Privacy Policy

Privacy & Security Statement:


iOS Privacy uses the highest standards of known privacy and security safeguards to ensure that your data remains your data, without leaking any of it in any way, including to other websites, during & after your stay here. Only attacks are logged & those logs are rotated every 24 hours. Nothing is logged permanently; however, we will & do use the temporary logs in order to secure this website against sources of malicious activity.

One method used is IP blocking which does store an IP address from where attacks are launched. However, considering the fact that IP addresses are easily spoofed, altered, or hidden using various methods IP banning is only used when an IP or IP blocks such as fe80::dead:beef:feed:1/64 or 192.168.0.1/24 can be verified as the actual source of malicious activity.

In order to help protect your privacy & protect this site's security, strict http security & http privacy headers are in use. These headers include 'X-DNS-Prefetch-Control', set using a value of 'off' to prevent information leakage via DNS Prefetching. The 'Clear-Site-Data' header is set with each of the four current values: 'cache', 'cookies', 'storage' & 'executionContexts' using the wildcard '*'; this instructs your browser to clear all previous website data upon opening your connection with our site. See Clear-Site-Data for more information.

Our current DNS provider, Cloudflare, has finally stopped using its own cookies on websites. Thus iOS Privacy has stopped using our own cookies. For informational purposes, our former 'Set-Cookie' header was prefixed with __Host- & suffixed with SameSite=Strict. These values help to thwart Cross-Site-Request-Forgery (CSRF), limit the cookie as being session-only, & prevent it from being used as a tracking tool.

From Mozilla:

__Host-
If a cookie name has this prefix, it will only be accepted in a Set-Cookie directive if it is marked Secure, was sent from a secure origin, does not include a Domain attribute, and has the Path attribute set to /. In this way, these cookies can be seen as "domain-locked".

__Secure-
If a cookie name has this prefix, it will only be accepted in a Set-Cookie directive if it is marked Secure and was sent from a secure origin. This is weaker than the __Host- prefix.

Our 'Referrer' header is set to 'no-referrer' so that this site will not be referred-to when going to other sites; in other words, no site you may visit upon leaving this one will be told that you were here. This simple header, when set properly, greatly helps in improving your privacy when browsing the web. See Referer header: privacy and security concerns for more information.

One may alter one's 'referer' using Add-ons available for FireFox designed specifically for that purpose (recommended).

Our 'Content-Security-Policy' is one of the strongest in place among the small minority of sites that use this powerful tool. Its benefits are too numerous to enter into here; a good source for information is located on Mozilla's Web Developer Network.

We use no analytics, we use pep.dev for our service-worker that allows our site to work offline as a Progressive Web App, & we do not use cookies.

Our CSS is hosted by us and served using Subresource Integrity to help reduce our attack surface. The current sha512-hash is listed in our'Content-Security-Policy' directive style-src which applies automatically to both the style-src-elem directive & style-src-attr directives. No inline CSS is used, helping to protect against code injections that rely on inline CSS.

Finally, we ask that anyone who wishes to contact us use ProtonMail. It's end-to-end encrypted using PGP keys when communicating with other ProtonMail users & it's absolutely free with paid features for power users & orginizations. The only information we receive is voluntarily given to us.

That said, we don't want any personal information so we kindly ask that no one sends any.

Privacy is sacred & it must be protected or it will be lost to history. Invasion of your privacy is a business, practiced by all governments & all Big Brother tech companies including Google, Amazon, Facebook, Microsoft, & Apple. Don't allow yourself to be the product of any corporation or nation-state.