A hash is a large number that can be generated from an item of data. It's not possible to convert a hash back to the original item of data.

A real-world analogue would be to say that the hash is to an item of data what a fingerprint is to a person: you can easily record a person's fingerprint if you have access to the person, but if all you have is a fingerprint and wish to identify a person, you'll need to obtain the fingerprints of as many people as possible until you find one whose fingerprint matches the one in your possession.

Hashes are sometimes used as an identifier for an item if we wish avoid storing the original data. For our application, typically this is done to avoid storing user-submitted data as plain text in the database so that if the database is ever compromised the perpetrators will not have access to users' data.

There are different morphological variants of words, consequently when searching we truncate each search term leaving a trunk that is common across variations of words that have the same root form. Sometimes the algorithm that performs this task also makes minor changes to the spelling of the trunk. The resulting trunk form is the stem.

The objective behind this processing of search terms is to increase the number of matching occurrence of words in the titles of the published drawings.

See below for a summary of how searches are conducted from a data-protection perspective. For more complete information, visit our Data protection page (last updated on 5 Oct 2020).

Search terms

When a visitor to the website submits a query the search keywords are sent to the server. Their stems are converted to hashes and stored so that the list of results can be compiled. Once these results have been returned or the query is terminated for any other reason, the hashes and any intermediate calculations and results are removed from the database.

Encryption of communications

All communication between browser and server and between the Android editor and server is Secure Sockets Layer (SSL) encrypted. At any time you can check the identity of the site's creators and verify that the browser's connection is encrypted, through the browser, typically by clicking on the padlock icon on the address bar.

This is the main canvas. Your browser does not support the canvas tag. Please use a newer browser. This is the transformable canvas. Your browser does not support the canvas tag. Please use a newer browser.

Resetting password

The password can only be reset from the change password screen within the app.

If you do not currently have the app installed and are concerned that others might have obtained your password, you can avail of the "Lock account" function here on the website to prevent them from making changes to your pictures and user data.

Eventually when you install Imprints, you can reset the password from within the app and that will allow you to edit and add to your pictures once again.

About Imprints

Imprints is an application with two user-facing components: an Android app (the editor) and this website (the viewer). The editor, viewer and server infrastructure behind them are all currently in beta so bugs should be expected.

Pictures are created in the editor which also sequentially records the individual strokes that comprise a drawing in a manner that allows it to be played, paused and rewound much as you can with a video.

Once completed the picture can be published, then viewed and replayed on this website by anyone just as its artist intended.

Download Editor

Imprints icon Download

Summary

The drawings viewable on this site were created using the Imprints Android app. The application is available for devices running Android 8.0 or later.

You can download the Imprints Android app from the download link on this page.

The app is currently in beta. It is unavailable on Google Play because we wish to limit user numbers until we first characterise how well the server-side component of our codebase handles the requirements of a smaller user-base. Then, after some optimisations we expect to grow the user base by publishing the app on various app stores.

Features

The Imprints app allows you to create and edit drawings. It includes the following features:

  • Freehand drawing of stokes of any colour, width and opacity,
  • An intuitive, infinite undo tool that allows the artist to rewind and replay the drawing and continue editing from any point along the way,
  • A zoom and panning tool for editing the finer details of your picture.
  • A publishing option that will make your drawing available to visitors of this website.

Installation

Android doesn't usually permit users to install apps from arbitrary websites because a malicious site could persuade a person to install malware. Consequently you'll need to configure Android to allow your web-browser to install the app.

The following steps describe how to install the Imprints editor:

  • Open the Android settings screen on your phone or tablet.
  • Next click on Apps & notifications → Special app access → Install unknown apps. The exact sequence of options can vary slightly between different phones and tablets.
  • Select your browser from the displayed list of apps and enable the Allow from this source option.
  • Click on the Download Link below and download the app.
  • Once downloaded, the browser should prompt you to Open the app.
  • You should then be asked whether to install the application — install it.
  • If a warning is displayed stating that the app's developer isn't recognised you will need to choose the option allowing you to install the application if you wish to proceed.
  • Now open the app.
  • We recommend that you peruse the Data Protection information that is presented and then complete the registration process by completing the form displayed under Register / Login tab.

