Let Marco know about privacy and data protection on Edgeryders

This information is best known by Matthias. Here’s what I know:

  • Data stored on our own server.
  • Server in Germany – best data protection law in the country.
  • https all around (end-to-end encryption)
  • the data is handled by a stack of software which is open-and-free (so the code can, in principle, be audited) and stewarded by substantial development communities (Drupal, MySQL, PHP, Apache, Linux – so the code is audited in actuality). 
  • We have moderators policing the activity feed every day, several times of day.
  • We have explicit terms and conditions. /t/edgeryders-lbg/351/privacy-policy-and-terms-of-use
  • One known security bug: https://edgeryders.eu/en/edgeryders-dev/task-1508. Does not affect credentials, and is easy to fix on a case-by-case basis reverting to the latest legit version of the wiki.
1 Like

Server in Germany

You probably mean:

Server in Germany – best data protection law in Europe, if not the world :slight_smile:

1 Like

Compare with Ecobytes hosting (BOA)

I would be also interested in an assessment for the proposed future hosting at Ecobytes.

Ecobytes provides Drupal hosting on machines configured with BOA (Barracuda-Octopus-Aegir). The focus of this scripts is on performance and security, allowing for an efficient sharing of codebase, while providing a proper and secure separation of clients, sites and octopus instances.

The server is also hardened and is kept up-to-date. Although it was affected by the Drupalgeddon, BOA has released upgrades within a few hours. Since then an automatic hotfix policy was also implemented, to allow servers (which authorize it) to be automatically patched if such major security issues are appearing. It also uses several mechanisms at the server level (e.g. csf/lfd) to trace and blacklist attacking IPs.

Check more about this on the GitHub site: https://github.com/omega8cc/boa

Posts on security at omega8cc page: https://omega8.cc/library/security