← dashboard
Privacy Policy
Last modified: 2026-07-16
Trust model
You cannot truly trust any server you do not control. This includes 0druid.cc. No privacy policy can change that. If you require genuine privacy, use end-to-end encrypted protocols (Signal, Matrix E2EE, GPG), connect via Tor or a VPN you trust, and assume every intermediate server is hostile.
That said, every service here is designed to collect as little data as technically possible. Here is exactly what each service does and does not record.
Per-service data collection
VPN / WireGuard (port 51820)
- WireGuard: Kernel module. No connection, traffic, or handshake logs. No persistent state beyond the running kernel interface.
- Unbound DNS (on VPN nodes): verbosity 0. No query logging. Forwards to 0druid.cc DoT.
- Chrony NTP (on VPN nodes): No logging directives.
- UFW: Only blocked port scans logged (rate-limited to 3/min). Allowed VPN traffic never logged.
- No logs — no traffic inspection, no connection tracking, no DNS query logging.
DNS (ports 53, 5335, 853, 8535) no logging
- dnsmasq (53, via 853): No query or access logging. Blocklist filtering happens in memory. No logs of blocked or resolved domains.
- Unbound (5335, via 8535): verbosity 0, log-queries off, log-replies off, log-servfail off. No query logging of any kind.
- dot-proxy (853, 8535): Reports only the negotiated TLS key exchange group to stderr (e.g. "group=X25519MLKEM768"). No IPs, no query content, no timestamps. TLS session tickets and caching disabled — no session tracking.
NTP / NTS (ports 123, 4460)
- Chrony: No logging directives. Transient in-memory client tracking capped at 1MB (auto-pruned). No persistent data.
- NTS-KE (4460): TLS 1.3 key exchange. No session persistence.
HTTPS (ports 80, 443)
- Caddy: All access logging directed to output discard. No request logs. No visitor IPs, user agents, or paths recorded.
- Session state: No cookies set. No user accounts. No login forms. No analytics. No third-party resources loaded.
SSH (port 3447)
- Authentication: Ed25519 key-only. No passwords.
- Logging: System journal captures auth events (success/failure, source IP). Rotated at 50MB / 30 days.
- Fail2ban: 3 failures in 10min = 4h ban. Recidive: 3 bans in 1 day = 1 week.
Summary
| Service | Query logging | Access logging | IP addresses | Session tracking |
| VPN / WireGuard | none | none | none | none |
| DNS (all paths) | none | none | none | disabled |
| DoT proxy | none | group name only | none | disabled |
| NTP/NTS | none | transient in-memory | transient | none |
| HTTPS | N/A | none | none | disabled* |
| SSH | N/A | auth events only | yes (journal) | none |
* DoT proxy has tickets disabled entirely. Caddy session tickets are encrypted, expire in 72h, contain no user data.
Data sharing
No data is sold, shared, transferred, or monetized. No advertisers, no analytics, no third-party scripts, no tracking pixels. The DNS/NTP server and VPN nodes are self-hosted on rented cloud infrastructure. Providers have physical access but we encrypt what we can and simply do not store the rest.
Data retention
- System journal: max 50MB, deleted after 30 days
- DNS logs: none exist
- HTTP access logs: none exist
- NTP data: transient in-memory only
- VPN traffic logs: none exist — WireGuard keeps no logs
- Fail2ban bans: in-memory, lost on reboot
- Backups: no third-party backup services
Security measures
- VPN: WireGuard with ChaCha20-Poly1305 + PSK, full-tunnel, hardened KVM nodes
- SSH: Ed25519-only, PQ key exchange, no password auth
- TLS: TLS 1.3 only, X25519MLKEM768 preferred, AES-256-GCM / CHACHA20-POLY1305
- DNS: DNSSEC validated, QNAME minimisation, recursive (no forwarding to third parties)
- AppArmor: 9 mandatory access control profiles in enforce mode
- Kernel: ASLR full, io_uring disabled, kptr_restrict=2, ptrace locked, BPF hardened
- IPv6: fully disabled (reduced attack surface)
Warrant canary
As of 2026-07-16, we have never received a National Security Letter, FISA court order, or any other classified government request for user data. The full canary history is at /warrants/. This section will be removed if we ever receive such a request.
Contact
r.ustydruid520@proton.me • Matrix: @druid520:tchncs.de • codeberg