Cutieguwu/cutieguwu-site
1
0
Fork 0
Code Issues 10 Pull Requests Projects 1 Releases Activity

Update disclosure.html

Browse Source
This commit is contained in:
Cutieguwu
2025-08-01 22:26:00 -04:00
parent 92eb9ac937
commit b2c5c75e80
1 changed files with 271 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

272
src/disclosure.html
View File

@@ -17,7 +17,277 @@
<include src="includes/nav_quick_links.html" />
</nav>
<div class="pane_main">
<div class="main_body"><p>This page has not yet been filled out. Sorry!</p></div>
<div class="main_body">
<div class="header">
<h1 class="title">Disclosure</h1>
<p class="date">Last Edited: 01 August, 2025</p>
</div>
<div class="body">
<div class="layout_row">
<div class="item website_security">
<h2 class="title">Website Security</h2>
<p>
This website uses a number of security features, most of which
are built into your browser, to protect my and your:
</p>
<ul>
<li>Infrastructure</li>
<li>Data, and</li>
<li>Experience</li>
</ul>
<p>
You can see some of the main methods that this website uses
below:
</p>
<div class="chunk_list">
<div class="chunk">
<div class="header">
<div>
<h3 class="name">Anubis</h3>
<span class="subtitle"
>AI Scraper Screening Utility</span
>
</div>
</div>
<div class="body">
<p>
This website is protected by a screening utility
known as
<a href="https://anubis.techaro.lol/" class="italic"
>Anubis</a
>. You may also have heard of this program as
<span class="italic">BotStopper</span> for those who
purchase a commercial license because they somehow
can't live with a cute anime girl showing up on
their websites. UNESCO notably don't have a problem
with that, and proudly present an anime girl as of
writing this.
</p>
<p>
Despite what some fools at the FSF figure, Anubis IS
NOT malware. See:
<a
href="https://www.youtube.com/watch?v=YisGpdPjYM8"
class="italic"
>I Platformed A Linux "Cyber Criminal"</a
>. It does have
<span class="italic">similar</span> behaviour due to
its proof-of-work scheme, which asks your browser to
run a throwaway calculation in an effort to block or
dissuade AI scrapers. Many, if not nearly all
clients, are subject to screening based on various
filters around your browser's user agent string.
</p>
<p>
Additionally, if you have concerns about the
legality of my use of Anubis, please see
<a
href="https://github.com/TecharoHQ/anubis/issues/50"
>Anubis Issue #50</a
>
where concerns were looked into.
</p>
<p>
Now, if you have a moral issue with this project,
you may do one of two things (because adjusting your
UA will just make me block the UA, or add a complete
catch-all rule):
</p>
<ol>
<li>
Don't allow JavaScript to run. (Have fun making
this work)
</li>
<li>Just don't use my website.</li>
</ol>
<p>
If you experience issues with Anubis blocking you,
which presumably hasn't happened on your way to this
page, you can email me with details. DO NOT bother
the main project as it may be an issue with a
screening rule that I've invoked.
</p>
<p>
If you do wish to raise an issue with the Anubis
dev(s), PLEASE DO NOT DO SOMETHING LIKE THIS:
</p>
<ul>
<li>
<a
href="https://github.com/TecharoHQ/anubis/issues/113"
>Anubis Issue #113</a
>
</li>
<li>
<a
href="https://github.com/TecharoHQ/anubis/discussions/114"
>Anubis Discussion #114</a
>
</li>
<li>
<a
href="https://github.com/TecharoHQ/anubis/discussions/117"
>Anubis Discussion #117</a
>
</li>
</ul>
</div>
</div>
<div class="chunk">
<div class="header">
<div>
<h3 class="name">Content Security Policy (CSP)</h3>
</div>
</div>
<div class="body">
<p>
This website, unlike a scary number of sites
(including google.com and microsoft.com as of
writing) has a CSP configured. This helps prevent or
mitigate a number of possible attacks including
cross-site scripting and clickjacking.
</p>
<p>
Further Reading:
<a
href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP"
>https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP</a
>
</p>
</div>
</div>
<div class="chunk">
<div class="header">
<div>
<h3 class="name">
HTTP Strict Transport Security (HSTS)
</h3>
</div>
</div>
<div class="body">
<p>
This website has a HSTS policy which indicates to
your browser to use a secure connection when
connecting.
</p>
<p>
Additionally, the server will force redirect ALL
connections over to HTTPS for any browsers which do
not use this header or have a HTTPS-only mode
enabled.
</p>
<p>
Further Reading:
<a
href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Strict-Transport-Security"
>https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Strict-Transport-Security</a
>
</p>
</div>
</div>
<div class="chunk">
<div class="header">
<div>
<h3 class="name">Other Security Headers</h3>
</div>
</div>
<div class="body">
<p>Some include:</p>
<ul>
<li>X-Content-Type-Options</li>
<li>X-Frame-Options</li>
<li>X-XSS-Protection</li>
<li>Permissions-Policy</li>
<li>Referrer-Policy</li>
</ul>
</div>
</div>
<div class="chunk">
<div class="header">
<div>
<h3 class="name">Security.txt</h3>
</div>
</div>
<div class="body">
<p>
This file offers information to security researchers
to silently report any issues they find so that I
can resolve them.
</p>
</div>
</div>
</div>
</div>
<div class="item cookies">
<h2 class="title">Cookies</h2>
<p>
This website only leaves cookies that are required for the
website's functioning. I do not place any trackers on your
system.
</p>
<p>
Note: I cannot say what cookies may be left by services that I
host (such as Gitea and Web Check). For more details, please see
those projects' documentation.
</p>
<p>You can see all cookies that this website uses below:</p>
<div class="chunk_list">
<div class="chunk">
<div class="header">
<div>
<h3 class="name">Anubis</h3>
<span class="subtitle"
>AI Scraper Screening Utility</span
>
</div>
</div>
<div class="body">
<p>
This website does utilize a cookie. This cookie is
made by Anubis to keep your system from having to
pass the proof-of-work check every time you request
a resource from this site.
</p>
<p>
THEORETICALLY, this cookie, as with any JavaScript
cookie,
<span class="italic">can</span> be used to track
you.
</p>
<p>
HOWEVER, I do not use it for tracking, Anubis does
not use it for tracking, and there is no evidence
that 3rd parties are abusing the cookie. There are
far more attractive targets.
</p>
<p>
IF this becomes an issue, until the lead
developer(s) and/or community can find a solution,
Anubis will be reconfigured to send out challenges
even more frequently, and an advisory notice to wipe
your browser cookies at the end of your session will
be made.
</p>
<p>
Under the current configuration, Anubis' cookies are
valid for 24h. This does not mean that the cookie is
necessarily gone from your system.
</p>
<p>
<a
href="https://github.com/TecharoHQ/anubis/issues/50"
>Anubis Issue #50</a
>
briefly looked into the possibility of abuse via the
cookie.
</p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<include src="includes/tailer.html" />
</div>
<div class="pane_spacer">