guest:~]$ cd info && htmlview info.html

>

This page documents the inner workings of my site; all it's directories, technologies, and decisions will be laid bare before you. After all, If you know where everything is and how it should work, it's going to be a lot harder for someone to use this site as a way to exploit you.

guest:~/info]$ Canary Notice

>

Many privacy-focused sites have what is called a canary notice: a small notice telling visitors that the government hasn't requested information on any users. Users can then determine if a site was subject to a search if the canary notice disappears. You can find my canary notice at the bottom left of each page on the site.

guest:~/info]$ Exploits

>

There are several methods of injecting malicious content into a webpage. I have coded the site in such a way as to prevent as many of them as I could, or at least make it hard to hide them:

>
  • Javascript: There will be exactly one inline script, and its purpose is to scan for and remove other scripts/payloads before your browser can load them.
  • SVG Payloads: Due to it's rich feature set, SVGs can embed javascript payloads and even request foreign resources. For this reason, all SVG data is placed at the beginning of the body, in full view of the user. I'm doing some research into how neocities sanitizes its file uploads, so I know if I need to make my own malicious XML detector out of javascript. For more info about SVG payloads, check here.
  • Cookies, browser fingerprinting, and other tracking methods: Neocities doesn't allow or support server-side code, rendering it impossible for me to store any information on you. But if you still aren't convinced, you're welcome to check the network tab of your browser's developer tools to see exactly what requests are being made and what data is being sent to whom.

guest:~/info]$ Why go Through all This Trouble?

>

If I'm compromised, I'd rather not have any information on you. The best data protection method is to not collect the data.

guest:~/info]$ Customization

>

I designed this site to be customized. There is one CSS file that contains everything needed to make the page look the way it does. Everything from the colors to the size of various elements can be changed by you using a CSS injector plugin for your browser. You can find these variables by viewing the source in the developer console.

>

I did this so that the site can be changed to your needs. If you suffer from colorblindness, you can tweak the colors. If you need to get rid of some animations, you can do that too. I want this site to be accessible by design, and not just as an afterthought. As a bonus, adding new layouts for content becomes a whole lot easier, along with debugging.

>

With that said, however, there are a number of things that are still broken for some reason. I am trying to fix them as soon as I can, but these aren't normal problems, they're the kind you only encounter if you have been cursed.

>

  • The font size cannot be set. Like, at all. As of 5 May, 2024 this issue has been fixed, and is responsive on most devices. It's still a bit on the small side, but I plan to add some media queries to make it fit a bit better.
  • The link to the canary notice works, but cannot be clicked unless on mobile. For now, you need to manually add "/canary.html" to the homepage URL.
  • Navigation icons are too small when viewed in portrait mode on mobile. Turning the phone on its side fixes this issue, but I'm still looking for a permanant fix.
  • Turning the phone sideways removes blending properties from the background image. I honestly have no idea with this one.
  • Prior to 26-07-2024, The canary notice linked to "voxx-windictae". This was a typo, and has been fixed, along with some other malformed links.

guest:~/info/]$ _