As we feared, the owner of the old domain has already betrayed the community and redirected the domain. After the redirect propagates, hundreds of thousands of loyal patriots may not know where to find home!
Spread the word that we've moved! Gab, Twitter, etc! Here's an example (Also, new Gab account for the new domain name):
https://gab.com/PatriotsDotWin/posts/105594470022099271
Edit-
A lot of concerns have actually been answered by more technically savy users in the comments,
No, they said if you were logged out, that was bad. And that the new site would likely blindly accept the first password provided. I was not logged out. My browser does not remember passwords, so it could not have logged me back in. Or... It's all bullshit and it's been compromised for a while already. Probably back when that 'hold the line' lie started.
the cookie is still valid, which means that the front end hosts are the same, the back end db is the same. URL may be different, but everything else is the same. Even the ssl cert is the same.
Yep. The fact the domain changed and SSL didn't freak out is a good thing. To every pede that doesn't know what that means... it means a ton of extremely annoying extra measures on your computer designed to warn you if something's amiss, aren't ringing. And trust me, they got super annoying the past 2 years. So I feel safe. The token is still valid, the cert is good, AND the domain name changed... even the most secure site will freak out if you change a domain name, unless you've set up a line of trust. Well it looks like they setup a line of trust. So there.
EDIT-
Dusted off the old poorly underused, but verified, thedonaldreddit Gab account for additional verification:
https://gab.com/thedonaldreddit/posts/105595244151890950
Edit- As far as media posts go, it's fixed for new posts, being worked on for old ones.
Wut? That makes no sense whatsoever. If the website didn't store anything for a user but their username, there would be no way to ensure the password matches the username (other than private keys or something).
I repeat: no serious website stores its users' passwords. It's a huge security hole. It stores a hash, which is the result of the application of a one-way function (in practice, a function that nobody knows how to invert, like SHA-256), together with a random string called a 'salt' (but let's ignore that for now). When you try to log in, the system computes the hash of the password you input, and compares that hash with the hash stored in the database. It correctly compares whether it was given the correct password even though it doesn't know what your password is. This is a very important security matter. Without it, if the database ever becomes compromised, the hacker gets easy access to all the users' passwords, which given the rampant practice of password reuse, would be an absolute nightmare.
Like I said, I think it's likely that this is being done correctly and this was just imprecise wording on the mod's part, but it merits asking for clarification.
I was replying to your other reply implying hashes weren't how this works. They are still storing a password, just not the plaintext password.
Looks like you've now edited the reply to make yourself look smart though, congratulations.
Where did I imply that?
But that's the thing, they aren't. A hash is not a one-to-one function. It's many-to-one (guaranteed by the pigeonhole principle). There are many possible passwords that result in the same hash value, so really you could login by typing in something that's not your password. Finding collisions is extremely hard with a decent hash function, of course, but the important point of principle is that in a well-designed system the server doesn't even have to see your password in order to properly authenticate you. It's not storing passwords. It's storing hashes. That's the crucial bit.
I don't know what you're talking about. I didn't edit my replies and have no interest in 'looking smart', I just want to have some mod please confirm that yes they're hashing and salting, how could I even suggest otherwise.