Data Protection Declaration

TU Braunschweig’s data protection declaration applies to this website except section V, VI, VII, and VIII.

In addition, this web offer is subject to a data processing activity which is described below:

IX. Description of the data processing activity

1. Description and scope of data processing

For the needs of the research project defined here, PACO logs requests to our server, storing the following information:

• IP addresses
  PACO logs IP addresses to allow distinguishing different systems that visit our website.
• Timestamps
  PACO collects a timestamp each time it is visited to measure the period between recurring visits.
• HTTP Headers
  PACO logs the HTTP headers your browser sends to our server, including the User Agent header usually containing information regarding your browser and operating system.
• Information of potentially vulnerable systems
  For the needs of our research goal, this website hosts a script that can indicate the presence of different XSS vulnerabilities in the backend. Our harmless test requests may entice vulnerable systems to load this script and execute it. In order to discover hidden vulnerabilities directly accessible via the Web, the research script collects a minimal amount of anonymous information and sends it back to our server. When such information is transferred to us, our system visits the potential backend that executed our script to check whether a vulnerability exists. We use this knowledge to inform website providers about potential security problems on their end.
• Cookies?
  The PACO website does not use cookies.

Our script collects the following information:

• The Browser-populated JavaScript attribute that indicates the current website's title (document.title).
• Certain privacy-preserving elements the browser-populated JavaScript attribute that indicates the current website's technical location: (document.location.protocol, document.domain, document.location.port, document.location.pathname).
• The Browser-populated JavaScript attribute that indicates the platform the browser is running on (window.navigator.platform).
• The Browser JavaScript attribute that gives information about the operating system and the browser (window.navigator.userAgent).

2. Legal basis for data processing

Refer to Section III.2 of TU Braunschweigs data privacy policy.

3. Purpose of data processing

We collect and may publish or share aggregated, statistical data from the PACO project in order to facilitate security research, educate people about security problems, and to aid in the development of security-enhancing technologies.

4. Period of storage, possibilities to object to and remove data

Refer to Section III.3 of TU Braunschweigs data privacy policy.

A contact and information about object to our scans and data collection is given here.