Founded in September 1981 by Avril Smith
Post mail to PO Box 291, Merimbula NSW 2548
Phone and leave voicemail (02) 6448 9948
Email us at email@example.com
Visit us online at https://box.writersfsc.org.au
Or on our Facebook page at https://www.facebook.com/WritersFSC
1) The type of personal information that the WFSC collects and stores
- Email address
Financial members are also required to supply:
- Physical or postal address
- Phone number
Users can supply other information to the WFSC.
2) The purposes for which the WFSC collects, holds, uses and discloses personal information
Your data is used to contact and keep you informed of upcoming literary events, competitions and opportunities. All your information is visible to committee members because they’re involved in the organisation and running of the WFSC.
If you are a committee member, your name and role will be made visible to everyone on the Internet so that current, past and potential members know who to approach.
If you sell books through the website or become a presenter of a workshop, your name, town and photo will be made visible to everyone on the Internet so that people are more informed about your books and events.
More of your personal information can be made public, if you wish, such as your websites, email, phone number, home or work address, other organisations you are associated with or a photo. Some of this information might be gathered from the information you have already made public on other sites on the Internet and kept private until you request for that information to also be shared by the WFSC.
3) How does the WFSC collect and securely store your personal information?
Currently, as of 2018, your information is stored in Google Contacts and a Google Group, if you subscribe to the newsletter.
Registration to this website is currently disabled and will remain so until your information can be successfully synchronised between Google Contacts, Google Groups and this WordPress website.
User accounts to this WordPress website will be secured by a password which will be stored in our database as a one-way-hash. When logging into our site, your plain text password will be encoded with the same one-way-hash, sent to our database, and these two strings of encoded, non-sensical numbers and letters will be compared to decide if you are who you claim to be so that the WFSC can grant elevated privileges to our website. It’s basically how all username/password combinations are implemented worldwide, and the one-way-hashes keep getting better and more secure every day.
Our database currently resides on the same server that our website is hosted on, so it uses internal sockets for communication. Just to be sure, all our website traffic is encrypted and protected by an SSL certificate provided by Cloudflare (they also cache static parts of our website to make everything run a little bit quicker).
HTTPS isn’t available for old browsers running on old operating systems. To cater for the 3% (according to statcounter) of the population running old operating systems *cough* my dad *cough* I’ve made it so that the unencrypted site does not automatically redirect to HTTPS.
- Android 2.3.7 – FAILS
- Chrome 49 on Windows XP SP3 – FAILS
- IE 6 or 8 on Windows XP – FAILS
- Java 6u45 – FAILS
- OpenSSL 0.9.8y – FAILS
The WFSC uses an AWS server and subscribes to the LAMP philosophy. An acronym for: Linux, Apache, MySQL and PHP.
As of May 2018, the WFSC’s Linux operating system is:
- Ubuntu (Xenial Xerus) 16.04.4 LTS.
- Apache v2.4.18
- MySQL v5.7.21
- PHP v7.0.25
By telling you this, I’m not disclosing anything that can’t be easily determined by a resourceful, computer-savvy person in about three seconds. This information is the first step towards locating possible exploits to create serious problems such as a buffer overrun that can allow someone with nefarious intentions to run their own code and wreak havoc.
Keeping the operating system and its applications up to date, will make the majority of these exploits defunct and although the Linux operating system has open source code, viewable to anyone, when white-hat and black-hat hackers alike find a loophole, they kinda create a patch to fix it and make their own operating system more secure. Hackers prefer easy targets…. like Microsoft Windows.
Hint: Buy a Mac 🙂
What was just described is a more precision-based attack to gain access, but every server is susceptible to a DDoS attack – Distributed Denial of Service attack. It’s where someone has lots and lots of computers all try to connect to a website at the same time, causing it to give up and go offline. Cloudflare and AWS have measures in place to limit this kind of attack. Anyone can perform this type of attack by visiting the dark-web and hiring a bot-net of thousands of compromised Microsoft Windows computers, for as little as $5. The dark web involves websites not listed in search engines, like Google, only accessible by their IP address, encrypted and hidden behind a VPN (virtual private network) that requires the “Tor” browser to view. It sounds complicated, but it’s really, really easy.
The best defence against a DDoS attack is to not arouse the ire of evil-doers by staying small and innocuous. Everyone should remember 2008’s humorous campaign of Anonymous vs Scientology.
