|Disclosed To||Reasons for Disclosure|
Invite to Join
|Your IP Address||x||*||x||x||- Give and Get mode users need to know each other's IP addresses to proxy traffic through each other. The same thing is true for Lantern operated fallback proxies.|
- Lantern communicates directly with Google in order to authenticate you, at which point your IP becomes know to Google
|Your Email Address||x||x||x||x||x||x||x||- When you invite someone to join Lantern, we send them an email via Mandrill/MailChimp using your email address|
- The people whom you invited to join Lantern get an email from your email address
- In order to communicate and proxy traffic, Lantern instances need to know about each other. Lantern instances are identified by a string that includes your email address.
- Lantern uses Google to authenticate users against the Lantern network based on their email address.
- The Lantern Server keeps track of which Lantern instances are online at any given time, which includes your lantern id which includes your email address
|Your Name||x||x||x||x||x||- When you invite someone to join Lantern, we send them an email via Mandrill/MailChimp using your name|
- The people whom you invited to join Lantern get an email from your name
- Invitations are managed by the Lantern Server and so your name is known to the Lantern Server
|Your Online/Offline Status||x||x||x||- For people running Lantern in Give mode, Lantern needs to know when new instances of Lantern are online so that they can be used for proxying traffic|
|x||*||x||- Lantern uses an extended trust network that allows friends of friends of friends (and so on) to proxy traffic for each other. These friends are identified to each other via a unique identifier that includes their email address and who are advertised to each other via their friends in common. Your immediate friends can tell who some of your other friends are based on the advertisements that you send them. Other Lantern users will learn about some of your friends via the advertisement mechanism, but they won't know that they are your friends, just that they are Lantern users.|
- The Lantern Server tracks your list of friends for synchronizing them to other computers of yours.
|x||x||x||x||?||- When users proxy through each other via Lantern they use a direct connection for speed, which means that their geographic location is known to each other. This can be seen on Lantern's map visualization.|
- Lantern keeps track of user's geographic locations to track country-level statistics about Lantern usage.
|Server name of All Web Pages|
Viewed through Lantern
|x||x||x||x||- When you proxy traffic through another Lantern instance, they have to know the hostnames of pages that you're accessing in order to proxy the traffic for you|
- If something goes wrong while attempting to access a web server, we might report the problem to Loggly.com (if "Securely report anonymous usage statistics to contribute to Lantern" is checked)
|URL and Contents of|
Unsecured Web Pages
Submitted and Received
|x||x||x||x||- When you proxy traffic through another Lantern instance, they have to know the content that you're sending (and receiving) in order to proxy it. If you do not encrypt that content (i.e. by using an https:// url), then the other Lantern user can see all of this content.|
|Google Authentication Refresh Token||x||x||- If you are a user with your own dedicated fallback proxy, your fallback proxy stores and forwards kaleidoscope notifications on your behalf while your own Lantern client is offline. This ensures that people don't miss notifications about new users in the trust network (which come over Google chat). In order to do this, the fallback proxies hold on to a refresh token that gives them access to your Google Talk account.|
The refresh token allows Lantern's servers to:
- Know your email address
- View basic information about your account
- Send and receive chat messages on your behalf
- Get a list of your chat buddies
- Find out if you are online or offline with Google chat