Download Link

Download

Attribution

On the client, Imprints depends on the following 3rd Party libraries and code-bases:

NoSleep.js

Home MPL 2.0 licence

lazysodium

Home MPL 2.0 licence

Captcha generating code

Home No licence specified

setImmediate

Home MIT licence

FingerPaint.java

Home Apache 2.0 licence

Horizontal list view

Horizontal list view is now part of the DevsmartLib-Android library.

Home MIT licence

Android Color Picker

Home Apache 2.0 licence

Porter Stemmer 2

Home MIT licence

when.js

Home MIT licence

typesafe_cb

Home CC0 licence

jQuery Mobile

Home MIT licence

jQuery

Home MIT licence

Data protection

A hash is a large number that can be generated from an item of data. It's not possible to convert a hash back to the original item of data.

A real-world analogue would be to say that the hash is to an item of data what a fingerprint is to a person: you can easily record a person's fingerprint if you have access to the person, but if all you have is a fingerprint and wish to identify a person, you'll need to obtain the fingerprints of as many people as possible until you find one whose fingerprint matches the one in your possession.

Hashes are sometimes used as an identifiers if we wish avoid storing the original data. For our application, typically this is done to avoid storing user-submitted data as plain text in the database so that if the database is ever compromised the perpetrators will not have access to users' data.

Since there are different morphological variants of words, when searching it is neccessary to truncate each search term leaving a trunk that is common across variations of words that have the same root form. Sometimes the algorithm that performs this task also makes minor changes to the spelling of the trunk. The resulting trunk is the stem.

The objective behind this processing of search terms is to increase the number of matching occurrence of words in the titles of the published drawings.

Updated 5 Oct 2020.

Right to object

Please note, under the GDPR, Article 21, you have the right to object to the processing of personal information concerning you. You can do this anytime from the Contact us menu option. If you do object, we can no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing which overrides your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Now please read the remainder of this page describing how we use and safeguard user data before you provide us with any of your personal information…

Introduction

In the context of the Imprints service (according to the GDPR article 4) the term controller means the natural or legal person who determines the purposes and means of the processing of personal data. The name of the controller for the Imprints service is Kieran White. You can contact him using the Contact us screen.

The GDPR allows for a number of legal bases for the processing of personal information. The basis for our processing of personal information is legitimate interest. The purpose of our processing this information is to provide a service to allow people to create drawings and then share them publicly online in a browser. The section Personal information below describes the specific reasons for requiring each type of personal information we collect and store. The particular legitimate interest pursued by the controller is the facilitation of the practice of rights listed in the Charter of Fundamental Rights of the European Union namely Article 13, Freedom of the arts and sciences and where applicable Article 11, Freedom of expression and information.

We rely on a data processor to provide hosting for the website and they will have access to any personal information stored in the server database (in whatever form that may be) that is necessary to perform that function but we do not pass your personal information to other third parties. Of the data we store, we encrypt the personal information we know to be most sensitive. All data transmitted from both clients and server is encrypted. More details are provided later on in this page.

We process personal information of users that have registered with the Android app. Users do have the ability to alter or remove some personal information from within the Android app, but a notable exception to this is the user's e-mail address. It is not currently possible to update your e-mail address within the app. If you wish to update your e-mail address (or you are having difficulty making other changes yourself within the app) you'll need to send us a message (using the Contact us screen) requesting that we perform the update on your behalf. Please be aware that before making any change to your personal data on your behalf we'll need to verify that you are who you claim to be.

Another scenario where we process personal information is where someone sends us a message using the Contact us screen of the website. Once we resolve the issue raised by them or have determined that we are not in a position to resolve their issue, we will remove any personal information from the system that was added for the sole purpose of creating or tracking their ticket.

