Security: Difference between revisions

Important Security Advice

When using public computers or untrusted/public internet access points, always log out of your session (by clicking Exit) when you are finished.

You should also clear your browser cookies, cache and browsing history to be extra safe.

If you forget to do these things, there is a chance someone could hijack your account by simply using the computer right after you leave.

Page Encryption

All content and pages on Inkbunny are encrypted using SSL/TLS. This does not totally guarantee your privacy or security. But it makes it much less likely that anyone on the network between you and the Inkbunny server can see contents of pages you visit or any data you send.

Your browser gives you complete information about a page's encryption settings. Always check these details before trusting that you are really connected to the site you expect, and that the security certificate is valid.

For more information see Transport Layer Security on Wikipedia.

The Inkbunny SSL Certificate

You can check site certificate details in your browser. Each browser has a different way of doing this. With some you can click the special green or blue section in the title bar when you connect to an encrypted site. On others you need to click a padlock icon that appears at the edge of your browser window (at the top or bottom).

Never trust certificate details that come from clicking links or buttons inside the actual website view area. Those can be faked by scam sites or people compromising your network.

The real and valid Inkbunny SSL certificate should have the following details:

• Verified by "Comodo" or "PositiveSSL".

• Connected to https://yaramazkadinlar.com/ (usually just listed in the certificate details as "yaramazkadinlar.com").

• Run/owned by "unknown" or "yaramazkadinlar.com".

If you check advanced details you should see:

• SHA-1 Fingerprint (if listed): 38:94:FB:C8:62:A2:76:04:DD:39:D4:C0:D4:96:D4:21:25:BE:05:E5

• Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption

HTTPs Everywhere - Firefox Add-on

HTTPs Everywhere is a Firefox extension produced as a collaboration between The Tor Project and the Electronic Frontier Foundation.

It works for sites like Inkbunny that have an "always encrypted" mode. If you follow unencrypted links (ones that start with "http" instead of "https"), or your browser is tricked in to connecting unencrypted by a hacker on your network, HTTPs Everywhere will rewrite the link to the encrypted version before allowing your browser to connect.

This add-on is not required to get the benefit of full page encryption on Inkbunny, but it can further enhance your privacy and security.

Even though most encrypted sites (including Inkbunny) will redirect you to the encrypted version of any unencrypted link you click by accident, the brief moment this redirection takes will expose the full URL and any data you send as a result of that click (such as any unprotected site cookies). This is also the moment a hacker on your network can trick your browser into staying on an unencrypted link to the site.

HTTPs Everywhere ensures the data is sent encrypted the first time, every time, even if you click an unencrypted version of a link or a hacker is trying to force your browser to misbehave.

Configuring HTTPs Everywhere for Inkbunny

After installing HTTPs Everywhere, you must install the Inkbunny Ruleset.

Download the Inkbunny Ruleset and place the file in the directory "HTTPSEverywhereUserRules" that you will find in your your Firefox profile directory.

You may need to restart Firefox for HTTPs Everywhere to see the new Inkbunny ruleset.

Then go to the Firefox Add-on manager and configure the HTTPs Everywhere Add-on. Make sure the "Inkbunny" option is ticked on the HTTPs Everywhere preferences page.