Inferencium/website
1
0
Fork 0
Code Issues Activity

Add section "Services"

Browse Source
This commit is contained in:
inference 2023-09-16 20:22:32 +01:00
parent bcacd95e17
commit 6bad84540e
Signed by: inference
SSH Key Fingerprint: SHA256:FtEVfx1CmTKMy40VwZvF4k+3TC+QhCWy+EmPRg50Nnc
1 changed files with 45 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
about.html
View File

@ -5,7 +5,7 @@
<!-- Copyright 2022 Jake Winters --> <!-- Copyright 2022 Jake Winters -->
<!-- SPDX-License-Identifier: BSD-3-Clause --> <!-- SPDX-License-Identifier: BSD-3-Clause -->
<!-- Version: 5.3.0.114 --> <!-- Version: 5.4.0.115 -->
<html> <html>
@ -44,6 +44,10 @@
<li><a href="#licensing-cc-by-4.0">Creative Commons Attribution 4.0 International</a></li> <li><a href="#licensing-cc-by-4.0">Creative Commons Attribution 4.0 International</a></li>
</ul> </ul>
</ul> </ul>
<li><a href="#services">Services</a></li>
<ul>
<li><a href="#services-websites">Websites</a></li>
</ul>
<li><a href="#recommendations">Recommendations</a></li> <li><a href="#recommendations">Recommendations</a></li>
<ul> <ul>
<li><a href="#hardware">Hardware</a></li> <li><a href="#hardware">Hardware</a></li>
@ -164,6 +168,46 @@
must be kept in order to attribute the original creator must be kept in order to attribute the original creator
of the licensed content.</p> of the licensed content.</p>
</section> </section>
<section id="services">
<h2 id="services"><a href="#services">Services</a></h2>
<p>This list contains the policies and practices of my services.</p>
<p>My policies and practices are heavily security- and privacy-focused, with
improvements made on an ongoing basis as new technologies, protocols, and
software etc become available.</p>
<h3 id="websites"><a href="#websites">Websites</a></h3>
<ul>
<li>Unnecessary logging avoided (only logs required for
security and debugging etc purposes)</li>
<li>All server logs purged every 14 days</li>
<li>User IP addresses used only for security purposes (purged
along with logs)</li>
<li>All connections made via TLS 1.3 (TLS 1.2 and older are
unsupported) to ensure the most secure AEAD ciphers are used,
along with forward secrecy (each connection uses a
different key to previous connections)<li>
<li>All connections made via high-security AEAD ciphers,
preferring AES-256-GCM for devices with AES
hardware-acceleration, and ChaCha20-Poly1305 for devices without
AES hardware-acceleration, with AES-128-GCM as a fallback
(AES-128-GCM is mandated for TLS 1.3 by
<a href="https://datatracker.ietf.org/doc/html/rfc8446#section-9.1">IETF RFC8446 section 9.1</a>)</li>
<li>All connections are made via high-security key exchange
protocols, preferring X25519, with secp256r1 as a fallback
(secp256r1 is mandated for TLS 1.3 by
<a href="https://datatracker.ietf.org/doc/html/rfc8446#section-9.1">IETF RFC8446 section 9.1</a>)</li>
<li>DNSSEC implemented to provide a root-of-trust for encryption
and authentication for domain and server configuration</li>
<li>Referrer headers disabled to prevent knowing where a user
was redirected from</ul>
<li>All content sourced from my own domains, with third-party
content prohibited via Content Security Policy
configuration</li>
<li>All servers physically under my control (no VPS or other
hosting providers)</li>
<li>No proprietary services, ensuring I have complete control
over my services, and vendor lock-in does not occur</li>
</ul>
</section>
<section id="recommendations"> <section id="recommendations">
<h2 id="recommendations"><a href="#recommendations">Recommendations</a></h2> <h2 id="recommendations"><a href="#recommendations">Recommendations</a></h2>
<h3 id="hardware"><a href="#hardware">Hardware</a></h3> <h3 id="hardware"><a href="#hardware">Hardware</a></h3>