The server do not allow SSH connections using passwords.
The only user allowed to remotely access the server requires a key with a pass
phrase and this user is not the root user, but it belongs to the sudoers
The user that runs the application do not belong to the sudoers group.
This instance does not have SSL enabled, even though the LynxChan engine
The database is not encrypted, allows only local connections and do not
Deletion passwords are stored in plain text and are not meant to be secure. If
you wish to make sure you can't be tracked without your ip, do not provide a
deletion password when posting.
Every posting has it's ip recorded. Except for TOR users.
The first half of the ip can be seen by the global staff and board staff. Ex:
"18.104.22.168" will be displayed as "1.2" to both global and board staff where the
post was made.
A hashed and salted version of the ip will also be available for the same
people mentioned on the previous item. The salt is randomly generated for
boards and is not available for anyone without direct access to the database.
However, root users are able to see the actual ip of the user and potentially
enable for any member of the global staff to see clear ips too. In this
instance, only root users are allowed to see real ips.
If enabled by the board owner, a thread-wise id will be displayed on the post.
This thread-wise id uses a randomly generated salt to the thread, allowing for
everyone to identify postings from the same ip in a thread.
The thread salt is as private as the board salt and is not based on the board
Conclusion: the staff can identify the same user inside a board, ids allows
anyone to identify the same user inside a thread, the sysadmin has access to
all ips used to post on the whole site, root users can also see that and can
enable other global staff member to access them.
Cookies are only required for using the block bypass or a moderation account
and are not associated in any shape or form to your posts.
The placeholder front-end does not link any external resources and do not