From 852f9569e271de7e05b609047b3e1651cab94219 Mon Sep 17 00:00:00 2001
From: jklingen <jklingen@users.noreply.github.com>
Date: Mon, 21 May 2018 14:37:12 +0200
Subject: [PATCH 1/8] Updated base-url (just for testing purposes)

---
 _config.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_config.yml b/_config.yml
index dcf68675b..1d3575604 100644
--- a/_config.yml
+++ b/_config.yml
@@ -2,7 +2,7 @@
 title: Greenshot
 #email: getgreenshot@gmail.com
 description: Greenshot - a free screenshot tool optimized for productivity
-baseurl: ""
+baseurl: https://github.com/jklingen/greenshot
 # TODO change URL to getgreenshot.org
 url: http://getgreenshot.org
 twitter_username: greenshot_tool

From 63f96bc3d3d2ef1cafacebc899a3c609318a1bc1 Mon Sep 17 00:00:00 2001
From: jklingen <jklingen@users.noreply.github.com>
Date: Mon, 21 May 2018 14:38:33 +0200
Subject: [PATCH 2/8] Updated base-url (just for testing purposes)

---
 _config.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_config.yml b/_config.yml
index 1d3575604..69b8c8859 100644
--- a/_config.yml
+++ b/_config.yml
@@ -2,7 +2,7 @@
 title: Greenshot
 #email: getgreenshot@gmail.com
 description: Greenshot - a free screenshot tool optimized for productivity
-baseurl: https://github.com/jklingen/greenshot
+baseurl: https://jklingen.github.io/greenshot
 # TODO change URL to getgreenshot.org
 url: http://getgreenshot.org
 twitter_username: greenshot_tool

From 3b934acdf4471e0a1acf073d1b77fdc79f2abf3f Mon Sep 17 00:00:00 2001
From: Greenshot-AppVeyor <getgreenshot@gmail.com>
Date: Thu, 24 May 2018 22:33:56 +0200
Subject: [PATCH 3/8] Privacy policy update

---
 _includes/header.html         |  1 +
 css/main.css                  |  4 +-
 pages/impressum.markdown      | 12 +-----
 pages/privacy-policy.markdown | 81 +++++++++++++++++++++++++++++++++++
 4 files changed, 85 insertions(+), 13 deletions(-)
 create mode 100644 pages/privacy-policy.markdown

diff --git a/_includes/header.html b/_includes/header.html
index ca60fae66..d2ceeaea2 100644
--- a/_includes/header.html
+++ b/_includes/header.html
@@ -31,6 +31,7 @@
 					Suggest a <a href="https://greenshot.atlassian.net/browse/FEATURE">feature</a> &middot;
 	 				Ask a <a href="https://greenshot.atlassian.net/browse/SUPPORT">support question</a> &middot;
 					<a href="/sitemap/">sitemap</a> &middot;
+					<a href="/privacy-policy/">privacy policy</a> &middot;
 					<a href="/impressum/">impressum</a>
 				</div>
 			</div>
diff --git a/css/main.css b/css/main.css
index 3e19b6906..d8a5bdd69 100755
--- a/css/main.css
+++ b/css/main.css
@@ -114,10 +114,10 @@
 				padding-right:200px;
 				text-align: right;
 				font-size:12px;
-				color:#999;
+				color:#666;
 			}
 			.servicelinks a {
-				color:#666;
+				color:#999;
 			}
 
