Technology

We constructed IGD not just with aesthetics and content in mind but privacy and security. However, and most importantly, this does not mean you or us are secure because everything is broken.

What you can do to help secure yourself on the internet:

On Anonymity:

  • We anonymize IP addresses in our logs.
  • We do not serve advertisements or track behavior.
  • We offer IGD over Tor Hidden Services.

On Security:

  • We only use Open Source Software that is publicly auditable.
  • We receive regular third party security audits and penetration testing.
  • Your connection is secured using SSL and hardened with a 4096 bit Diffie-Hellman key. This helps to prevent eavesdropping by third parties.
  • Your connection is encrypted with SSL using Perfect Forward Secrecy. We have configured SSL to generate random public keys per session for the purposes of key agreement which are not based on any sort of deterministic algorithm. This helps to ensure that any spy capturing information from the internet will not be able to decrypt in the foreseeable future.
  • Your connection has been configured to prevent against attacks from third parties by making use of HTTP Strict Transport Security. HSTS is a security protocol that forces the use of SSL in the communication between the web browser and our web servers.
  • Your connection has been configured to prevent against attacks from third parties by making use of HTTP Public Key Pinning. The HPKP extension is a security feature that tells your browser to associate a specific SSL certificate with a web site to prevent MITM attacks.
  • Your connection is accelerated through the latest version of HTTP/2 – a technology that achieves reduced latency through compression, multiplexing, and prioritization.
  • Your connection performance is accelerated through the use of OCSP stapling – a technology that reduces the amount bandwidth needed for OCSP validation, and allows your browser to verify validity of our SSL Certificate without disclosing browsing behavior to a third party.
  • Our content is accelerated by using open source, reverse proxy, load balancing, caching web accelerators: NGINX and Apache ATS

On Resiliency:

  • Our servers are backed up in several different geographically distributed locations that are PGP encrypted and version controlled.
  • Our CDN servers fall under several legal jurisdiction and are also geographically distributed.
  • We’ve successfully mitigated DDoS attacks of over several hundred GB.
  • Spam always goes into /dev/null
  • As of Sept 2017 – We server content to over 1.5 million unique visitors a month.

All of this effort has earned us the highest rating from Qualy’s SSL lab.

qualys