From b2c5c75e804ca7002ae4643aa446298d64da90a1 Mon Sep 17 00:00:00 2001 From: Cutieguwu Date: Fri, 1 Aug 2025 22:26:00 -0400 Subject: [PATCH] Update disclosure.html --- src/disclosure.html | 272 +++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 271 insertions(+), 1 deletion(-) diff --git a/src/disclosure.html b/src/disclosure.html index 1cdef37..4f481f8 100644 --- a/src/disclosure.html +++ b/src/disclosure.html @@ -17,7 +17,277 @@
-

This page has not yet been filled out. Sorry!

+
+
+

Disclosure

+

Last Edited: 01 August, 2025

+
+
+
+
+

Website Security

+

+ This website uses a number of security features, most of which + are built into your browser, to protect my and your: +

+
    +
  • Infrastructure
    • +
  • Data, and
    • +
  • Experience
    • +
+

+ You can see some of the main methods that this website uses + below: +

+
+
+
+
+

Anubis

+ AI Scraper Screening Utility +
+
+
+

+ This website is protected by a screening utility + known as + Anubis. You may also have heard of this program as + BotStopper for those who + purchase a commercial license because they somehow + can't live with a cute anime girl showing up on + their websites. UNESCO notably don't have a problem + with that, and proudly present an anime girl as of + writing this. +

+

+ Despite what some fools at the FSF figure, Anubis IS + NOT malware. See: + I Platformed A Linux "Cyber Criminal". It does have + similar behaviour due to + its proof-of-work scheme, which asks your browser to + run a throwaway calculation in an effort to block or + dissuade AI scrapers. Many, if not nearly all + clients, are subject to screening based on various + filters around your browser's user agent string. +

+

+ Additionally, if you have concerns about the + legality of my use of Anubis, please see + Anubis Issue #50 + where concerns were looked into. +

+

+ Now, if you have a moral issue with this project, + you may do one of two things (because adjusting your + UA will just make me block the UA, or add a complete + catch-all rule): +

+
    +
  1. + Don't allow JavaScript to run. (Have fun making + this work) +
    2. +
  2. Just don't use my website.
    3. +
+

+ If you experience issues with Anubis blocking you, + which presumably hasn't happened on your way to this + page, you can email me with details. DO NOT bother + the main project as it may be an issue with a + screening rule that I've invoked. +

+

+ If you do wish to raise an issue with the Anubis + dev(s), PLEASE DO NOT DO SOMETHING LIKE THIS: +

+ +
+
+
+
+
+

Content Security Policy (CSP)

+
+
+
+

+ This website, unlike a scary number of sites + (including google.com and microsoft.com as of + writing) has a CSP configured. This helps prevent or + mitigate a number of possible attacks including + cross-site scripting and clickjacking. +

+

+ Further Reading: + https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP +

+
+
+
+
+
+

+ HTTP Strict Transport Security (HSTS) +

+
+
+
+

+ This website has a HSTS policy which indicates to + your browser to use a secure connection when + connecting. +

+

+ Additionally, the server will force redirect ALL + connections over to HTTPS for any browsers which do + not use this header or have a HTTPS-only mode + enabled. +

+

+ Further Reading: + https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Strict-Transport-Security +

+
+
+
+
+
+

Other Security Headers

+
+
+
+

Some include:

+
    +
  • X-Content-Type-Options
    • +
  • X-Frame-Options
    • +
  • X-XSS-Protection
    • +
  • Permissions-Policy
    • +
  • Referrer-Policy
    • +
+
+
+
+
+
+

Security.txt

+
+
+
+

+ This file offers information to security researchers + to silently report any issues they find so that I + can resolve them. +

+
+
+
+
+
+

Cookies

+

+ This website only leaves cookies that are required for the + website's functioning. I do not place any trackers on your + system. +

+

+ Note: I cannot say what cookies may be left by services that I + host (such as Gitea and Web Check). For more details, please see + those projects' documentation. +

+

You can see all cookies that this website uses below:

+
+
+
+
+

Anubis

+ AI Scraper Screening Utility +
+
+
+

+ This website does utilize a cookie. This cookie is + made by Anubis to keep your system from having to + pass the proof-of-work check every time you request + a resource from this site. +

+

+ THEORETICALLY, this cookie, as with any JavaScript + cookie, + can be used to track + you. +

+

+ HOWEVER, I do not use it for tracking, Anubis does + not use it for tracking, and there is no evidence + that 3rd parties are abusing the cookie. There are + far more attractive targets. +

+

+ IF this becomes an issue, until the lead + developer(s) and/or community can find a solution, + Anubis will be reconfigured to send out challenges + even more frequently, and an advisory notice to wipe + your browser cookies at the end of your session will + be made. +

+

+ Under the current configuration, Anubis' cookies are + valid for 24h. This does not mean that the cookie is + necessarily gone from your system. +

+

+ Anubis Issue #50 + briefly looked into the possibility of abuse via the + cookie. +

+
+
+
+
+
+
+