DNS poisoning is another type of attack that is very difficult to protect a server/website against. A hacker could subvert Domain Name Servers (DNS) which are like the telephone whitepages. Basically, they’d change the “phone number” (IP address) associated a name (eg: writersfsc.org.au) to instead point to their nefarious “phone number” (IP address) instead. It’s a little more complicated than that and harder to pull off.
Although the WFSC does it’s part to protect our own server/website, we must rely on larger services like AWS and Cloudflare to keep the wolves at bay.
You can help too by choosing a decent password to log into our website. Bruteforce attacks do happen to our server and WordPress website, but capatcha’s are pretty good at slowing the bad guys down. Capatcha’s are those annoying things that require a person to decipher obscure text displayed as an image. Google’s version is much betterer with a simple checkbox that relies on the randomness of a user’s timing.
4) The WFSC promises not to ‘spam’, sell or rent a visitor’s email address
Selling data is evil and we’re not ok with evilness, except as characters in our novels. The WFSC newsletter is sent out monthly and occasional reminders to upcoming literary events and opportunities are sent out to people in our mailing lists but never to an extent that could be considered spam. Maybe they might be considered nice spam. Good spam. Spam you want to read…
5) How can you, as an individual, access and correct any information the WFSC holds about you, including unsubscribing from any email list
The easiest way is to email us directly at firstname.lastname@example.org and the website administrator should be able to help. Or if that fails or a reply isn’t prompt enough, you can always send an email to our entire committee (usually 3-8 WFSC members) at email@example.com
Each newsletter that is sent out through our Google Group contains a link to unsubscribe.
The reminders are usually sent out as a regular email with recipients included using a BCC (Blind Carbon Copy). Just reply and let us know what’s going on.
6) How can you, as an individual, complain about a breach of the Australian Privacy Principles and how the WFSC will deal with the complaint
You should email the WFSC at firstname.lastname@example.org or email@example.com and within 30 days, a representative from the committee will likely apologise to you personally and hopefully figure out a way to make sure nothing of the sort ever happens again.
If you’re unsatisfied with our efforts, you should make your complaint in writing to the Office of the Australian Information Commissioner (OAIC)
7) Does the WFSC disclose your personal information to other people or organisations in Australia or overseas?
Occasionally, the WFSC committee will receive a request for information about one of our past or present members. We don’t give out your information to someone contacting us in this manner, but what we try to do is contact you, with their information, which allows you to decide if you wish to say “Hi” whoever it is.
Your personal information is accessible by the WFSC committee, and we’re good people. She’ll be right.
If another writing organisation asks us for contact information about our past or present members, we’ll usually be happy to oblige in certain situations. For example, if the organisation:
- would like to invite someone we happen to know to be a presenter or keynote speaker at one of their events;
- or wants to offer a unique literary opportunity, ie: not steak knives
Cookies are not evil. They’re not capable of compromising your computer or doing anything naughty. They can’t track your Internet usage beyond the website associated with them. The only time they’re not a good idea is on a publicly accessible computer.
Cookies are actually super useful. They can be used to automatically log you back into a website, such as the WFSC’s, without having to type your username or password.
9) Google Analytics or StatCounter
The WFSC website makes use of Google Analytics, because it’s awesome. Every time you visit any website you send them some basic information such as your operating system and Internet browser (both which you can easily fake if you were really paranoid) and your IP address.
Long ago, the Internet was carved up by various countries, continents and America (because they apparently invented the Internet). Each area was given a bunch of IP addresses to hand out to wholesalers, who sell them to middlemen, who sell them to ISP’s and domain registers who give them to you. Therefore, your IP address can sometimes be used to pinpoint your location. According to the Internet, Merimbula is a suburb of Sydney…
Compiling this information is really cool, because the WFSC can see trends in how people are visiting our website. At the moment, most visitors are in NSW… go figure.
10) Online payments
Once we set up online payments, some of your information, name and email, might be given to PayPal. It’s a necessary evil. The WFSC will never, ever, ever, never, ever keep your credit cards details. ‘Ere be dragons.
11) What about reviews, comments and guest blogs posted on the WFSC website
If you are offended by something on our website, feel free to contact us and we will most likely do something about it. The WFSC is not responsible for user-generated content.
NOTE: This is a poor alternative to a legal policy written by lawyers. Even though it may be easier to read, honest and explanatory, it probably doesn’t cut the mustard when it comes to the law.
The WFSC will attempt to replace this document eventually with something more convoluted and written in indecipherable legalese.