We will delete the personal information of anybody who requests that we do so if their identity can be confirmed. A natural consequence of deleting the personal information of a registered user is that their account and any drawings created by him or her will be removed from the system. If we have to delete the personal information of somebody who has raised an issue using the Contact us screen then we will no longer be able to reply to their earlier messages (due to not being is possession of their e-mail address).

There is another way in which personal information can be recorded on our server: whenever someone visits our website or the Android app interacts with our server, a record of their visit or interaction is saved to logs on the server for debugging and security purposes. These will contain some information that could be considered personal (e.g. IP addresses, but also possibly some of the types personal information that we describe on this page). We encrypt any additions to these logs daily and retain them for 100 days.

The GDPR defines a number of user rights:

  • the right to request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability;
  • the right to lodge a complaint with a supervisory authority.

We are also required to inform you that providing us with any personal data is not a statutory or contractual requirement. Nor is providing us with personal information required for entry into a contract (as there is no contract). However without providing us with at least some personal information (namely an e-mail address and password) we will be unable to identify and authenticate you as a user and that will prevent you from creating art that you can publish on the Imprints website.

Treatment of your information

The only information we process (collected either via the web-browser or Android client) or store is the minimum required for Imprints to operate. We take steps where it's feasible to reduce the likelihood that third-parties (including our chosen hosting provider), will be able read your personal data after it leaves your device (e.g. your phone, tablet or computer).

Imprints is not a money-making venture, let alone a self-sustaining one. We cannot unfortunately guarantee that drawings and any other data uploaded to our server will be retained for any period of time except insofar as is legally required. Neither can we make any commitment to operate the service for any minimal period of time.

The occasions when a user's data is vulnerable to third-party eavesdropping after it has been transmitted from your own device can broadly be categorised into times when the information is at rest and when the information is in transit. The former refers to the persistent storage of information on servers and the latter to the period when data is being transferred from your own devices to our server and vice versa. We describe how we deal with these two contexts below.

Information at rest

Personal information

If you have any GDPR requests you can send them to us using the Contact us screen.

Next, for each type of personal information listed, we describe why we process it, when we obtain it, what precautions we take to protect it and how long we retain it:

  • E-mail address

    We use e-mail addresses whenever we need to distinguish one individual as they interact with our service (either through the website or the Android editor) from others. We will not send you marketing e-mails and we will not share your e-mail address with anyone. However, we will send you an e-mail when or if:

    • you are registering an account; in order to validate your identity,
    • you are locking your account or resetting your password (again as a way to validate your identity),
    • you have sent us a message using the website's Contact us page,
    • we need to notify you of a data-breach or
    • we need to permanently shutdown the Imprints service or need to remove some of your data from the server in contexts or for reasons not described elsewhere in this document.

    An e-mail address is required when:

    1. creating an account or logging into an existing account in the Android app,
    2. a user resets his or her password,
    3. a user locks his or her account on the website and
    4. a user contacts us via the Contact us form on the website, thereby creating a support ticket.

    For the first three uses above, we encrypt and store the e-mail address, but we also store its hash. The hash and encrypted e-mail address are retained only as long as the person has an account with us. We also send an e-mail to the user when they are creating an account, resetting their password or locking their account. The e-mail is part of a process we use to confirm the person's identity.

    If you wish to delete your account, please send us a message to this effect from the website's Contact us screen.

    When someone sends us a message using the Contact us form, we encrypt and store their e-mail address so that we can respond. This record of the e-mail address is removed from the database as soon as the support ticket is closed. We also send a message to the provided e-mail address informing the user of the ticket reference number. This e-mail is CCed to another address that we are monitoring and this is what notifies us that a new support ticket has been created. The copied e-mail will be deleted when the ticket is closed.

  • Password

    A password is the primary means we have of determining that a user is the same person as registered previously with a given e-mail address.

    A password is requested when a person:

    1. registers themselves as a new user when installing the Android editor for the first time,
    2. goes to change his or her password in the User Settings screen of the Android editor (for this we require both the old and new passwords) or else
    3. goes to set his or her password after first resetting it in the Android editor.