                         /* blog prev/next */
diff --git a/pages/impressum.markdown b/pages/impressum.markdown
index 77e642a90..05c1efc96 100644
--- a/pages/impressum.markdown
+++ b/pages/impressum.markdown
@@ -46,14 +46,4 @@ Our offer contains links to third-party websites, on whose contents we do not ha
 The contents and works on these websites prepared by the operator of the websites shall be subject to German copyright law. Copying, processing, distributing and any kind of use outside the limits of copyright law require the written approval of the particular author, respectively compiler. Downloads and copies of this side are permitted only for private use, not for commercial use. As far as the content of this page was not created by the publisher and/or operator of this website, the third party copyrights are respected. In particular the content of third parties is identified as such. Nevertheless if you should become aware of a copyright violation we request that you notify us accordingly. As soon as we become aware of a legal violation we will remove such contents immediately.</p>
 <p>
 <strong>Privacy</strong><br><br><br />
-Using this web site is usually possible without specifying personal information. Insofar as personal data are collected on our site (e.g. name, address or e-mail addresses), then this will be on a preferably voluntary basis as much as possible. We point out explicitly that data transfer over the Internet (such as communication by e-mail) can be subject to security vulnerabilities. Data protection against access through third parties is not possible without security gaps.<br><br />
-We hereby explicitly prohibit the use of the contact data published as part of our duty to publish an imprint for the purpose of sending us any advertising or informational material. The operators of this website reserve the express right to take legal action in the case of the unsolicited receipt of advertising, for example through spam e-mails.</p>
-<p><strong>Google Analytics</strong><br><br><br />
-This website uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics uses "cookies", text files that are stored on your computer, to analyze the use of the website. The information generated by the cookie about your use of this website (including your IP address) is transmitted to a Google server in the USA and stored there. Google will use this information to evaluate your use of the website, compiling reports on website activity for website operators and providing other with website and internet related services. Google may also transfer this information to third parties unless required by law, or where such third parties process these data on behalf of Google. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however, we point out that in this case you may not be able to use all features of this website. By using this website you agree to the processing of data about you by Google in the manner described and for the aforementioned purpose.</p>
-<p>
-<strong>Google AdSense</strong><br><br><br />
-This website uses Google Analytics, a web analytics service provided by Google, Inc., USA ("Google"). Google Adsense uses "cookies" (text files) that are stored on your computer, to analyze the use of the website. Google Adsense also uses so-called "web beacons" (small invisible images) to collect information. Through the use of Web beacons simple actions such as the traffic on the website will be recorded and collected. The information generated by the cookie and / or web beacon information about your use of this website (including your IP address) is transmitted to a Google server in the USA and stored there. Google will use this information to evaluate your use of the site in terms of ads, compiling reports on website activity for website operators and providing other with website and internet related services. Google may also transfer this information to third parties unless required by law, or where such third parties process these data on behalf of Google. Google will not associate your IP address with any other data held by Google. You can prevent the saving of cookies on your hard drive and the display of web beacons by selecting "block all cookies" in your browser settings (select in MS Internet Explorer under "Tools > Internet Options > Privacy > Settings" , in Firefox under "Tools > Options > Privacy > Cookies"), we would point out, however, that in this case you may not be able to use all features of this website. By using this website you agree to the processing of data about you by Google in the manner described and for the aforementioned purpose.</p>
-<p><br> </p>
-<p>
-<strong>Amazon</strong><br><br><br />
-getgreenshot.org is a participant in the Amazon EU Associates Programme, an affiliate advertising programme designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.co.uk / Amazon.com / Amazon.de.</p>
+Please refer to our <a href="../privacy-policy/">privacy policy</a>.
\ No newline at end of file
diff --git a/pages/privacy-policy.markdown b/pages/privacy-policy.markdown
new file mode 100644
index 000000000..9125488c1
--- /dev/null
+++ b/pages/privacy-policy.markdown
@@ -0,0 +1,81 @@
+---
+layout: page
+title: Privacy Policy
+permalink: /privacy-policy/
+metarobots: noindex,nofollow
+categories: []
+comments: []
+tags: []
+---
+# Privacy Policy
+
+First of all: We, the Greenshot development team, are not interested in your data. We do neither collect, store, process nor sell any personal data from our users.
+That said: as a small group of developers who are running this free software project in their spare time, of course we depend on third party services e.g. to run this website, manage our codebase or receive donations. Depending on your usage of these services (like anything else you visit or use on the internet), those parties can collect data about you.
+
+## Our Website:
+
+### Hosting
+
+Our website is hosted by **Github** using Github Pages. Like any other website hosting service, it can access and store data when you visit a site on their servers, e.g. which specific pages you visited on their server, your IP address or the browser you are using.\
+More details in [Github's Privacy Statement]
+
