The goal of this project is to operate as a “SINKHOLE” domain, replacing a command and control server for a specific strain of malware. We will use the SINKHOLE to measure and study how malware contacting this domain operates and spreads. IP addresses and other data gathered from visitors to this domain will be used to further EFF’s efforts to protect people from malware, and analyze the spread of malware, including aggregate numbers of infections and general physical location of infected machines determined using IP geolocation.
PLEASE NOTE: EFF's General Privacy Policy does NOT apply in full to this website.
Due to the nature of the project, and the information that will be collected in the course of the research project, this alternate privacy policy applies. Should you have any questions about this privacy policy or any use of the data collected, please contact privacypolicy@eff.org.
The Electronic Frontier Foundation has established this Privacy Policy to explain what information we collect through this website and how it is used.
In this policy, "EFF" and "we" refer to EFF staff, board members, cooperating attorneys, interns, volunteers, and consultants, all of whom are bound by law or contract to keep information they receive as part of their assistance to EFF confidential.
EFF is located within the United States, and therefore will transfer, process, and store your information in the United States, which may not provide as much protection as your home country. (We're working to make US practices better.)
In general, SINKHOLE collects logs about requests to this domain (unclesow.com).
Anonymization
We will make our best efforts to anonymize any data collected by SINKHOLE before publishing or sharing or within a certain time frame as described below. Because anonymization is an algorithmically complex problem, we cannot promise that it will be flawless or attack-proof.
The specific log information we collect includes:
Our practices and purposes for collecting these records are discussed below:
SINKHOLE collects information about the user agent string from the browser to help us differentiate between infected machines and web crawls or visits from researchers and curious individuals. Collected information will only be used for purposes as described in this policy.
HTTP Path
The HTTP path you visit on this website is collected to help positively identify malware infections and to help identify all paths the malware is using. Path data may be used in aggregate in an anonymized fashion.
SINKHOLE logs IP addresses for the purpose of determining what machines, how many, and general geographic location of machines infected by specific strains of malware. Collected IP addresses may be used for disclosure to infected entities in some cases and where possible. IP addresses collected will not be publicly disclosed and will be subject to our data retention policy described below. IP address location data may be published in an anonymized fashion (e.g. “there were between x and y users with infections located in country z”) IP Addresses collected will only be used for purposes as described in this policy.
SINKHOLE collects a timestamp each time it is visited. This will be used to measure how often malware connects. Timestamp information will only be used for purposes as described in this policy.
In general, EFF uses the information provided by you to further its mission, protect privacy, defend freedom, and protect your rights in the digital world.
We may look at technical information to diagnose problems with our server and to administer the SINKHOLE website.
Data gathered from SINKHOLE may be published in future reports in an aggregated form with any PII or any individual details such as IP address, timestamp, etc. removed. (e.g. “there were between x and y users with infections located in country z”) or shared with researchers as described below.
Voluntary Sharing of SINKHOLE data
From time to time, EFF may also share datasets derived from our technology projects with research partners working on topics related to Internet security, censorship resistance, privacy or other public policy objectives. We may also publish datasets in an effort to further these objectives. The datasets we may share or publish will not intentionally contain personally identifiable information.
Before sharing, we will evaluate whether further sanitization or aggregation of data is necessary to reduce the likelihood that inferences about identifiable individuals' activities might be made from the published dataset. Because anonymization is an algorithmically complex problem, we cannot promise that it will be flawless or attack-proof. When we believe that a dataset may contain information that is especially sensitive or vulnerable to de-anonymization, we will not publish it, and if we share such data with research partners, we will place them under a contractual obligation to keep the dataset confidential and avoid de-anonymization.
Other Sharing of SINKHOLE data
While EFF endeavors to provide the highest level of protection for your information, we may disclose the data collected on this site to third parties in limited circumstances, including: (1) with your consent; or (2) when we have a good faith belief it is required by law, such as pursuant to a subpoena or other judicial or administrative order. As we do not collect contact information, we will be unable to provide visitors to this site with notice of legal process. However, we will independently object to requests for access to information about users of our site that we believe to be improper and we have done so.
If you have any questions about our privacy and data protection practices, you can reach EFF at:
Electronic Frontier Foundation
815 Eddy Street
San Francisco, CA 94109 USA
Phone: +1-415-436-9333
Fax: +1-415-436-9993
Email: privacypolicy@eff.org.
If our processing of your personal data is covered by EU law, you may also lodge a complaint with the relevant data protection supervisory authority for your country of residence.
To protect your privacy, we use various techniques to anonymize the data set, and have promised in this policy not to try to de-anonymize the data, which means we don't know which entry in our SINKHOLE data set is from a test of your browser, This also means that we have no way to allow you to access, update or remove that specific data. If you have any questions, you can email us at privacypolicy@eff.org.
EFF's general privacy policy covers the storage and retention policies for direct communications with EFF. The server logs are stored and retained for up to four weeks, any data retained after that will be anonymized and stored in aggregate.
EFF employs industry standard security measures to protect the loss, misuse, and alteration of the information under our control, including appropriate technical and organizational measures to ensure a level of security appropriate to the risk, such as the pseudonymization and encryption of personal data, data backup systems, and engaging security professionals to evaluate our systems effectiveness. Although we make good faith efforts to store information collected by EFF in a secure operating environment, we cannot guarantee complete security.
EFF's SINKHOLE Privacy Policy may change from time to time. However, any revised privacy policy will be consistent with EFF's mission. If we make any substantive changes to our policies, we will place notice in EFFector and post notice of changes on this page.