    This password is not saved anywhere. Instead we generate a random secret which is encrypted using a key derived from the password. That encrypted secret is what is saved to the server database. If the user re-enters the same password later (e.g. when installing the Android editor on a new device), the key derived from it will be the same as before and can successfully decrypt this saved date, demonstrating that the correct password was entered. As we do not store your password, if the server database if ever compromised you can be assured that your password hasn't been leaked.

  • Pseudonym

    When a user is performing a keyword search for pictures on the website, a list of published pictures is returned showing a thumbnail of each, the picture's title and the pseudonym of the artist. Imprints needs to display something as the pseudonym, however it is not necessary for the user to provide one. In the absence of a user-provided pseudonym the website will simply display a default placeholder instead.

    The user can provide a pseudonym at anytime when using the Android editor by opening the User Settings menu option. If a pseudonym has not been set, he or she will be reminded to provide one whenever a picture is published.

    Despite pseudonyms being plainly visible in search results, we do encrypt this information in our database.

    The user can change his or her pseudonym in the editor at any time and the new pseudonym will replace the previous one in the server database.

  • Ticket message

    When users require support they can send us a message using the Contact us screen. This creates a support ticket. These messages and the e-mail address submitted with them on the Contact us screen are stored on the server database, but are encrypted before doing so. The messages and e-mail addresses are deleted when the ticket is closed. The ticket's creator can choose to have the ticket closed at any time before the issue is resolved and we will abide by their wishes — also removing any personal information that was stored as a result of the ticket.

    It is likely that we will respond to a new ticket by e-mail. Any e-mails that are sent over and back in relation to a ticket will deleted once the ticket itself is closed.

    Because there will be times when we must close a ticket without first resolving the issue raised by the user, we will ensure that there is an anonymised record on an internal tracking system of issues created on our ticketing system. This allows us to continue our investigation into such issues. These anonymised records will not be deleted when their associated tickets are closed. Once the ticket is closed it is not possible to for us contact the user that created it.

  • IP address

    Information including your IP address is stored in our logs when you interact with the Imprints website and when, after installing the Android app, it interacts with our server. This is done to facilitate debugging (including bandwidth and latency management) and for security. Once a day any unencrypted logging information is encrypted. In addition logs are deleted after 100 days.

There are other types of information submitted by users that are potentially personal. This is free-form user-submitted content which could possibly include personal information because we don't currently attempt to prevent its inclusion. Next we describe these types of data that we process and store, what we use it for, when we obtain it from the user and how long we retain it:

  • Pictures

    The Android editor will attempt to upload all created pictures to the server, even those that are not currently published. However, the only pictures viewable in a browser or listed in search results on the website are those whose creator has chosen to make available to the general public using the Publish facility in the Android editor. The creator of a published picture can also choose the retract it with the editor. Once the server has been informed of the retraction during synchronisation that picture will not appear in subsequent search results or be viewable in a browser (unless later republished).

    Any of the pictures stored on our server database comprise lists of vertex, colour, opacity (i.e. transparency) and stroke width definitions that are not encrypted. This because the quantity of data that comprises a single picture tends to be much larger than the textual records of information that we do encrypt (e.g. e-mail addresses). Consequently we were concerned that encrypting picture data might impose a significantly large burden on our server and reduce our ability to fully utilise that data. We need to store picture data on the server in order to display drawings in the browser or make them available to the picture's creator for editing in the Android editor, possibly on a number of different devices.

    There are also thumbnail previews of pictures. These are also stored in the server database, but again are not encrypted. They can be displayed in search results in the browser (if the picture is currently published) but are also essential in navigating the Android editor's interface.

    The Android editor provides an interface that records all this information while the user draws a picture and then it uploads the information to the Imprints server during synchronisation.

    If it comes to our attention that a picture is inappropriate or could bring us into conflict with the law we may render it unavailable for viewing in a browser (including listing it in search results). Subsequently only the artist will be able to view the picture, once retracted, in the editor. If this happens to one of your pictures and you want to ensure your drawing is publically available again, please contact us and we will work you in your efforts to resolve our concerns. Hopefully then we will be able to restore public access to the picture.

