Note evading censorship via domain replacement

jstrieb · May 23, 2020 · c44a1ea · c44a1ea
1 parent 33f4398
commit c44a1ea
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -29,6 +29,7 @@ Link Lock has many uses:
   that do not respect `robots.txt`
 - Add a password to shared Dropbox or Google Drive links
 - Share password-protected magnet links and torrents
+- [Evade censorship](#evading-censorship)
 
 Link Lock uses AES in GCM mode to securely encrypt passwords, and PBKDF2 and
 salted SHA-256 (100,000 iterations) for secure key derivation. Encryption,
@@ -105,6 +106,39 @@ me to build a secure encryption application. In particular:
   interface that does not automatically redirect:
   [https://jstrieb.github.com/link-lock/decrypt](https://jstrieb.github.com/link-lock/decrypt/).
 
+### Evading Censorship
+
+Link Lock can be used to evade censorship. If you are concerned that sending
+links with the `jstrieb.github.io` domain name will put you at risk, just
+replace the domain with another. For example, share
+
+```
+https://wikipedia.org/#eyJ2IjoiMC4wLjEiLCJlIjoiYUgrNDhISkpBWWhkeFFMc0l0VlIzeFlma21mYlZCOFJ5Zz09In0=
+```
+
+instead of
+
+```
+https://jstrieb.github.io/link-lock/#eyJ2IjoiMC4wLjEiLCJlIjoiYUgrNDhISkpBWWhkeFFMc0l0VlIzeFlma21mYlZCOFJ5Zz09In0=
+```
+
+Any domain can be used in place of `wikipedia.org`. That way, a malicious
+third-party who clicks the altered link will be taken to a valid page, which
+helps alleviate suspicion. When sharing the password to unlock the link,
+explain how to switch out the domain name with either
+`jstrieb.github.io/link-lock`, or with the path to a local clone of Link Lock.
+Using a local copy is particularly recommended for evading censorship, since no
+request to my domain is ever made.
+
+Alternatively paste the altered link directly into the [decrypt
+page](https://jstrieb.github.io/link-lock/decrypt/). This page does not check
+the domain name of the pasted link, only the "fragment" (the part after the
+`#`). So, for example, the Wikipedia link above can be pasted directly in there
+and decrypted without changing the domain.
+
+Using a local copy of [URL Pages](https://github.com/jstrieb/urlpages) is also
+recommended. Entire web pages can be shared safely and secretly this way.
+
 
 
 ## Other Versions & Related Projects

diff --git a/decrypt/index.html b/decrypt/index.html
@@ -48,6 +48,8 @@
   <h1>Decrypt Link Lock URLs</h1>
   <p>This application is for decrypting <a href="https://github.com/jstrieb/link-lock" target="_blank">Link Lock</a> URLs without automatically redirecting. This is useful if you do not trust the source of an encrypted URL. It is also useful if the URL uses a blocked protocol like <code>javascript:</code>, for example.</p>
 
+  <p>This page is also useful if you think you have received a locked link, but it uses another domain, instead of <code>jstrieb.github.io</code>. This may be done as a means to <a target="_blank" href="https://github.com/jstrieb/link-lock/#evading-censorship">evade censorship</a>.</p>
+
   <hr />
 
   <div class="form">