+We are using **Cloudflare** as a content delivery network to make our website faster and safer. The service improves page load times by hosting cached pages of our websites on servers all over the world. Furthermore, it protects our website hosting service (and thus, our visitors) from malicious attacks, e.g. DDoS attacks. Cloudflare works as an intermediate between you browser and the servers hosting the actual website, and thus, can access and store data in a similar way as the website hosting provider.\
+Find our more in [Cloudflare's Privacy Policy]
+
+The stylish fonts on our website are hosted by **Google Fonts**. Like any website hosting service, it has access to the data sent by your browser when you visit websites or download files (see above).\
+See [Google's Privacy Policy] and [Google Fonts: What does using the Google Fonts API mean for the privacy of my users?]
+
+### Analytics
+
+We are using **Google Analytics** on our website to track page views and gain insight into how people are using our website. Google Analytics is embedded as a script into our website and thus is entitled to place [cookies](#cookeis) on our behalf. In addition to the data described above, it also has access to a few more details of your visit (e.g. how long you stay on a particular page) and the technical capabilities of your system (e.g. screen resolution). We have configured Google Analytics to only store *anonymized* IP addresses, because we have absolutely no interest in tracking the behavior of indiviual visitors.\
+More info in [Google's Privacy Policy] and [Google Analytics: IP Anonymization in Analytics]
+
+### Advertisements
+
+Beneath donations, advertisements are one of the few ways to generate at least a small revenue to compensate for the time and effort we have spent over the years (and are still spending) to offer this free piece of software. For that reason, we have integrated **Google Adsense** into our site, carefully choosing positions to make sure the ads do not obstruct your use of our page. We also took care to clearly mark advertisements as such and visually separate them from our page content, to avoid accidental clicks. Google and its partners can access the same basic data as any other website/service you visit or download files from (see above), in addition they use [third party cookies](#third-party-cookies) to make sure the displayed ads fit your interests as good as possible.
+
+### Cookies:
+
+#### Introduction
+
+Cookies are small amounts of data that websites can store in your browser, e.g. to store website-specific settings or a unique identifier to see whether you have visited the website before.
+
+#### First Party Cookies
+We use few first-party cookies (i.e. cookies that are placed on behalf of getgreenshot.org) on our website, some are technically necessary in order to safely operate our site, others are important for us to understand how visitors use this website.
+
+The **__cfduid** cookie is used by Cloudflare "to identify individual clients behind a shared IP address and apply security settings on a per-client basis. (...) This cookie is strictly necessary for Cloudflare's security features and cannot be turned off."\
+Read more at [Cloudflare: What does the Cloudflare cfduid cookie do?]
+
+The **__utma**, **__utmb**, **__utmc**, etc. cookies are used by Google analytics to "Determine which domain to measure, Distinguish unique users, Throttle the request rate, Remember the number and time of previous visits, Remember traffic source information, Determine the start and end of a session, Remember the value of visitor-level custom variables".\
+Google offers [opt-out plugins for various browsers], providing "website visitors the ability to prevent their data from being used by Google Analytics".\
+Find out more in [Google's Privacy Policy] and [Google Analytics: Cookie Usage on Websites]
+
+#### Third Party Cookies
+Third party vendors, including Google, use cookies to serve ads based on a user's prior visits to this website or other websites. Google's use of advertising cookies enables it and its partners to serve ads to you based on your visit to this site and/or other sites on the internet.\
+You can opt-out of personalized advertising in [Google's Ad Settings]\
+See also [Google's Privacy Policy]
+
+## Our Application
+
+### Greenshot for Windows
+Our Windows application does not send any data to our or any other servers as long as you not explicitely initiate it or configure Greenshot to do so, with a single exception:
+
+#### Update Check
+By default, Greenshot checks for updates in order to notify you in case a newer version is available. It does so by sending an HTTP request to a specific file hosted with our website, which contains information about the latest version. The request is processed by **Github** as our hosting service and **Cloudflare** as our content delivery network, who can see the IP address the request originates from. See [Hosting](#hosting) section above.
+
+#### Plugins
+Several plugins available for Greenshot allow to conveniently upload screenshots third party web applications or to share screenshots with others. Of course, if you configure Greenshot to send data to specific third party services, it will send data to specific third party services :) Please refer to the respective service's data policy, terms of use, etc.
+
+### Greenshot for Mac
+Our Mac application does not send any data to our or any other servers.
+
+[Github's Privacy Statement]: https://help.github.com/articles/github-privacy-statement/
+[Cloudflare's Privacy Policy]: https://www.cloudflare.com/privacypolicy/
+[Google's Privacy Policy]: https://policies.google.com/privacy
+[Google Fonts: What does using the Google Fonts API mean for the privacy of my users?]: https://developers.google.com/fonts/faq#what_does_using_the_google_fonts_api_mean_for_the_privacy_of_my_users
+[Google Analytics: IP Anonymization in Analytics]: https://support.google.com/analytics/answer/2763052?hl=en
+
+[Cloudflare: What does the Cloudflare cfduid cookie do?]: https://support.cloudflare.com/hc/en-us/articles/200170156-What-does-the-CloudFlare-cfduid-cookie-do-
+[opt-out plugins for various browsers]: https://tools.google.com/dlpage/gaoptout
+[Google Analytics: Cookie Usage on Websites]: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage#gajs
+[Google's Ad Settings]: https://www.google.com/settings/ads
\ No newline at end of file

