- Policy Home
- Transparency Report
- Warrant Canary Report
- Code of Conduct
- Black Badge Policy
- DMCA Information
Last Updated 2017 10 29
DEF CON wants to be up-front and transparent with what happens to the information that is gathered when you interact  with us.
SERVERS WE CONTROL
DEF CON controls the servers it uses, no clouds involved so no "third party doctrine"  issues to work around. For ALL services listed below we gather and keep the minimum data necessary, days not weeks, to troubleshoot issues, and rotate logs automatically.
- Firewall - These logs are used for debugging and detecting abuse and attacks against our services.
- Web server https://www.defcon.org/ - There are no access or error logs enabled here unless necessary for troubleshooting or identifying abuse that the firewall tips us off about.
- Forum server https://forum.defcon.org/ - We keep up to one month of web/php logs for debugging, auditing and abuse control, then we delete web logs from the forum server. If you are worried about your IP address in our logs consider using the Tor network or similar anonymizer. When you sign up to the forums or get email notifications from the forums, it will be from firstname.lastname@example.org so Google can see this activity. This is because sometimes forum spammers generate bad traffic and we don't want the main defcon.org domain to get a bad email reputation. In the future we will move to a different domain, but for now gmail is used.
Email addresses associated with forum accounts are private, but any forum admin or mod may view any user's forum-registered email address.
When investigating complaints we only look at Private Messages (PM) when we have user's permission. No form Admins, Mods, Goons should ever ask you for your password. Ever. Full stop.
- p2p servers - No bittorrent or eMule logs are generated or stored.
- Mail servers - We mine our maillog looking for mail servers that support smtp-tls and add them to our access list, as well as search for abuse spam.
- DNS servers - Because we support DNSSEC we are a popular target to be used in RAMP DDoS style attacks. We use logs to identify attackers and filter or block as best we can.
THIRD PARTY SERVERS WE USE
- amazon.com - We link our book recommendations to our Amazon account. 
- Hotel attendee records - Attendees who reserve rooms in the DEF CON block are known to the hotel but not to us. DEF CON does not seek or receive a list of who is registered under our room block. 
WHAT WE DON'T DO:
Sell log files to anyone
Sell e-mail address to anyone
Turn over logs to anyone without a legal court order
Turn over e-mail to anyone without a legal court order
Turn over snail mail to anyone without a legal court order
IF YOU ATTACK US
If you attack DEF CON all bets are off, and these policies will not protect you. As hackers we won't fight with one arm tied behind our backs.
- The Dark Tangent
Please see our transparency report
 The sources of information that are collected come primarily from the services we offer, but could also include any snail mail you send us, Call for Paper submissions, payments you make on our PayPal store, etc.