The Infinity Project Social Contract
This agreement ("user agreement" or "agreement") delineates mutual expectations between the members of the project ("Infinity team", "project members", "we", "us", "our") and all the participants ("Infinity users", "users", "project users", “the world”) about the Infinity sites (“our service”). By using Infinity Project, you acknowledge that you have read, understood and agree to be bound by the terms of this agreement.
- Project members take certain responsibilities for reliably running the service,
- Project users agree to certain use regulations on part of the Infinity Project, necessary to reliably run the service,
- Project members give users certain expectations regarding the submitted content and actions,
- Project users agree to certain content regulations on part of the Infinity Project, necessary to provide harmonious social discourse, and achieve our mission.
Subjects of the agreement
Terms of the agreement
1. Project members take certain responsibilities for reliably running the service
Being a group of people in different countries and jurisdictions, and wishing to keep it that way indefinitely, we operate as a under different legal entities (Infinity family) united by one common mission to help people achieve their goals. Members of infinity family represent us in different jurisdictions with respect to all Infinity sites. Currently, there is one primary member of the Infinity family, the WeFindX Limited representing us in the Republic of Ireland. Regarding all other jurisdictions, we currently operate our site as natural persons for purposes that don’t strictly need it -- keeping the our team open for future friendships based on trust, and co-creation of organizations to represent it and create trust within other jurisdictions. Ultimately, we believe that the legal entities associated should not own anything -- that they are the vehicles for the transparency of what we do, but ultimately, that it is the physical people who should be direct owners, and be directly responsible for everything they do.
That said, while we take our responsibilities for running the service very seriously, we don’t take the responsibilities equally. Our responsibilities depend on our roles and what every of us does. Moreover, due to time constraints, there are limitations to the number of things we do to ensure that service runs reliably. In this document, we would like to share with you the things that we do so that you could make your reasonable expectations about our service. Please, let us know your suggestions and recommendations of what we should do to increase our service reliability for your business.
Things that we do to make sure that we run reliably:
- We are working with people who know the local environments of each jurisdiction to make sure that what we do is legal in your country, that it complies with local regulations, and you can use it with confidence. Currently, WeFindX Limited is taking steps to make these assurances for users in Ireland, but we are underway to open unique in terms of branding, relationship with local jurisdictions, and largely independent organizations to take care of the regional aspects of national Infinity sites, and to make sure that Infinity family serves in the best interests of the people within these jurisdictions.
- We have separate production and development servers on separate Amazon EC2 instances running (Ubuntu 14.04).
- We keep both the development and production servers only accessible via key pairs. Password logins are disabled.
- Both development and production servers are exposed only via SSL, and ordinary connection is disabled. (Ports open: 22, 80, 443).
- We make backups of the server and development.
- We run exception logging system.
- We control the deployment process via our own managed deployment system.
2. Project users agree to certain use regulations on part of the Infinity Project, necessary to reliably run the service
Users understand, that at this early stage, we might actually go offline to do maintenance, or simply go offline because we run out of money to maintain the service. It doesn’t mean that it will stop operating. Right now, our uptime percentage is approximately 1 minute of downtime in 20 days of uptime. We will do our best to maintain the service. Please, be warned that:
- We may have to do a planned database migration some day. So far, we had to do this only once in the last 6 months period, taking down the site for less than 1 hour.
- We may have to take down the service due to unexpectedly high traffic or a discovery of a security issue.
- We may remove or suspend users engaging in attempts to abuse our service in any way.
- We may need to take down the service for maintenance or running costs for an indefinite amount of time (but we will always be looking forward to your cooperation in bring it up again). It currently costs 97$/month to maintain by paying all the dependency providers.
3. Project members give users certain assurances and expectations regarding the submitted content and actions
Our service provides the options to post content both publicly and non-pubic to other users. We did our best and plan to do our best to make sure that the non-public content stays non-public, and public content is public. However, while we had ensured that access policy works correctly, we had not taken steps to encrypt user data, which at this stage is in plain text on our server database.
We do not have plans at the moment to encrypt the data in servers. Creating a collaborative decision-making system, we think that, if a person does something that he or she does not want anyone to know, then probably, he or she shouldn’t do it in the first place. We keep nearly all of the data in the servers in plain text.
While our members can read all of the database messages, we encourage our members not to snoop on people without a reason, and respect people’s privacy.
To make sure that outsiders are unable to view your content, our team members who have access to your data, take the following measures:
- Never to log-in to Infinity infrastructure via another person’s computer.
- Keep work laptops up-to-date, running a Linux or MacOS.
- Not share any critical passwords and keys via mediums accessible via insecure smart phones or Windows devices. (for instance, not share admin passwords on telegram, as this could potentially allow a phone screenshot malware acquire admin’s password, and read everyone’s messages on Infinity)
That being said, while we value your contributions, please, don’t share any information that you want to keep private. The reason why we call the boolean field .personal on content types, rather than .private, is because we don’t believe in 100% privacy -- we think, people should share everything, have no secrets (make information universally accessible), but respect people's preferences, and ask for permission to look at each other’s secrets -- respect what’s personal, and look at the .personal=True content with good intents in your mind.
- Unlike in many social networks, the author of a personal content item on Infinity can change the visibility of the item at will. So, if there were any comments written in personal section, the owner of content item can decide to make them public, or choose to add more people to the conversation.
- While most content can be chosen to be personal, all definitions (“Categories”) are public and belong to [admin] user by default. There is no way to create a personal concept category. Therefore, if you create a category when creating a Need or Goal, know that it is public.
- Although all personal content is not publicly visible, it is possible to know that there is a hidden child or parent of an object of an object by another user. This is intended feature to allow others to know about existence of personal content, and be able to ask for permissions to view it.
- Users can friend each other by mutually following each other (mutuality is necessary to consider two users as friends), and any user can look at any user's friends' posts that they have access to via infty.xyz/user/<username>/friends links.
Also note that:
We had not yet done any penetration testing by a bank-grade tester (we plan to), and while we use many default security features of Django, such as:
- Forms are protected with CSFR tokens, preventing cross-site scripting.
- User passwords are not stored in database.
and other security measures, we cannot guarantee that there is no loophole in our security.
We provide no insurance against your information loss or leakage.
4. Project users agree to certain content regulations on part of the Infinity Project, necessary to provide harmonious social discourse, and achieve our mission
While it is our policy to seek for ways to create a world where everything that anyone truly wishes, exists, in order to comply with local laws and regulations, as well as to ensure international security, we are looking forward to cooperation with international state-level power structures to ensure sharing on our platform stays universally useful and harmonious.
- we reserve the rights to take down content that violates local regulations and laws, also, content that is against our policy.
- in our early stage, when there is not very advanced way of filtering content, we reserve the rights to curate and moderate the content to meet our quality expectations.
- in our early stage, we reserve our right to hide some of the content from public index by making it .personal=True at our own discretion, if a problem appears to be not globally important, an idea looks not attempting to create a breakthrough in solving it, or a project without a promise of deliverable important to solving a globally important problem. This is important in our initial stage, as we are trying to create a platform to address problems that really matter, ideas that have great promise, and projects with bold objectives. It is crucial to keep our platform relevant to scientists, thinkers, and exponential entrepreneurs, thus, we may hide your content not meeting these expectations from public in this initial stage. The in such cases content will remain yours personally, and you will be able to discuss (or question our decision) in its non-public discussion.
This is a work in progress, and will be further edited.