Security

All traffic between clients and SocialWeb servers is encrypted with TLS 1.2 or 1.3. Plaintext HTTP connections are redirected to HTTPS. HSTS is enforced with a long max-age directive.

Every response from socialweb.cloud includes a strict Content Security Policy, X-Frame-Options: DENY (preventing clickjacking), X-Content-Type-Options: nosniff, Referrer-Policy: strict-origin-when-cross-origin, and Permissions-Policy restricting access to sensitive browser APIs.

This website makes no third-party network requests. You can verify this in your browser's Network panel.

Passwords are hashed using a modern, salted hashing algorithm before storage. We do not store plaintext passwords. Authenticated sessions use signed, httpOnly cookies.

We do not currently offer two-factor authentication for the managed cloud product, but it is on the roadmap.

SocialWeb's managed cloud runs on DigitalOcean infrastructure in a dedicated environment. Access to production systems is restricted to authorized personnel and requires key-based authentication.

Self-hosted instances are entirely under the control of the operator. We do not have access to self-hosted data or infrastructure.

We collect as little personal data as possible. RSS feed fetching and search proxying are handled server-side so that publishers and search providers see SocialWeb's IP addresses, not yours. We do not log which articles you read. See the Privacy Policy for full details.

We use automated tooling (Dependabot) to track and apply security updates to our dependencies. Critical patches are applied promptly. Our CI pipeline runs on every change.