Privacy Policy
👁 11
Hackers That Viewed This Page
This is an overview on your privacy while visiting this website.
BlenderDumbass.org
BlenderDumbass.org is a proxy version of the website operated by Madiator2011 from Poland. The original server of this website only operates over the Tor network. So if you are using any proxies, such as BlenderDumbass.org, please use them at your own risk, since the operator in question might be able to see your usernames and passwords if you log in. Also for non-tor uses, the operator can see your IP address as well. And since those are proxies, they can technically also see the entire traffic.
Madiator promised that on BlenderDumbass.org specifically he doesn't collect any logs what so ever.
Tor Network
The website's server is running at my house on my personal computer, through the Tor Network. So the connection between you and me goes through at least 6 rendezvous points around the world, all having additional layers of encryption added. This is a very good level of end to end encryption for a website. Better than HTTPs in my opinion.
When my server receives a request from you, I do not see your IP address. That means that I cannot know if you visited the website before that or not. All I can see is what page URL you are requesting and at what time you do so.
Java Script
At the point there is not a single line of Java Script used on this site. If you are using the Tor Browser you can see various No Script elements here and there. All of those are media files embedded using standard HTML tags. I do use CSS for prettiness.
I'm not planning to ever using Java Script.
Third Party Requests
I link to images and other media files from different websites. I try to not link from website with dubious privacy records. But I allow linking images to the registered user and have no control over what they link. But because the website is on the Tor Network and to access it you have to be connected to Tor, I do not think there is any problem with having links from even the worst websites, if those are just media files.
Account security
If you are registered on the website or planning to register, there are a few things you need to take into consideration.
When you type your password to log in, you can see that username and password appear in the link of the page you are visiting. This is my way to implement logins. If you want to log out, you can just delete the username and password from the URL, or use the logout button. I have included a Share button on every article, which gives you access to the clean URL to the article, without your username and password.
On the computer I store passwords as SHA256 hashes. I do not store them as plain text. So even if somebody gets to my computer they will not be able to see your passwords immediately.
But since there is no JavaScript, all of the logic of the website happens on the server. Meaning the conversion of your password to SHA256 hash is happening on the server. Meaning at some point I receive your password in plain text. And therefor if somebody gets to my computer, they could modify the server's software to view the passwords of any new requests. Though for that they would have to be physically present in my room.
While I'm in still in control over my computer, with the Tor's encryption I do not think it should be a problem. But I cannot guarantee that your password will be safe forever, so please do not use a password you use on any other platform. Unless you want me, or anybody who has control over this computer, to have access to it.
While you are logged in I can also see what pages you are accessing. Since the username is also the part of the URL. And I record which pages you have seen. You can see the titles being orange when you haven't yet loaded this page while logged in. When you have loaded this page, the title will be yellow. Also every article has a view count button. If you click it, you can see who visited this article logged in.
When you are logged out, you have quick access username and password fields besides any field that requires an account. So it would be easy for you to use the website while logged out to avoid my tracking.
Anybody either logged in or logged out can search for your profile and view anything you post on this site.
Even though the password is a part of the URL, I decided to modify the logger to not show me any of your passwords. So I do not know any of them. At the moment the logger logs this kind of text:
On the very left I can see the date and time of the request for a particular page. In Blue is the username of any logged in user. It will remain blank if you visiting without logging in. Then in the center there is the URL itself. And the dark gray are the variables in the URL after the ? sign. Notice that I redacted every password to show 7 star signs. Showing IP address had no point what so ever, since the one I get from the Tor points back at my own computer.
The red text highlights the /graph requests. If you click the views button on any page, you will see a graph. Until you click it, it is a hidden element that is still being loaded by the browser. This graph is a separate page embedded using the iframe tag. So there are two requests. When a bot visits a site for scrambling purposes, the bot doesn't request the /graph. Therefor there is a higher chance that it's a real person reading when the /graph is actually requested. And I made it red so I could see when real people read my articles.
You can also notice the "ATTACK! server RICK ROLLED!" message in there. It is because somebody tried accessing something that the website doesn't support, presumably as an attempt to crack it. So when somebody requests a page with ".php", ".sql" or "server" in the URL I redirect them to Never Gonna Give You Up by Rick Astley.
Happy Hacking!!!
Creative Commons Attribution Share-Alike 4.0 International License
So please share!
Share
💬 Opinions:
Blender Dumbass does not endorse any of the opinions listed below. The website allows for Anonymous users to send opinions. So some of them could be quite repulsive to read. You have been warned.
If you have no account and want to send an anonymous opinion, you can just ignore the username and password fields. Your anonymous opinion will be reviewed by the registered users. And if they decide that it's good, it will be posted for everyone.