简介

根据《1998 年新南威尔士州隐私与个人信息保护法案》第 133 号（https://legislation.nsw.gov.au/view/whole/html/inforce/current/act-1998-133），以及《中华人民共和国个人信息保护法》（http://www.npc.gov.cn/npc/c2/c30834/202108/t20210820_313088.html）；
鉴于任何隐私信息一旦泄露可能被不道德地滥用；
参考 IEEE 伦理规范；
本隐私声明与信息处理条款如下。

隐私声明：本服务收集哪些信息

用户上传图片时有两种状态：已登录与未登录。
当用户已登录时，其电子邮箱地址会显示在右上角欢迎语之后，例如：Welcome, Jane.Citizen1@example.com。
若用户未登录，则只会显示 Guest 字样，并在其后出现 Login 和 Register 按钮。

以访客身份上传图片

根据中国法律规定，仅限位于中国大陆的用户可在未登录情况下上传图片。在此情况下，将收集以下个人数据：

• 上传设备的 IP 地址（作为图片 URL 的一部分）。
• 图片信息（MD5 校验值），将作为文件名使用。
• 转换为所选格式后的图片。
• 与该 IP 地址关联的图片。
• 图片上传时的时间戳（AEST）。

以注册用户身份上传图片

注册用户每天最多可上传 80 张图片。在此情况下，将收集以下信息：

• 上传设备的 IP 地址（注册时）。
• 注册邮箱地址与密码（不可逆密文形式）。
• 与账户关联的图片（URL 将包含账户 ID）。
• 图片信息（MD5 校验值）。
• 转换为所选格式后的图片。
• 图片上传时的时间戳（AEST）。
• API 密钥信息（如适用）。

隐私声明：谁可以查询隐私信息

只有犯罪发生地所属国家的合法执法机构（需符合国家或州法律条款）才可申请获取私人信息。
执法机构必须使用其官方部门邮箱发送邮件至：
mysite-consern@otiaer.org

邮件必须包含：

• 图片 URL。
• 提出请求的原因。
• 适用的法律条款（需明确到具体条款）。
• 证明文件：
• 1. 证明该部门已获政府授权，可获取用户私人数据。
• 2. 证明申请人已获部门授权，可提出该请求。

技术信息：密码处理方式

密码以不可逆加密形式存储。
这意味着, 即使攻击者可以拿到数据库中的密文, 其也无法直接得到账户密码。

程序设计弱点与解决方案

虽然密码以加盐 MD5 形式存储，但由于 GPU 暴力破解技术的发展，该方式已不再安全。

因此建议你：

• 使用完全不同且复杂的密码，不应与其他网站或应用相同。
• 使用随机密码生成器生成密码。

Introduction

According to the NSW Privacy and Personal Information Protection Act 1998 No 133 (https://legislation.nsw.gov.au/view/whole/html/inforce/current/act-1998-133), and the Personal Information Protection Law of the People's Republic of China (http://www.npc.gov.cn/npc/c2/c30834/202108/t20210820_313088.html);
Considering that any privacy information could be unethically abused once leaked;
Referring to the Code of Ethics of IEEE;
The Privacy Statement and Information Processing terms are as follows.

Privacy Statement: What information does this service collect

There are two states while a user is uploading an image: logged in and not logged in.
When a user is logged in, their email address will be displayed in the top-right corner come after the welcome message, for instance, Welcome, Jane.Citizen1@example.com.
If a user is not logged in, only the word Guest will appear before the Login and Register buttons.

Upload images as a guest user

According to the law regulation in China, only user located in mainland China can upload images without logging into their account. In this case, the following personal data will be collected:

• The Internet Protocol (IP) addresses of the upload device. It is a part of your image URL.
• The image information (MD5 checksum), which will be used as the filename of the image.
• The image after conversion into the selected format.
• The images that are associated with the IP address.
• The timestamp, in AEST, when your image is uploaded.

Upload images as a registered user

Any user can upload up to 80 images per day after registering an account. In this case, the following information may be collected:

• The Internet Protocol (IP) addresses of the upload device (when registered).
• The registered email address and the password, in the form of an irreversible ciphertext.
• The images that are associated with the account. The URL will consist of the account ID.
• The image information (MD5 checksum), which will be used as the filename of the image.
• The image after conversion into the selected format.
• The timestamp, in AEST, when your image is uploaded.
• The API secret information, if applicable (if registered to the API service).

Privacy Statement: Who can query the privacy information

Only legal authorities in the country of the crime (confirmed by the state/national law terms) can request private information obtention.
To file an information request, the office of law enforcement (or department) must use their department email address, send an email to the following address:
mysite-consern@otiaer.org

The email must consist of the following:

• The image URL.
• The cause of this request.
• The applicable law regulations (specified to a single term).
• Document(s) that proof:
• 1. Your department is authorised by the government to obtain private data from users.
• 2. Your department has authorised you to request private data from this website.

Technological Information: How the program processes your password

Your password is stored in encrypted form. This is irreversible (which means once your registration is handled, nobody can find out the original password, even with the recorded value in the database).

Weaknesses of the program design and Solutions

While the password is stored in Salted MD5 form, it is still suggested that this measure is no longer secure due to the brute force attack invented by GPU.

Thus, it is recommended for you to either:

• Use a completely different, complex password. This shall never be different as other websites and applications.
• Use the password generated by a random password generator.