From 91e8ca8b6adff7de05310f7169ba776b8355e71d Mon Sep 17 00:00:00 2001
From: jklingen <jklingen@users.sourceforge.net>
Date: Thu, 24 May 2018 22:40:17 +0200
Subject: [PATCH 4/8] Privacy policy update

---
 css/main.css                  | 4 ++++
 pages/privacy-policy.markdown | 2 --
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/css/main.css b/css/main.css
index d8a5bdd69..baf7571fc 100755
--- a/css/main.css
+++ b/css/main.css
@@ -30,6 +30,10 @@
 				font-weight: normal;
 			}
 			
+			h3 {
+				color: #6cb711;
+			}
+			
 			a {
 				color:#000;
 			}
diff --git a/pages/privacy-policy.markdown b/pages/privacy-policy.markdown
index 9125488c1..15e81f4e3 100644
--- a/pages/privacy-policy.markdown
+++ b/pages/privacy-policy.markdown
@@ -7,8 +7,6 @@ categories: []
 comments: []
 tags: []
 ---
-# Privacy Policy
-
 First of all: We, the Greenshot development team, are not interested in your data. We do neither collect, store, process nor sell any personal data from our users.
 That said: as a small group of developers who are running this free software project in their spare time, of course we depend on third party services e.g. to run this website, manage our codebase or receive donations. Depending on your usage of these services (like anything else you visit or use on the internet), those parties can collect data about you.
 

From 6597ad4e5d0e9124d11be2e711cb2a3be1c5f963 Mon Sep 17 00:00:00 2001
From: jklingen <jklingen@users.noreply.github.com>
Date: Sun, 6 Jan 2019 21:11:33 +0100
Subject: [PATCH 5/8] Added blogpost about fake websites

---
 ...-fake-websites-targeting-oss-users-malware | 35 +++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100644 _posts/2019-01-07-fake-websites-targeting-oss-users-malware

diff --git a/_posts/2019-01-07-fake-websites-targeting-oss-users-malware b/_posts/2019-01-07-fake-websites-targeting-oss-users-malware
new file mode 100644
index 000000000..502f8fcfd
--- /dev/null
+++ b/_posts/2019-01-07-fake-websites-targeting-oss-users-malware
@@ -0,0 +1,35 @@
+---
+layout: post
+status: publish
+published: true
+title: Beware: fake websites are targeting open source software users with malware
+---
+Just because a domain name looks official, does not mean it is. Questionable companies are publishing fake websites of well-known open source projects, trying to lure open source users into downloading malware. Please be careful and make sure to always download your tools from the right location.
+
+*TL;DR: always get greenshot from [getgreenshot.org](https://getgreenshot.org)*
+
+## What has happened?
+
+Recently we have been contacted by a user who reported that he got a malware warning on an installer that he had downloaded from what he thought was our website. It did not take us long to sort out what the actual problem was: he had openend a browser, typed "greenshot" and appended a top-level-domain that is commonly being used for free and open source software, assuming that this URL would bring him to Greenshot's official website. The site does not look very professional, but it clearly describes Greenshot's features and has prominent download buttons for Windows and Mac. So what could possibly go wrong?
+
+Well, unfortunatey that domain is not (and has never been) under our control. In fact, the domain had already been registered when Greenshot's website was still living on a subdomain on sourceforge.net, ages ago. When we first noticed it, the page could have been (euphemistically) classified as fan page. It offered some information and screenshots of our software, had download links to our binaries on Sourceforge, and had multiple advertisements, particularly but not exclusively for an well-known commercial screenshot tool. Questionable, but tolerable. Obviously not profitable, though. So at some point they have started serving modified binaries, presumably installing unwanted toolbars in the user's browser.
+
+## So who is running that website?
+
+According to the privacy policy, the website is operated by a French company called "Data Access Sarl", while the responsible editor of the content is "In Profit Limited" from Hong Kong. A short research on the web revealed that this pair is running dozens of similar websites for other well-known open-source projects, including 7-Zip, KeePass, Paint.NET, Gimp, Inkscape and many others. We probably only saw the tip of the iceberg, but the vast amount of registered domains named after open-source projects is a clear sign that deliberatly misleading users is merely a business case for them.
+
+## Is this even legal?
+
+Honestly, we don't know. We are software engineers, not lawyers. You probably know that Greenshot is (and has always been) developed by few guys in the little spare time they have beneath their full-time jobs and families, so we cannot afford both time and money to pursue this legally. If you can, feel free to get in touch with us.
+
+## What can I do?
+
+* Watch out where you download software. If you do not know a project's domain, your preferred internet search engine most probably does - so don't just try the most obvious domain at a venture.
+* If you're in doubt, check the file before downloading. Websites like [VirusTotal](https://www.virustotal.com/#/home/url) allow scanning of a downloadable file using its URL, so better avoid downloading potentially infected files in the first place.
+* If you get a malware alert and are sure that the downloaded file is from an official source, contact the project team about it. They need to know this. Chances are, the alert is a [false positive](https://en.wikipedia.org/wiki/False_positives_and_false_negatives) and they can sort this out quickly. If not, they do have a problem and need to investigate as quickly as possible.
+* If you stumble upon a website deliberately spreading malware:
+  * Don't spread the malicious link: even while warning others of mischiveous websites, never share the full URL in public places, to avoid people (and search engine indexers) following the link unintentionally. Instead, just write "website dot org".
+  * Report the website to [Google Safe Browsing](https://safebrowsing.google.com/safebrowsing/report_badware/), this might prevent other from falling into that trap
+  * Contact the domain registrar's abuse-address: domain registry services usually offer a dedicated contact address for abuse. You can find it out by doing a [whois domain lookup](https://www.whois.com/whois), write an email email describing in detail why you think that a domain is being abused. Of course, don't forget to include the domain, of course.
+
+Take care everybody, and remember: always get greenshot from [getgreenshot.org](https://getgreenshot.org) :)

