SSR Privacy Issues Blog Posted on Jul 29 2019 [点击查看中文版本 Click Here to Read the Chinese Version ](https://blog.hiaoxui.com/blog/post/hiaoxui/ssr-privacy-zh) # What can you collect? All the data that proxied by my servers, no matter they're uploading or downloading data, can be obtained by me. I can collect the information listed as the following: + Your data destination: The website that you're going to visit. + Your data content: Every byte. Does that mean your data are apparent to me? No. Most of the data on the Internet is encrypted. For example, if you're going to visit an HTTPS website, e.g. https://google.com, even if your data is going through my server, I'm still unable to know what the data are. They're just meaningless bytes to me. All I could know is that you just visited Google. But not all the data are encrypted. If you're going to visit an HTTP website, you're under my threat, which is called man-in-the-middle attack. If you exchanged some private information, like the password, I would be able to get it. I promise you that I will NOT perpetrate man-in-the-middle attack, but you should take the responsibility yourself. **If your private information was leaked, it wouldn't be my fault.** # What are you collecting? I'm not censoring your data. Your data will not be duplicated in my servers. However, to monitor your data usage, I'm currently collecting the following information: + The time that you use my service. + The size/amount of your data usage. In the extreme condition, I reserve the right to collect the following information: + Your data destination. Please note the data destination is not the full URL. E.g., if you visited https://www.pku.edu.cn/admissions/index.htm, all I would know is that you visited www.pku.edu.cn, but not the specific page that you stayed.