As we feared, the owner of the old domain has already betrayed the community and redirected the domain. After the redirect propagates, hundreds of thousands of loyal patriots may not know where to find home!
Spread the word that we've moved! Gab, Twitter, etc! Here's an example (Also, new Gab account for the new domain name):
https://gab.com/PatriotsDotWin/posts/105594470022099271
Edit-
A lot of concerns have actually been answered by more technically savy users in the comments,
No, they said if you were logged out, that was bad. And that the new site would likely blindly accept the first password provided. I was not logged out. My browser does not remember passwords, so it could not have logged me back in. Or... It's all bullshit and it's been compromised for a while already. Probably back when that 'hold the line' lie started.
the cookie is still valid, which means that the front end hosts are the same, the back end db is the same. URL may be different, but everything else is the same. Even the ssl cert is the same.
Yep. The fact the domain changed and SSL didn't freak out is a good thing. To every pede that doesn't know what that means... it means a ton of extremely annoying extra measures on your computer designed to warn you if something's amiss, aren't ringing. And trust me, they got super annoying the past 2 years. So I feel safe. The token is still valid, the cert is good, AND the domain name changed... even the most secure site will freak out if you change a domain name, unless you've set up a line of trust. Well it looks like they setup a line of trust. So there.
EDIT-
Dusted off the old poorly underused, but verified, thedonaldreddit Gab account for additional verification:
https://gab.com/thedonaldreddit/posts/105595244151890950
Edit- As far as media posts go, it's fixed for new posts, being worked on for old ones.
I'm hoping this is just informal wording, but please tell me this site is not actually saving users' passwords.
Of course it is. That's why when you log in, the website doesn't say DeRFffff ??????? 🤤🤪
The way passwords are stored is typically something called salt and hash. It's essentially a one way ticket: when you type your password, it turns it into a jumbled mess, and that's what's saved. You can't turn that jumbled mess back into your password, but you can check to see if the jumbled mess you just sent is the same as the one stored in the database.
What they can do is figure out the salt and hash, and then they can make a table of popular passwords. That's why password strength is important.
you mean "Password" isn't a good password? How about "incorrect" so if I forget it, the computer says "Your password is incorrect" and reminds me?!?!
Well, no. No serious website stores passwords.
I know how salting and hashing works. The point is that it's very much not the same as storing passwords (in plaintext), which is what the comment I responded to seemed to imply was being done.
Oh, okay. I assumed you didn't have a technical background based on your silly assumption that passwords are stored in plain text.
Of course they aren't, and of course that isn't what he meant.
You're obviously not the security programmer for healthcare.gov /s
How do you know?
How do you know?
Oh yeah I'm so silly, that's never happened before or anything, I mean it's practically unheard of.
Like I said. I think it's likely the mod (who deferred to another on the technical questions) simply used imprecise language, but this is important enough that it merits clarification.
Wut? That makes no sense whatsoever. If the website didn't store anything for a user but their username, there would be no way to ensure the password matches the username (other than private keys or something).
I repeat: no serious website stores its users' passwords. It's a huge security hole. It stores a hash, which is the result of the application of a one-way function (in practice, a function that nobody knows how to invert, like SHA-256), together with a random string called a 'salt' (but let's ignore that for now). When you try to log in, the system computes the hash of the password you input, and compares that hash with the hash stored in the database. It correctly compares whether it was given the correct password even though it doesn't know what your password is. This is a very important security matter. Without it, if the database ever becomes compromised, the hacker gets easy access to all the users' passwords, which given the rampant practice of password reuse, would be an absolute nightmare.
Like I said, I think it's likely that this is being done correctly and this was just imprecise wording on the mod's part, but it merits asking for clarification.