What are you looking for?

eduVPN

eduVPN protects you on unsecure networks, for example, against nearby prying eyes while on the train. The service also offers secure access to protected services when accessing from outside your institution's network.

student met laptop - Kees Rutten

Privacy statement eduVPN

This is the privacy statement of eduVPN that you agree with when you choose to use eduVPN.

This privacy statement applies to the service eduVPN that is being provided by SURF, the National Research and Education Network of the Netherlands. References to 'we', 'our' and 'us' refer to eduVPN, while 'you' and 'your' refer to the user of eduVPN.

By using eduVPN, you acknowledge that you have read and understood the eduVPN house rules and this privacy statement and agree with it. 

GÉANT, the cooperation of European National Research Networks, facilitates the eduVPN service and has a privacy overview published.

1. Principles and values

We believe (the opportunity to have) privacy in a secure way is fundamental but unfortunately also increasingly scarce. eduVPN strengthens the user's security by enabling institutions, students, teachers, employees and researchers to connect securely to the internet and their institution network wherever they are. eduVPN has been developed with privacy and security in mind since the very beginning of the project because we think privacy and security are inseparable within eduVPN.

That being said, eduVPN collects, stores and logs information. We use this information with the purpose of providing the service eduVPN, for auditing and analysis in order to maintain, protect and improve eduVPN. Our principles regarding data collection are:

  • We don't collect personal information or data when it is not necessary.
  • We will never use personal data for other purposes than those for which the personal data were initially collected.
  • We will never sell or market the obtained personal data to third parties.
  • We will never store or view the content of the traffic on the VPN network.
  • We will be transparent about all aspects of processing personal data and logging.

The legal ground of processing personal information is legitimate interest to provide the service eduVPN and to prevent abuse on the SURFnet network. As a user you have the right to inspect all the user data we collect from you. In some cases you also have the right to rectify or delete the data and or restrict the processing of the data. You may always object to the the processing of your user data. Such requests may be sent to the email address below. SURF will give a response to the request within four weeks. If you do not agree with how eduVPN handles personal data, you also have the option to file a complaint with the Dutch Data Protection Authority.

In order to be transparent, this Privacy Statement is quite comprehensive and thus a quite long read. Therefore we also included a shorter summary that is more easily readable.

Don't hesitate to contact us via eduvpn@surf.nl

2. Short summary

From a user's perspective, eduVPN consists of a user portal (web server) where configuration files can be downloaded and a VPN server that can be used to establish a connection with eduVPN. These components log and store the following information for 90 days:

2.1 User portal

  • The unique user ID of the user
  • A list of certificates created by the user

2.2 Connection

  • The unique user ID of the user.
  • The time the connection was established.
  • The time the connection was closed.
  • The IP addresses assigned to the user's VPN client.
  • The original IP addresses of the VPN client.
  • The rights that a user has (SAML "Group/Entitlement/etc." attributes)
  • Used OS (indirectly via Oauth Client_ID)

3. Elaborate version

3.1 The information you provide

When you start using eduVPN and log in for the first time, SURFconext will ask if you agree with the release of personal data. There are two profiles within eduVPN, each requiring different personal data (explained below). You will also be asked to read and accept the SURF Terms of Service and this eduVPN Privacy Statement.

Secure Internet
If you choose this profile, all traffic will be going through eduVPN. eduVPN only uses the attribute 'persistent NameID' (example: b466f1047193791ga9aop7224a98fd24a1ce4551) from the user. This identifier is randomly generated by SURFconext and pseudonymous. The mapping of the persistentID to the associated user can be made when SURF is required to do so pursuant to the law, a judicial decision or abuse.

Within the context of the Dutch Personal Data Protection Act and the European General Data Protection Regulation, SURF is the controller and Greenhost is the processor of personal data within this profile.

With Secure Internet, a user can also connect to other countries. This functionality is made possible in collaboration with other research networks in the world under the supervision of GÉANT.

Institute Access
If you choose this profile, only traffic to the institution's network will go through eduVPN. This is the profile you want when you need access to your institution's netwerk. The persistent NameID can not be used for this profile since users need to be identifiable for authorization. This means that the chosen attribute for this profile can differ between institutions. There is a strong preference from the eduVPN-team that institutions will use attributes that are not directly reducible to users identities, e.g. using student numbers.

Within the context of the Dutch Personal Data Protection Act and the European General Data Protection Regulation, your institution is the controller and SURF is the processor of personal data within this profile.

3.2 The information we collect

eduVPN collects more information and data than the aforementioned SURFconext attributes you provide. This is mostly because of error logging so we can troubleshoot more easily when something is not working as intended. We made a list of all the logging components within eduVPN.

Statistics
eduVPN servers provide us with general and anonymous statistics. The following is part of these statistics:

  • Total number of unique users
  • Highest number of concurrent connections

These statistics are being created daily and will also be available in consolidated form for other periods of time like weekly and monthly. These data are available to the institution's application managers and the eduVPN team. There is no user data and / or personal data being processed in these statistics.

Logging for application managers
An application manager can search specific VPN connection logs from the admin portal. For the Secure Internet profile logs can only be accessed by the eduVPN team while only the institution's application managers have access to the logs of the Institute Access profile. The application manager needs the point of time in combination with the issued IP address to request logging. When the combination is available in the logs, the following will be provided:

  • Used profile (i.e. ' Institute Access')
  • The UserID (i.e. 'b466f1047193791ga9aop7224a98fd24a1ce4551')
  • The name of the configuration file (i.e. 'Android_1478521025')
  • The issued IP addresses (VPN) (i.e. '145.101.113.74 and 2001:610:188:71::1008')
  • Timestamp start of connection (i.e. '2016-11-07 13:17:19')
  • Timestamp end of connection (i.e. '2016-11-07 13:23:40')

These data are being stored for 90 days.

Server logging OpenVPN / WireGuard
eduVPN uses OpenVPN and/or Wireguard software for the underlying VPN server. All logging of OpenVPN and/or Wireguard is switched off. Nothing is logged at this level. In specific cases, logging can be temporarily enabled to solve problems that cannot be remedied in any other way. For Institute Access, an institute can decide to enable logging.

Access log
All client requests are logged by the access logs of the web server to be able to detect problems when there are complaints and/or situations of potential abuse. The following information is stored for 90 days:

  • The (real) IP address from the visitor
  • The time of the request
  • The request line of the client (i.e. 'GET / HTTP/1.0)
  • The status code that the server sends to the client (i.e. 200, 404 etc.)
  • The size of the server's answer to the client (in bytes)
  • The requested page / URL

Error logging
Under normal circumstances, there will be no errors. But of course not everything is normal and things can go wrong in for example the user's browser of the web server. The web server sends this diagnostic information and detected errors to the error log. This is the first place where we will look when there is something wrong with the web server. This logging is turned on, stored for 90 days and consists of the following information:

  • The timestamp of the error
  • The category of the error (low - severe)
  • The IP address from the client
  • The error code or the message with the error

php-fpm-logging
Php-fpm is a process manager for PHP and is used to start and stop PHP scripts in the server. Php-fpm only records errors and does not collect user data. This logbook registration is saved for the duration of 90 days.