability to access the data stored on them. Also we know we do not have an explicit privacy policy right now, but that will be addressed quite soon and will broadly say something similar to the above. None of your information is ever provided or sold to a third party.
So the executive summary of the above is that we don’t care what you’re doing, don’t explicitly monitor and watch you and it’s pretty good from a privacy perspective, but we’d like to be upfront that we may, from time to time, end up looking at stuff under a metaphorical microscope if there’s an issue or threat to the servers. Information that may be able to be used to identify a specific user, linking an IP to a username for example, may be stored for indeterminate periods. This is pretty normal from a systems admin perspective but it does surprise people sometimes.
In regards to metadata retention specifically, we believe (thanks to a good analysis by Fastmail) that we are not explicitly required to retain anything and as such we will not even attempt to do so. We’re not exactly in the same business as Fastmail of course, but we’re doing similar enough jobs at the end of the day that we’re pretty sure we’re in the same situation on this matter.
Of course, your ISP can and probably will record that you visit chinwag.im in the first place, that you use an XMPP client and it connects to our services and a hell of a lot can be extrapolated from that. It’s not perfect, nothing is. If you have huge concerns about this situation please feel free to ask questions in the ChinWag Lobby comment on this post, message us on social media or whatever it takes and we can help with advice and solutions such as using a VPN.