    A user can delete one of his / her pictures from within the Android editor. If the picture if currently published, it must first be retracted. After deleting the picture in the editor, it will be removed from the server database on the next synchronisation update.

  • Titles of pictures

    Picture titles are encrypted on the server. The title of a drawing, a simple text string, will be displayed in the search results presented in response to a keyword search by the user. The title of the currently rendered picture will also be displayed if a user clicks on the information icon on the website. Additionally, the Android editor overlays the title of each picture on its thumbnail representation in one of the editor's screens.

    At any point during the editing of a picture (while it's not published) the user can set its title. The title will subsequently be uploaded to the server during one of its periodic synchronisation operations. Strictly speaking the user does not need to set a title. In the absence of a user-defined title, the default is an automatically generated time / date stamp. If the user retains this default, it limits the ability of other users to encounter the picture during a casual keyword search because search results are ranked solely on basis of keywords in the title that also occur in the query.

    The title of a picture only exists while the picture itself does. When the picture is erased from the server database, so too is the title. If the user changes the title of a picture and that new title is uploaded to the server during a synchronisation operation, it will replace the previous title, which will in effect be deleted at that time.

    There is also an index that tracks the picture titles that contain individual terms and records a count of the number of times each term is used in these titles. The index doesn't actually contain the terms themselves, rather the server extracts the stem of each term and converts these to hashes. It is these hashes that are stored in the database. The index is updated when a picture title is changed or a picture is deleted or made unavailable to the public.

Other data

Next we describe various other types of user-submitted data we process, what we use it for, when we obtain it from the user and how long we retain it:

  • Search terms

    When a visitor to the website submits a query the search keywords are sent to the server. Their stems are converted to hashes and stored so that the list of results can be compiled. Once these results have been returned or the query is terminated for any other reason, the hashes and any intermediate calculations and results are removed from the database.

Backups

Encrypted backups of all data on the server are created daily and retained for 10 days.

Information in transit

Encryption of communications / Server authentication

All communication between browser and server and between the Android editor and server is Secure Sockets Layer (SSL) encrypted. When a user visits the Imprints website he / she can check the identity of its creators and verify that the connection is encrypted using the facilities provided by the browser. The Android editor will also not connect to the server if its identity cannot be trusted or if messages between the editor and server are not encrypted.

Client authentication

There are numerous types of messages sent to the server. Some of these messsages are of a type that can potentially make changes to a registered user's data and the server will only act on those messages in the following circumstances:

In the case of messages expected to come from the Android editor the identity of the person who installed the app must be proven by:

  • the presence of the correct digital signature or
  • (for a limited set of message types) demonstrating access to that person's registered e-mail account.

If a message is of the types usually sent from a web-browser and can result in the alteration of user data, the identity of the person presently operating the browser must be verified by demonstrating access to a specified registered e-mail account.

Cookies

Unlike the other types of information listed above, cookies are managed by your browser. They are usually small items of information associated with particular websites or webpages. The Imprints website only creates a single cookie called dpPrompt and this has the purpose of recording whether you have viewed our Data protection dialog box. If you have, the website doesn't display that dialog box again unless this data protection document has been updated or the dpPrompt cookie expires, which it will do after 365 days. This cookie and the information it conveys is never sent to our server.

Data breaches

Where a personal data breach is found to have occurred we will notify the the competent supervisory authority (i.e. the Irish Data Protection Commission). If the breach is likely to result in a high risk to the rights and freedoms of some of our users we will (subject to the guidance of the Data Protection Commission or other relevant authorities) notify those who might be affected, by e-mail.

Invalid Publication

No image found at this location.

Perhaps it has been deleted or simply hasn't been uploaded yet.

Data protection

Please note, under Article 21 of the GDPR you have the right to object to the processing of personal information concerning you. You can do this anytime from the Contact us screen.

If you do object, we can no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which overrides your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

To learn how we safeguard your data, read our Data protection page (last updated on the 5 Oct 2020).