Cutieguwu/cutieguwu-site
1
0
Fork 0
Code Issues 10 Pull Requests Projects 1 Releases Activity
Files
68263b1bad614429d6577d68d6baaf1fbe719eec
cutieguwu-site/src/disclosure.html
Cutieguwu aafa982faf Remove header class for element in Location block.
2025-08-20 17:04:42 -04:00

295 lines
17 KiB
HTML
Raw Blame History

<!doctype html>
<html lang="en-ca">
<head>
<title>Disclosure | Cutieguwu</title>
<include src="includes/meta.html" />
</head>
<body>
<nav class="pane">
<include src="includes/nav_header.html" />
<include src="includes/nav_menu.html" />
<div class="location">
<header><h4>You are here:</h4></header>
<h5 class="page">Disclosure</h5>
</div>
<include src="includes/nav_quick_links.html" />
</nav>
<main class="pane">
<div class="body">
<header>
<h1 class="title">Disclosure</h1>
<p class="date">Last Edited: 01 August, 2025</p>
</header>
<div class="body">
<div class="layout_row">
<div class="item">
<h2 class="title">Website Security</h2>
<p>
This website uses a number of security features, most of which are
built into your browser, to protect my and your:
</p>
<ul>
<li>Infrastructure</li>
<li>Data, and</li>
<li>Experience</li>
</ul>
<p>
You can see some of the main methods that this website uses below:
</p>
<div class="section_list">
<section>
<header>
<div>
<h3 class="name">Anubis</h3>
<span class="subtitle"
>AI Scraper Screening Utility</span
>
</div>
</header>
<div class="body">
<p>
This website is protected by a screening utility known
as
<a href="https://anubis.techaro.lol/"
><cite>Anubis</cite></a
>. You may also have heard of this program as
<cite>BotStopper</cite> for those who purchase a
commercial license because they somehow can't live with
a cute anime girl showing up on their websites. UNESCO
notably don't have a problem with that, and proudly
present an anime girl as of writing this.
</p>
<p>
I do not have a commercial license and do not pay in any
way for Anubis. If I had money to spare, I would
actively fund the project.
</p>
<p>
Despite what some fools at the FSF figure, Anubis IS NOT
malware. See:
<a href="https://www.youtube.com/watch?v=YisGpdPjYM8"
><cite
>I Platformed A Linux "Cyber Criminal"</cite
></a
>. It does have <em>similar</em> behaviour due to its
proof-of-work scheme, which asks your browser to run a
throwaway calculation in an effort to block or dissuade
AI scrapers. Many, if not nearly all clients, are
subject to screening based on various filters around
your browser's user agent string.
</p>
<p>
Additionally, if you have concerns about the legality of
my use of Anubis, please see
<a href="https://github.com/TecharoHQ/anubis/issues/50"
>Anubis Issue #50</a
>
where concerns were looked into.
</p>
<p>
Now, if you have a moral issue with this project, you
may do one of two things (because adjusting your UA will
just make me block the UA, or add a complete catch-all
rule):
</p>
<ol>
<li>
Don't allow JavaScript to run. (Have fun making this
work)
</li>
<li>Just don't use my website.</li>
</ol>
<p>
If you experience issues with Anubis blocking you, which
presumably hasn't happened on your way to this page, you
can email me with details. DO NOT bother the main
project as it may be an issue with a screening rule that
I've invoked.
</p>
<p>
If you do wish to raise an issue with the Anubis dev(s),
PLEASE DO NOT DO SOMETHING LIKE THIS:
</p>
<ul>
<li>
<a
href="https://github.com/TecharoHQ/anubis/issues/113"
>Anubis Issue #113</a
>
</li>
<li>
<a
href="https://github.com/TecharoHQ/anubis/discussions/114"
>Anubis Discussion #114</a
>
</li>
<li>
<a
href="https://github.com/TecharoHQ/anubis/discussions/117"
>Anubis Discussion #117</a
>
</li>
</ul>
</div>
</section>
<section>
<header>
<div>
<h3 class="name">Content Security Policy (CSP)</h3>
</div>
</header>
<div class="body">
<p>
This website, unlike a scary number of sites (including
google.com and microsoft.com as of writing) has a CSP
configured. This helps prevent or mitigate a number of
possible attacks including cross-site scripting and
clickjacking.
</p>
<p>
Further Reading:
<a
href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP"
>https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP</a
>
</p>
</div>
</section>
<section>
<header>
<div>
<h3 class="name">
HTTP Strict Transport Security (HSTS)
</h3>
</div>
</header>
<div class="body">
<p>
This website has a HSTS policy which indicates to your
browser to use a secure connection when connecting.
</p>
<p>
Additionally, the server will force redirect ALL
connections over to HTTPS for any browsers which do not
use this header or have a HTTPS-only mode enabled.
</p>
<p>
Further Reading:
<a
href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Strict-Transport-Security"
>https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Strict-Transport-Security</a
>
</p>
</div>
</section>
<section>
<header>
<div>
<h3 class="name">Other Security Headers</h3>
</div>
</header>
<div class="body">
<p>Some include:</p>
<ul>
<li>X-Content-Type-Options</li>
<li>X-Frame-Options</li>
<li>X-XSS-Protection</li>
<li>Permissions-Policy</li>
<li>Referrer-Policy</li>
</ul>
</div>
</section>
<section>
<header>
<div>
<h3 class="name">Security.txt</h3>
</div>
</header>
<div class="body">
<p>
This file offers information to security researchers to
silently report any issues they find so that I can
resolve them.
</p>
</div>
</section>
</div>
</div>
<div class="item">
<h2 class="title">Cookies</h2>
<p>
This website only leaves cookies that are required for the website's
functioning. I do not place any trackers on your system.
</p>
<p>
Note: I cannot say what cookies may be left by services that I host
(such as Gitea and Web Check). For more details, please see those
projects' documentation.
</p>
<p>You can see all cookies that this website uses below:</p>
<div class="section_list">
<section>
<header>
<div>
<h3 class="name">Anubis</h3>
<span class="subtitle"
>AI Scraper Screening Utility</span
>
</div>
</header>
<div class="body">
<p>
This website does utilize a cookie. This cookie is made
by Anubis to keep your system from having to pass the
proof-of-work check every time you request a resource
from this site.
</p>
<p>
THEORETICALLY, this cookie, as with any JavaScript
cookie,
<em>can</em> be used to track you.
</p>
<p>
HOWEVER, I do not use it for tracking, Anubis does not
use it for tracking, and there is no evidence that 3rd
parties are abusing the cookie. There are far more
attractive targets.
</p>
<p>
IF this becomes an issue, until the lead developer(s)
and/or community can find a solution, Anubis will be
reconfigured to send out challenges even more
frequently, and an advisory notice to wipe your browser
cookies at the end of your session will be made.
</p>
<p>
Under the current configuration, Anubis' cookies are
valid for 24h. This does not mean that the cookie is
necessarily gone from your system.
</p>
<p>
<a href="https://github.com/TecharoHQ/anubis/issues/50"
>Anubis Issue #50</a
>
briefly looked into the possibility of abuse via the
cookie.
</p>
</div>
</section>
</div>
</div>
</div>
</div>
</div>
<include src="includes/tailer.html" />
</main>
<div class="pane spacer">
<div class="spacer_container"><p>#AD</p></div>
<div class="spacer_container"><p>#AD</p></div>
</div>
<include src="includes/footer.html" />
<include src="includes/scripts.html" />
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink