From cf2e16eb2babdcb3c1a8f39496ec6e9d0e7b2361 Mon Sep 17 00:00:00 2001
From: inference
Date: Sat, 16 Sep 2023 20:33:39 +0100
Subject: [PATCH] Update About webpage from version 5.3.0.114 to 5.4.3.118
---
about.html | 46 +++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 45 insertions(+), 1 deletion(-)
diff --git a/about.html b/about.html
index f50127e..ebb76be 100644
--- a/about.html
+++ b/about.html
@@ -5,7 +5,7 @@
-
+
@@ -44,6 +44,10 @@
Creative Commons Attribution 4.0 International
+ Services
+
Recommendations
- Hardware
@@ -164,6 +168,46 @@
must be kept in order to attribute the original creator
of the licensed content.
+
+
+ This list contains the policies and practices of my services.
+ My policies and practices are heavily security- and privacy-focused, with
+ improvements made on an ongoing basis as new technologies, protocols, and
+ software etc become available.
+
+
+ - Unnecessary logging avoided (only logs required for
+ security and debugging etc purposes)
+ - All server logs purged every 14 days
+ - User IP addresses used only for security and debugging
+ purposes (purged along with logs)
+ - All connections made via TLS 1.3 (TLS 1.2 and older are
+ unsupported) to ensure the most secure AEAD ciphers are used,
+ along with forward secrecy (each connection uses a
+ different key to previous connections)
+ - All connections made via high-security AEAD ciphers,
+ preferring AES-256-GCM for devices with AES
+ hardware-acceleration, and ChaCha20-Poly1305 for devices without
+ AES hardware-acceleration, with AES-128-GCM as a fallback
+ (AES-128-GCM is mandated for TLS 1.3 by
+ IETF RFC8446 section 9.1)
+ - All connections are made via high-security key exchange
+ protocols, preferring X25519, with secp256r1 as a fallback
+ (secp256r1 is mandated for TLS 1.3 by
+ IETF RFC8446 section 9.1)
+ - DNSSEC implemented to provide a root-of-trust for encryption
+ and authentication for domain and server configuration
+ - Referrer headers disabled to prevent knowing where a user
+ was redirected from
+ - All content sourced from my own domains, with third-party
+ content prohibited via Content Security Policy
+ configuration
+ - All servers physically under my control (no VPS or other
+ hosting providers)
+ - No proprietary services, ensuring I have complete control
+ over my services, and vendor lock-in does not occur
+
+