![[icon ]](/pictures/favicon.png)
blenderdumbass . org
This is an overview on your privacy while visiting this website.
BlenderDumbass.org
BlenderDumbass.org is a proxy version of the website operated by Madiator2011 from Poland. The original server of this website only operates over the Tor network. So if you are using any proxies, such as BlenderDumbass.org, please use them at your own risk, since the operator in question might be able to see your usernames and passwords if you log in. Also for non-tor uses, the operator can see your IP address as well. And since those are proxies, they can technically also see the entire traffic.
Madiator promised that on BlenderDumbass.org specifically he doesn't collect any logs what so ever.
Tor Network
The website is available on tor using: http://ttauyzmy4kbm5yxpujpnahy7uxwnb32hh3dja7uda64vefpkomf3s4yd.onion/
The website's server is running at my house on my personal computer, through the Tor Network. So the connection between you and me goes through at least 6 rendezvous points around the world, all having additional layers of encryption added. This is a very good level of end to end encryption for a website. Better than HTTPs in my opinion.
When my server receives a request from you, I do not see your IP address. That means that I cannot know where you are geographically in the world.
Cookies
The website uses one single cookie that helps logins work. And helps you see which articles you haven't yet read, for example. This cookie is not shared with anybody else. And with modern browsers if you restart the browser, the cookie is getting deleted.
All I can know from this cookie ( if you are not logged in ) is what pages have been read by the same person. I can not know anything about that person.
If you do log in, the cookie will be associated with your account.
Java Script
At the point there is not a single line of Java Script used on this site. If you are using the Tor Browser you can see various No Script elements here and there. All of those are media files embedded using standard HTML tags. I do use CSS for prettiness.
I'm not planning to ever using Java Script.
Third Party Requests
I link to images and other media files from different websites. I try to not link from website with dubious privacy records. But I allow linking images to the user and have limited control over what they link. Some of those images might come from dubious websites with bad privacy records. And if you are not using the Tor version, you may give those website some information.
Account security
If you are registered on the website or planning to register, there are a few things you need to take into consideration.
On the computer I store passwords as SHA256 hashes. I do not store them as plain text. So even if somebody gets to my computer they will not be able to see your passwords immediately.
But since there is no JavaScript, all of the logic of the website happens on the server. Meaning the conversion of your password to SHA256 hash is happening on the server. Meaning at some point I receive your password in plain text. And therefor if somebody gets to my computer, they could modify the server's software to view the passwords. Though for that they would have to be physically present in my room. ( Madiator2011 has the same problem separately with BlenderDumbass.org )
While I'm in still in control over my computer, with the Tor's encryption I do not think it should be a problem. But I cannot guarantee that your password will be safe forever, so please do not use a password you use on any other platform. Unless you want me, or anybody who has control over this computer, to have access to it.
Anybody either logged in or logged out can search for your profile and view anything you post on this site.
Happy Hacking!!!
![[thumbnail]](/pictures/thumbs/mevssteve.png)