Important Security Advice
When using public computers or untrusted/public internet access points, always log out of your session (by clicking Exit) when you are finished.
You should also clear your browser cookies, cache and browsing history to be extra safe.
If you forget to do these things, there is a chance someone could hijack your account by simply using the computer right after you leave.
All content and pages on Inkbunny are encrypted using SSL/TLS. This does not totally guarantee your privacy or security. But it makes it much less likely that anyone on the network between you and the Inkbunny server can see contents of pages you visit or any data you send.
Your browser gives you complete information about a page's encryption settings. Always check these details before trusting that you are really connected to the site you expect, and that the security certificate is valid.
The Inkbunny SSL Certificate
You can check site certificate details in your browser. Each browser has a different way of doing this. With some you can click the special green or blue section in the title bar when you connect to an encrypted site. On others you need to click a padlock icon that appears at the edge of your browser window (at the top or bottom).
Never trust certificate details that come from clicking links or buttons inside the actual website view area. Those can be faked by scam sites or people compromising your network.
Inkbunny uses different certificates depending on which server you are accessing. These include one for the main site at https://inkbunny.net/, one for the wiki at https://wiki.inkbunny.net/ and others for content-distribution caches (domains ending ib.metapix.net).
The SSL certificate for the main site should have the following details:
- Verified by "Comodo", "USERTrust" or "PositiveSSL".
- Connected to https://inkbunny.net/ (usually just listed in the certificate details as "inkbunny.net").
- Run/owned by "unknown", "inkbunny.net", or "www.inkbunny.net".
If you check advanced details you should see some of these (be sure you're checking the last certificate, for inkbunny.net):
- Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
- Serial Number: 00:C6:FC:07:50:CF:B8:09:BF:0D:47:0D:F4:9F:32:06:E4
- SHA-256 Fingerprint: 3F:4B:7F:CC:D4:AC:2D:41:87:A8:00:63:EC:3D:9B:C6:7F:35:22:E6:F5:44:0A:1C:B3:D5:2F:6C:C8:B0:7B:C5
- SHA-1 Fingerprint: 04:17:D7:55:2B:E6:BA:1A:68:C2:80:92:BA:DB:4F:09:B0:DE:E3:BA
- Valid From/To: 9 April 2014 - 9 April 2019
Inkbunny uses a SHA-256-signed certificate which is not compatible with Android 2.2, or Internet Explorer on Windows XP SP2 or below. You may receive warnings that your connection to Inkbunny is insecure until you upgrade.
For the wiki, the details are different:
- Verified by "Let's Encrypt"
- Connected to https://wiki.inkbunny.net/ (usually just listed in the certificate details as "wiki.inkbunny.net").
- Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
Other details vary, as the certificate will renew regularly. Inkbunny's content-distribution caches also have certificates, from StartCom or Let's Encrypt.
Inkbunny does not log successful requests to its wiki or caches around the world, unless debugging a performance issue.
Many governments censor websites with adult content. In such cases, you may need to use Tor Browser or other forms of VPNs or proxies to access Inkbunny. (From time to time some of these may be blocked on Inkbunny's side due to abuse, although we try to keep such blocks to a minimum.)
Most modern browsers refuse to allow a non-secure connection to Inkbunny, at our request. If your ISP is pretending that inkbunny.net is at a different IP address in order to send you to a message indicating that the website is blocked, your browser will instead report that it failed to establish a secure connection.
18.104.22.168 inkbunny.net 22.214.171.124 nl.ib.metapix.net
These addresses are expected to be accurate to at least 2020, but are subject to change. If you find that you can no longer connect, check the address using a third-party DNS lookup tool.
HTTPS Everywhere - Firefox Add-on
HTTPS Everywhere is a Firefox extension produced as a collaboration between The Tor Project and the Electronic Frontier Foundation.
It works for sites like Inkbunny that have an "always encrypted" mode. If you follow unencrypted links (ones that start with "http" instead of "https"), or your browser is tricked in to connecting unencrypted by a hacker on your network, HTTPS Everywhere will rewrite the link to the encrypted version before allowing your browser to connect.
This add-on is not required to get the benefit of full page encryption on Inkbunny, but it can further enhance your privacy and security.
Even though most encrypted sites (including Inkbunny) will redirect you to the encrypted version of any unencrypted link you click by accident, the brief moment this redirection takes will expose the full URL and any data you send as a result of that click (such as any unprotected site cookies). This is also the moment a hacker on your network can trick your browser into staying on an unencrypted link to the site.
HTTPS Everywhere ensures the data is sent encrypted the first time, every time, even if you click an unencrypted version of a link or a hacker is trying to force your browser to misbehave.
Inkbunny has requested that its HSTS instruction be preloaded, which means HTTPS Everywhere will have no extra benefit on Inkbunny for versions of Chrome, Firefox and Safari built in 2015 onwards.
Configuring HTTPS Everywhere for Inkbunny
After installing HTTPS Everywhere, you must install the Inkbunny Ruleset.
You may need to restart Firefox for HTTPS Everywhere to see the new Inkbunny ruleset.
Then go to the Firefox Add-on manager and configure the HTTPS Everywhere Add-on. Make sure the "Inkbunny" option is ticked on the HTTPS Everywhere preferences page.