You have concerns

What is this? I have questions!

Why am I here?

So you have concerns about what we collect or you are just interested. We live in scary times sometimes and we all know that we should never trust a stranger. Especially websites are creepy, you can not even see who youre talking with. Whatever youre concerns are, on this page you learn all about:

  • ? what exactly we collect
  • ? what we store on your device
  • ? why we do what we do
Police Fox

Are you hungry?

For cookies 🍪

We use cookies for authentication and nothing else! Why cookies? In computer science we have the following goals for information exchange: authenticity, confidentiality and integrity.

# integrity

... is used to make sure that nobody in between site A and B (for example) changed some parts of the shared information. Therefore a hash is calculated and added to a packet (message). This can be achieved by using hashing algorithms like MD5, SHA(1,2) and so on. To really make sure that no one is even able to modify the hash HMACs are used. This stands for hashed message authentication code. The main difference between a hash and a hmac is that in addition to the value that should be hashed (checksum calculated) a secret passphrase that is common to both sites is added to the calculation process. E.g. [Value that should be hashed] + [secret passhrase] -> Hashed value of this "two" inputs.

# confidentiality

... is used to make sure that nobody in between site A and B is able to read what data or information is sent between the to sites. To achieve this encryption algorithms are used. There are two kinds of encryption algorithms, symmetric and also asymmetric ones. Symmetric algorithms allow encryption and decryption with the same key. With asymmetric algorithms you have to kinds of keys: a public one and also a private one. The public key is often available to the public while the private key is just available for "yourself" (if the mentioned keypair is yours). Everything that you encrypt with the public key can only be decrypted with the private one and vice versa. When it comes to confidentiality you often just use symmetric algorithms like DES, 3DES (both outdated) or AES. Asymmetric encryption is used to transfer a symmetric key and also to make sure that the other site is really who it seems to be (when it comes to SSL/TLS).

FoxesInBoxes uses https by default. Dont believe me? Well try to type in our URL without the s. You will see that you will automatically get redirected to https. So you can not even visit this page unsecurely. You should never visit a page without encryption!

# authenticity

... is used to make sure that you really communicate with the partner you want to. To achieve these different kinds of techniques can be used, e.g. Pre-shared keys that are configured on both sites, Elliptic Curves or RSA as public/private key algorithms.

? So what does all of this have to do with cookies?

Well we need to make sure that you are who you claim to be. The cookie is like a small passport. It encodes a token that is uniquely linked with your account and makes sure that you do not have to login for each page reload. It is standard procedure as we do not want to include any passwords in requests! Also there is some concerns about the securtity of JWTs. Cookies can not be accessed via javascript, unlike anything in the localstorage. So they are safer as long as your browser is not under attack. If you are more interested read more here.

We have a file on you

What is stored about me? 📂

First things first: We aren’t using passwords, since we are relying on third-party-services like Discord and Auth0 to authenticate you. The authentication process is handled by these services, we are just receiving your username for easy identification and your email address to contact you in case you have won something. We will never sell this data to third parties, nor do we analyze it. If you want to revoke our access on your data on Discord, go to User Settings ->Authorized Apps -> FoxInTheBox -> Deauthorize. Additionally, we do not save any data that you are not actively entering, for example any tracking metrics such as IP addresses, locations or devices. Our user model just stores your name, and what you solve on this site. The model is public and you can see for yourself.

© 2021 FoxesInBoxes