Data that SkipIRC Collects
IP and host information
When you connect to a server on the Internet, that server receives the IP address associated with your connection. This is true regardless of whether you're loading a web page, playing an MMO, or connecting to SkipIRC.
IRC traditionally displayed users' full IP addresses or hostnames. In recent years there's been a trend towards only displaying partial addresses. SkipIRC does this (as well as allowing decorative hostnames to be displayed instead.) Unredacted hostnames and IPs are only visible to network staff. Examples of redacted IPs and hostnames are
SCP-60h.fup.31.44.IP (a network bot's IP) and
SCP-ts7qud.fios.verizon.net (a recent host of Kufat's). Redacted IPs/hostnames and the identity of a user's ISP (e.g. an amateur radio allocation and Verizon respectively in the examples shown) are considered public information and are visible to the public in a user's /whois, among other places.
IP addresses are only shared with the following outside entities under the circumstances described below:
- When a user connects, SkipIRC servers and services may automatically check the IP against one or more external IP reputation services. These services are the same ones used by email systems, online stores, and other services to prevent spam and malicious use.
- In addition, each user's IP may be scanned for open proxies and other potential security issues using standard IRC security tools.
- If a user breaks the law or otherwise commits a severe rule violation such as persistent harassment, SkipIRC staff may notify their ISP and/or law enforcement as appropriate. Note that "ISP" is interpreted broadly here; for someone connecting from a school computer, the school may be their ISP.
- Any entity that's assigned IP addresses is required to provide an abuse contact (e.g. firstname.lastname@example.org) to receive reports of user misconduct. ISP reports will generally be sent to this address.
- For transparency, I'll note that there are <5 ISP notifications per year and ~1 law enforcement contact.
- Users' IP addresses and other information may be shared with SCP Wiki staff when relevant. See below for details.
- Any other circumstances as may be required by law. (e.g. responding to a subpoena or court order.)
Some IP/host information is stored in the NickServ database. This may be deleted by dropping the associated NickServ account. Information is also stored in server logs, which are only accessible to network administrators and are retained indefinitely. Finally, when a user's IP is banned, the ban obviously contains their IP information.
Users must provide a non-disposable email address to register a nick. Email addresses are only viewable by SkipIRC staff unless a user chooses to make that information public with the command
/nickserv SET HIDEMAIL OFF, in which case the email address will be publicly viewable. (For an example of this, see
/nickserv INFO Kufat)
A user's registered email address is stored in the NickServ database. This may be deleted by dropping the associated NickServ account.
SkipIRC does not share or sell email addresses. We don't routinely send out emails but may e.g. notify users who were affected by a network issue once the issue is resolved. We do reserve the right to send an all-users announcement email if we deem it necessary but don't currently have any plans to do so. Individual SkipIRC users may be contacted by staff via email as needed. (For example, if a user is having technical difficulties and no SkipIRC staff member is available at the time they ask a question, staff may respond to their registered email address.)
Users may be asked for their current age, to ensure compliance with network rules. This information is not stored in a database, although individual operators may and often do log conversations. If a user in an SCP-affiliated channel or who is known to have a Wikidot account is found to be underage, this information may be shared with an SCP Foundation admin and/or SCP Foundation chat staff as necessary.
Additional information sharing
As mentioned above, SkipIRC may share information when needed to comply with local laws. As we have users around the world, it's not practical to provide an exhaustive list of jurisdictions and laws.
Any network staff member who shares users' personal information for purposes other than the above, without permission of the user involved, would be subject to dismissal from network staff.
Special exception for ban evasion
This section applies to users who:
- Have been permanently banned from SkipIRC and
- Have attempted to evade their ban and
- Have been personally notified by network staff via email, IRC message, Wikidot PM, or other messaging systems that further attempts to evade their ban will lead to additional escalation
If a user meeting the above conditions continues to attempt to connect to SkipIRC, staff may undertake whatever reasonable measures they deem necessary to prevent that user from connecting to SkipIRC. For example, in the case of a minor this may include attempting to contact the user's parents or guardians. As another example, staff may consult other security experts and may provide the user's IP and connection information.
