Privacy

Vision, mission statement

We will host a CTF-like (capture the flag) contest during the mDevTalk.cz meetup on 24.5. 2018 and are looking to recruit 100 participants. With mentors from Avast, each participant will answer quiz questions and will delve into vulnerable devices/machines using known open source tools. Participants will be awarded points for various  software and hardware hacking challenges. The mission of this contest is to help participants learn how to use real penetration testing tools and to show how easy it is to hack into IoT devices.

Links to WEB

  1. WEB – https://www.mdevtalk.cz/challenge

List of data and retention length

  1. The results of the competition (winner’s name) will be made public for 5 years.
  2. Photos from the competition should be the property of Marketing and made public for several years.
  3. Video – if possible, we will record several clips with audio and this will be made public for several years.
  4. Data/Metadata from the competition will be kept for 1 year (for analysis and improvement of the CTF) as a technical requirement.
  5. Metadata for each challenge (e.g. average number of member successes, average time to solve) – kept for 5–10 years.
  6. Logs from vulnerable machines – kept for 1 year (should be deleted immediately but we are really busy) as a technical requirement.
  7. Google Analytics – kept for 26 months.
  8. List of people registered (name/mail/links to social media) – kept for 1 year, should be “rotatable” i.e. every time a person registers, we keep this data for 1 year

Results

  1. “Cookies info” – WEB
    1. One cookie for tracking each user to have some context – i.e. a ‘random uid
    2. Only cookies that are set by a 3rd party
      1. Youtube – integrated background video (Expiration is set by Google or 3rd party):
        1. Doubleclick net – some google tracking
        2. Google.com – visitors unique id
        3. Youtube – id of the video
      2. Google analytics
        1. We use GA to track the number of visitors etc.
  2. “Cookies info” – CTF
    1. Activity close
      Announcements open
      FBCTF a102d53029fb8dc3771794a9bfb36
      Filter-Main-category on
      Filter-Main-status off
      Filter-category-None off
      Filter-category-Quiz off
      Filter-category-all on
      Filter-status-all off
      Filter-status-completed off
      Filter-status-remaing off
      Game Clock close
      Leaderboard open
      Teams close
    2. In this case cookies is storage for the GUI (Graphic User Interface) setting – indicating which elements are visible/hidden, expanded or not as well as the unique ID of the user which is generated upon login. Expiry is set to 24/48 hours.
    3. We will put Google Analytics there to track users and improve GUI
  3. Google forms disclaimer
    1. We collect names (required), emails (required) and links to twitter (not required) to manage the registration (we want to limit the CTF to 100 participants), to communicate about upcoming events (requirements, reminders, cool information etc), and communicate after events (photos, results, etc). After the event is over we could send emails about new competitions with registration and participation details.
    2. Data will not be used to “up-sell”, but only in relation to mDevTalk.
  4. Consent to appear on photos taken during event
    1. There will be a photographer at the event and as it is impossible to sort all 100 people into “can take photo / can’t take photo”, all attendees should give their consent to being photographed during the event and to having these photographs published.