DATA COLLECTION POLICY

Last updated: December 2, 2020

What and how Netlas collects

Netlas.io app collects only externally accessible and publicly available data. Only nonintrusive techniques are used to gather information. This means Netlas.io algorithms utilize standardized and publicly available network-based protocols to query hosts and learn one or more attributes about the host. Examples of passively scanned attributes include:

  • Exposed Ports. Networked applications typically communicate via a “network port,”. For example, web traffic typically uses TCP port 80 or port 443. Security recommendations usually include configuring hosts to deny all ports except those that are needed. Services behind ports send public metadata called “banner”.
  • SSL certificates is used to protect sensitive data through enabling encrypted network communications. They contain public keys, domain name, which person, organization, or device it was issued to and other information made public to be everyone able to ensure that connection is secure.
  • Whois database contains information about domains, registrants and registrars. The Internet Corporation for Assigned Names and Numbers (ICANN) requires that the contact information of those who own and manage a domain name to be made publicly available via Whois directories.

The above three types are “nonintrusive” since the data they collect is publicly available and accessible by anyone using a web browser.

Purpose

Our purpose is to help users with research, marketing and security improvement tasks they have.

We would like to see the Internet developing, becoming more secure and healthier as it is seen at https://www.mozilla.org/en-US/about/manifesto/. We hope that Netlas.io helps to achieve this.

We do not use “intrusive” methods, perform penetration testing, do not bypass your protection mechanisms or test them or access private data without your consent and a proof of ownership. You can ask us to scan hosts you own with “intrusive” methods which will show you more detailed picture. In this case the results will be available only to you.

Legislation

Netlas.io does not breach known to us laws, such as the US government’s Computer Fraud and Abuse Act, as it collects only public data. No unauthorized access is performed. We have no intention to interrupt the confidentiality, integrity and availability of digital assets.

How to make information private

Using Netlas.io you may find some information about your host that you do not want to be publicly available. The best way to solve this is to restrict access to certain information by configuring your software and use Netlas.io to rescan your hosts to see how your perimeter has changed.