This is an extraordinary measure that isn't undertaken lightly. If a user isn't permanently banned from the network, or if they are permanently banned but don't attempt to evade that ban, this section will not apply.
Data that users may optionally provide to SkipIRC
Gender and Pronoun Information
If provided, this information will be public. Users may clear this information at any time. Type
/nickserv HELP PRONOUNS and
/nickserv HELP GENDER for more information. Dropping a NickServ account will also remove this information.
Private conversations, for purposes of reporting rule-breaking conduct
If a user is e.g. being harassed in PMs or in a private channel by another user, or otherwise wants to report rulebreaking conduct in PMs, they may forward a copy of the conversation to SkipIRC staff. Such conversations will be considered confidential information. They may be shared with:
- Other SkipIRC staff, for purposes of determining an appropriate action (e.g. warning, temporary ban, permanent ban)
- SCP Wiki administration, Disciplinary, and anti-harassment teams if one or more of the users is a SCP Wiki member and the conduct appears to violate SCP Wiki rules
- Law enforcement and ISPs, in the event of persistent harassment, credible threats against people or property, or other severe cases as described above for IP sharing
Users will never be under any obligation to share PM conversations or conversations from private channels with staff.
Data that SkipIRC does not intentionally collect
For historical reasons, one of the user-specified fields in IRC is referred to as the "real name". Don't put your real name there. We don't need or want to know.
The contents of this field are public.
Data that SkipIRC staff cannot see
NickServ passwords are stored in the services database in hashed form. Staff cannot see users' actual passwords.
SkipIRC staff cannot access IRC PMs directed at other users, nor can they intercept messages sent to channels that they aren't in. SkipIRC servers do not log such messages.
VIP Lounge Logging Exception
If a user of the VIP Lounge has the optional logging feature enabled on their account, those logs will be stored in the filesystem of the VIP Lounge server. They can be deleted and logging disabled on request. Some conversation data may remain in memory on our server until The Lounge is next restarted, irrespective of whether persistent logging is enabled.
(We are aware that the option to enable or disable logging ought to be exposed in The Lounge's user preferences rather than requiring an administrator to edit it on the server. Unfortunately, this is a limitation in The Lounge.)
SkipIRC staff will not read any user's VIP Lounge logs except at the express request of that user.
Data sharing with SCP Wiki staff
As mentioned above, some user data may be shared with SCP Wiki administrators and chat staff. SkipIRC is run independently of the SCP Wiki, but there's frequent coordination between the two organizations' staffs. The SCP Wiki has agreed to the following policy for data sharing with SkipIRC:
- Public information (including IRC nicknames, Wikidot usernames, and the contents of Wikidot posts and events in public channels such as #site19 and #site17) may be shared without restriction.
- IP addresses will be shared only for purposes of banning rule violators and identifying sockpuppets and ban evaders.
- As user IP addresses are generally not available to Wiki staff, this sharing is currently primarily unidirectional, from IRC to Wiki staff. This may change after Wikijump becomes active; the issue will be revisited at that time.
- Age information of underage users may be shared bidirectionally to ensure compliance with both SkipIRC and SCP Wiki age policies.
- Private conversations shared with SCP Wiki administrators or Disc/AHT team members will be handled in accordance with those teams' privacy and confidentiality practices.
- To the maximum extent practical, information sharing will occur between SkipIRC admins and Wiki admins. Under exigent circumstances such as a vandalism spree, information may be provided to lower-ranking staff members.
Is SkipIRC covered by the GDPR?
Why isn't SkipIRC covered by the GDPR?
Multiple reasons, but primarily that it is not an enterprise under that law and does not engage in economic activity in the EU (or anywhere else.) As much as we enjoy working on SkipIRC, it's ultimately a hobby project that we do in our free time.