Security Details

About IP Address Logging

Information transmitted across the Internet relies on an international standard called the Internet Protocol (or 'IP') in order to arrive at its destination. This standard requires each machine transmitting information to have a unique address called an IP address. This allows a packet of information to be routed to the correct machine much like a street address and postcode allow a letter to be delivered to the correct house. IP addresses are usually assigned dynamically by an individual user's Internet Service Provider at the time they connect to the internet, and IP addresses of visitors are automatically logged by web hosting providers. Often other technical details, such as a visitor's operating system and browser type are also logged by web hosting providers. (Note that all this applies to the Internet as a whole, not just to individual sites.)

CounsellingResource.com reviews these records collected by our web server for statistical purposes. However, individual users are not identified by these data.

Data for Research and Site Development

Aggregate data about visitor demographics are used by CounsellingResource.com for research purposes and to develop the site further. In accordance with our Privacy Policy, however, individual privacy is respected absolutely.

Cookies

The CounsellingResource.com discussion and support forums offer users the option of being recognized automatically each time they return to a discussion. To take advantage of this functionality, users should set their browsers to accept cookies. This means the discussion forum software will ask the user's browser to store a few characters of information which will be sent back to the site at subsequent visits. It is not necessary to accept cookies, but discussion forum users will have a more seamless experience if cookies are enabled.

The CounsellingResource.com Blog & Features section also makes limited use of cookies to identify returning visitors who have previously been approved to submit comments on published articles.

Finally, as part of Google's AdSense advertising platform, Google may permit third parties to set cookies in users' browser or to use web beacons to collect traffic data, in the course of Google's placement of ads on this site. Google's use of cookies is itself subject to its own privacy policy.

Most web browsers will accept cookies by default, but they can be set to reject cookies, either from all websites or from specific sites. Users can also manually delete cookies directly via the web browser. These options are generally configured through a "Privacy" setting in the browser.

Encrypted Storage and Communication

With the exception of data provided to CounsellingResource.com discussion forums, any visitor information stored locally (including all emails, once they have been received) is kept on a highly secure disk partition encrypted with 128-bit AES. AES stands for 'Advanced Encryption Standard' and is the successor to the older DES, or 'Data Encryption Standard'; DES and its successor AES are widely used by the US and other national governments as well as throughout the banking industry.

As of this writing, cryptographic researchers believe that 128-bit encryption, sometimes called 'strong encryption', will be safe from direct attack indefinitely. For all practical purposes, strong encryption is impervious, and no instances have ever been reported of AES being defeated. The high-profile cases reported in the news of banks revealing customer information or hackers acquiring it have all involved the accidental exposure of unencrypted data, not data with encryption that was broken. This is why the US government, until very recently, classified strong encryption as a munition and regulated its export in the same way as military hardware: it renders encrypted data inaccessible even to national governments. (Relaxation of these regulations finally occurred not because strong encryption had become weaker, but because it was already available outside the US, and US companies were being disadvantaged by being prevented from exporting it.)

Email communications with CounsellingResource.com and the Managing Editor can be protected during transmission using similar technology, a combination of standard strong encryption and public key cryptography called OpenPGP, where 'PGP' stands for 'Pretty Good Privacy'. (Free OpenPGP clients such as open source Gnu Privacy Guard, or GPG, are available for every major personal computing platform, as is the commercial product PGP.) Using OpenPGP, the benefits of strong encryption can be applied to communications between two parties without requiring them first to agree on a secret key (password) for encrypting and decrypting their data. Instead, each party uses both a 'public key' and a 'private key'. In effect, the public key can be used to encrypt data, while the private key can be used to decrypt data secured by its counterpart public key. This means anyone can publish their public key for others to use to encrypt messages to them, but no one can decrypt those messages except the holder of the corresponding private key. These keys are formally known as 'asymmetric', meaning there is no straightforward way to deduce one from the other, so publishing the public key provides virtually no information about the private key. The OpenPGP public key for contacting CounsellingResource.com is included under Contact Details.

Privacy at the User End

Site visitors should be aware of a number of factors which could impact privacy from their end of the network and which are therefore beyond the control of CounsellingResource.com. Roughly, these factors fall into two categories. First are those which result from sharing a computer with another user. For example, the default behaviour of modern browsers typically keeps a history of the most recently visited sites. If this feature is not switched off or adjusted to keep a very minimal history, another user could identify many of the most recently visited sites by inspecting this log. Similarly, another user might access email records kept on a shared computer, in some cases even if those two users login to a shared machine with different usernames.

The second category of factors which can impact user privacy are those which result from visiting via an employer-operated network. Many employers log traffic to and from their networks, and virtually all large employers keep records of employee emails which pass through their servers. In the latter case, this means that copies of emails may be kept even after they have been deleted from an individual user's machine. Encrypting emails can secure their content, but it cannot make them disappear.