skip to main content

DEF CON Hacking Conference

Privacy Policy

DEF CON Privacy Policy

DEF CON wants to be up-front and transparent with what happens to the information that is gathered when you interact [1] with us.


DEF CON controls the servers it uses, no clouds involved so no "third party doctrine" [2][3] issues to work around. For ALL services listed below we gather and keep the minimum data necessary, days not weeks, to troubleshoot issues, and rotate logs automatically.

- Firewall - These logs are used for debugging and detecting abuse and attacks against our services.

- Web server - There are no access or error logs enabled here unless necessary for troubleshooting or identifying abuse that the firewall tips us off about.

- Forum server - We keep up to one month of web/php logs for debugging, auditing and abuse control, then we delete web logs from the forum server. If you are worried about your IP address in our logs consider using the Tor network or similar anonymizer. When you sign up to the forums or get email notifications from the forums, it will be from

Email addresses associated with forum accounts are private, but any forum admin or mod may view any user's forum-registered email address.

All JavaScript functions are served from our server but we may choose to direct web clients to pull JavaScript from maintainers outside of the DEF CON network while our local copy is upgraded to address a vulnerability.

When investigating complaints we only look at Private Messages (PM) when we have user's permission. No form Admins or Mods should ever ask you for your password. Ever. Full stop.

    - p2p servers - No bittorrent or eMule logs are generated or stored.

    - Mail servers - We mine our maillog looking for mail servers that support smtp-tls and add them to our access list, as well as search for abuse spam.

    - DNS servers - Because we support DNSSEC we are a popular target to be used in RAMP DDoS style attacks. When under attack we use logs to identify attackers and filter or block as best we can, otherwise we don't generate logs.


    - - The DEF CON store is hosted on eBay. If you purchase something there you are dealing with their privacy policy [4]

    - - We link our book recommendations to our Amazon account. [5]

    - Hotel attendee records - Attendees who reserve rooms in the DEF CON block are known to the hotel but not to us. DEF CON does not seek or receive a list of who is registered under our room block. [6]


Sell log files to anyone

Sell e-mail address to anyone

Turn over logs to anyone without a legal court order

Turn over e-mail to anyone without a legal court order

Turn over snail mail to anyone without a legal court order


If you attack DEF CON all bets are off, and these policies will not protect you. As hackers we won't fight with one arm tied behind our backs.

- The Dark Tangent

Please see our transparency report

[1] The sources of information that are collected come primarily from the services we offer, but could also include any snail mail you send us, Call for Paper submissions, payments you make on our PayPal store, etc.