Disclosure

This website is protected by a screening utility known as Anubis. You may also have heard of this program as BotStopper for those who purchase a commercial license because they somehow can't live with a cute anime girl showing up on their websites. UNESCO notably don't have a problem with that, and proudly present an anime girl as of writing this.

I do not have a commercial license and do not pay in any way for Anubis. If I had money to spare, I would actively fund the project.

Despite what some fools at the FSF figure, Anubis IS NOT malware. See: I Platformed A Linux "Cyber Criminal". It does have similar behaviour due to its proof-of-work scheme, which asks your browser to run a throwaway calculation in an effort to block or dissuade AI scrapers. Many, if not nearly all clients, are subject to screening based on various filters around your browser's user agent string.

Additionally, if you have concerns about the legality of my use of Anubis, please see Anubis Issue #50 where concerns were looked into.

Now, if you have a moral issue with this project, you may do one of two things (because adjusting your UA will just make me block the UA, or add a complete catch-all rule):

1. Don't allow JavaScript to run. (Have fun making this work)
2. Just don't use my website.

If you experience issues with Anubis blocking you, which presumably hasn't happened on your way to this page, you can email me with details. DO NOT bother the main project as it may be an issue with a screening rule that I've invoked.

If you do wish to raise an issue with the Anubis dev(s), PLEASE DO NOT DO SOMETHING LIKE THIS:

• Anubis Issue #113
• Anubis Discussion #114
• Anubis Discussion #117

This website, unlike a scary number of sites (including google.com and microsoft.com as of writing) has a CSP configured. This helps prevent or mitigate a number of possible attacks including cross-site scripting and clickjacking.

Further Reading: https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP

This website has a HSTS policy which indicates to your browser to use a secure connection when connecting.

Additionally, the server will force redirect ALL connections over to HTTPS for any browsers which do not use this header or have a HTTPS-only mode enabled.

Further Reading: https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Strict-Transport-Security

Some include:

• X-Content-Type-Options
• X-Frame-Options
• X-XSS-Protection
• Permissions-Policy
• Referrer-Policy

This file offers information to security researchers to silently report any issues they find so that I can resolve them.

This website does utilize a cookie. This cookie is made by Anubis to keep your system from having to pass the proof-of-work check every time you request a resource from this site.

THEORETICALLY, this cookie, as with any JavaScript cookie, can be used to track you.

HOWEVER, I do not use it for tracking, Anubis does not use it for tracking, and there is no evidence that 3rd parties are abusing the cookie. There are far more attractive targets.

IF this becomes an issue, until the lead developer(s) and/or community can find a solution, Anubis will be reconfigured to send out challenges even more frequently, and an advisory notice to wipe your browser cookies at the end of your session will be made.

Under the current configuration, Anubis' cookies are valid for 24h. This does not mean that the cookie is necessarily gone from your system.

Anubis Issue #50 briefly looked into the possibility of abuse via the cookie.