From 13a102f5aef80bbf335fcc0cfb7b964d8cdffdf4 Mon Sep 17 00:00:00 2001
From: jklingen <jklingen@users.noreply.github.com>
Date: Sun, 6 Jan 2019 21:19:50 +0100
Subject: [PATCH 6/8] Added markdown extension

---
 ...2019-01-07-fake-websites-targeting-oss-users-malware.markdown} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename _posts/{2019-01-07-fake-websites-targeting-oss-users-malware => 2019-01-07-fake-websites-targeting-oss-users-malware.markdown} (100%)

diff --git a/_posts/2019-01-07-fake-websites-targeting-oss-users-malware b/_posts/2019-01-07-fake-websites-targeting-oss-users-malware.markdown
similarity index 100%
rename from _posts/2019-01-07-fake-websites-targeting-oss-users-malware
rename to _posts/2019-01-07-fake-websites-targeting-oss-users-malware.markdown

From cd8d62b37d7acd100a0d38f671ac3b45c36eb4ce Mon Sep 17 00:00:00 2001
From: jklingen <jklingen@users.noreply.github.com>
Date: Sun, 6 Jan 2019 21:30:50 +0100
Subject: [PATCH 7/8] added tags for blog post

---
 ...19-01-07-fake-websites-targeting-oss-users-malware.markdown | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/_posts/2019-01-07-fake-websites-targeting-oss-users-malware.markdown b/_posts/2019-01-07-fake-websites-targeting-oss-users-malware.markdown
index 502f8fcfd..e49a8a559 100644
--- a/_posts/2019-01-07-fake-websites-targeting-oss-users-malware.markdown
+++ b/_posts/2019-01-07-fake-websites-targeting-oss-users-malware.markdown
@@ -3,6 +3,9 @@ layout: post
 status: publish
 published: true
 title: Beware: fake websites are targeting open source software users with malware
+tags:
+- malware
+- warning
 ---
 Just because a domain name looks official, does not mean it is. Questionable companies are publishing fake websites of well-known open source projects, trying to lure open source users into downloading malware. Please be careful and make sure to always download your tools from the right location.
 

From 397c139cffc6cb18603c46152af49e79c2c0fd81 Mon Sep 17 00:00:00 2001
From: jklingen <jklingen@users.noreply.github.com>
Date: Sun, 6 Jan 2019 21:35:25 +0100
Subject: [PATCH 8/8] Added quotes around title

title wasn't interpreted correctly because it contains a colon
---
 ...019-01-07-fake-websites-targeting-oss-users-malware.markdown | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_posts/2019-01-07-fake-websites-targeting-oss-users-malware.markdown b/_posts/2019-01-07-fake-websites-targeting-oss-users-malware.markdown
index e49a8a559..8e21507ad 100644
--- a/_posts/2019-01-07-fake-websites-targeting-oss-users-malware.markdown
+++ b/_posts/2019-01-07-fake-websites-targeting-oss-users-malware.markdown
@@ -2,7 +2,7 @@
 layout: post
 status: publish
 published: true
-title: Beware: fake websites are targeting open source software users with malware
+title: "Beware: fake websites are targeting open source software users with malware"
 tags:
 - malware
 - warning