Security

From Inkbunny
Jump to navigation Jump to search

No, we don't know why Google is suddenly only showing this page. Here's the Inkbunny front page.

Important Security Advice

When using public computers or untrusted/public internet access points, always log out of your session (by clicking Exit) when you are finished.

You should also clear your browser cookies, cache and browsing history to be extra safe.

If you forget to do these things, there is a chance someone could hijack your account by simply using the computer right after you leave.

Page Encryption

All content and pages on Inkbunny are encrypted using SSL/TLS. This does not totally guarantee your privacy or security, but makes it less likely that anyone on the network between you and Inkbunny can see the contents of pages you visit or any data you send. Inkbunny does not log successful requests to its wiki or caches around the world, unless debugging a performance issue.

Your browser gives you complete information about a page's encryption settings. Always check these details before trusting that you are really connected to the site you expect, and that the security certificate is valid.

Inkbunny requests that browsers always use HTTPS when connecting to it. For more information see Transport Layer Security and HTTP Strict Transport Security on Wikipedia.

The Inkbunny SSL Certificate

You can check site certificate details in your browser. Each browser has a different way of doing this. With some you can click the special green or blue section in the title bar when you connect to an encrypted site. On others you need to click a padlock icon that appears at the edge of your browser window (at the top or bottom).

Never trust certificate details that come from clicking links or buttons inside the actual website view area. Those can be faked by scam sites or people compromising your network.

Inkbunny uses different certificates depending on which server you are accessing. These include https://inkbunny.net/, https://wiki.inkbunny.net/ and our content-distribution caches (domains ending ib.metapix.net).

Our SSL certificates should have the following details:

  • Verified by "Let's Encrypt" or "Let's Encrypt Authority X3".
  • Connected to "inkbunny.net", "wiki.inkbunny.net" or "[XX].ib.metapix.net"
  • Run/owned by "unknown", "inkbunny.net", "wiki.inkbunny.net" or "[XX].ib.metapix.net"
  • Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption

Other details vary, as the certificate will renew regularly. If these details do not match, but you still appear to have a secure connection, it's likely that a) your own security software is intercepting the connection (which you can probably disable), or b) you're using a computer owned by an organization which is configured to let them monitor your Internet access. Either way, this means they can see everything you do on Inkbunny - including both page URLs and content - read your login credentials, act as you, and display content which was not sent by the site. It's up to you whether you feel confident using Inkbunny under those circumstances.

Inkbunny uses a SHA-256-signed certificate which is not compatible with Android 2.2, or Internet Explorer on Windows XP SP2 or below. You may receive warnings that your connection to Inkbunny is insecure until you upgrade.

Government censorship

Many governments censor websites with adult content. In such cases, you may need to use Tor Browser or other forms of VPNs or proxies to access Inkbunny. (From time to time some of these may be blocked on Inkbunny's side due to abuse, although we try to keep such blocks to a minimum.)

Most modern browsers refuse to allow a non-secure connection to Inkbunny, at our request. If your ISP is pretending that inkbunny.net is at a different IP address in order to send you to a message indicating that the website is blocked, your browser will instead report that it failed to establish a secure connection.

In such cases, entering Inkbunny's IP addresses below into your device's hosts file (which usually requires administrative privileges) or using OpenDNS may help:

#Main server
149.202.66.170 inkbunny.net
#Belgium cache [set in Account Settings/Misc]
178.33.122.6 nl.ib.metapix.net
#Quebec cache
149.56.26.166 qc.ib.metapix.net
#Virginia, USA cache
198.7.63.207 va.ib.metapix.net
108.62.123.132 va1.ib.metapix.net

or, if your system supports IPv6:

#Main server
2001:41d0:d:26aa::1234 inkbunny.net
#Belgium cache
2001:41d0:2:ef06::1234 nl.ib.metapix.net
#Virginia, USA cache
2604:9a00:2100:af04:4::1234 va.ib.metapix.net
2604:9a00:2100:b002:9::1234 va1.ib.metapix.net

These addresses are expected to be accurate to at least 2024, but are subject to change. If you find that you can no longer connect, check the address using a third-party DNS lookup tool. Logged-in users can [1]set one of the above caches as their content server].

HTTPS Everywhere - Firefox Add-on

HTTPS Everywhere is a Firefox extension produced as a collaboration between The Tor Project and the Electronic Frontier Foundation.

It works for sites like Inkbunny that have an "always encrypted" mode. If you follow unencrypted links (ones that start with "http" instead of "https"), or your browser is tricked in to connecting unencrypted by a hacker on your network, HTTPS Everywhere will rewrite the link to the encrypted version before allowing your browser to connect.

This add-on is not required to get the benefit of full page encryption on Inkbunny, but it can further enhance your privacy and security.

Even though most encrypted sites (including Inkbunny) will redirect you to the encrypted version of any unencrypted link you click by accident, the brief moment this redirection takes will expose the full URL and any data you send as a result of that click (such as any unprotected site cookies). This is also the moment a hacker on your network can trick your browser into staying on an unencrypted link to the site.

HTTPS Everywhere ensures the data is sent encrypted the first time, every time, even if you click an unencrypted version of a link or a hacker is trying to force your browser to misbehave.

Inkbunny has requested that its HSTS instruction be preloaded, which means HTTPS Everywhere will have no extra benefit on Inkbunny for versions of Chrome, Firefox and Safari built in 2015 onwards.

Configuring HTTPS Everywhere for Inkbunny

After installing HTTPS Everywhere, you must install the Inkbunny Ruleset.

Download the Inkbunny Ruleset and place the file in the directory "HTTPSEverywhereUserRules" that you will find in your your Firefox profile directory.

You may need to restart Firefox for HTTPS Everywhere to see the new Inkbunny ruleset.

Then go to the Firefox Add-on manager and configure the HTTPS Everywhere Add-on. Make sure the "Inkbunny" option is ticked on the HTTPS Everywhere preferences page.