~ Early Web Links ~

SpamPoison is a community tool that has been trapping email-harvesting bots since 2003 by luring them into an infinite loop of dynamically generated fake email addresses on spammer-owned domains. Webmasters can join the fight by adding a simple link to their site, redirecting spam bots to poison traps that render their harvested lists commercially useless.

The personal site of bad.download, a tech-industry professional who writes about cybersecurity, privacy, digital preservation, and generative AI models. Minimal but thoughtful in scope, it features links to personal projects like a Discord bot using GPT-4 Vision alongside old-school web nostalgia banners for Firefox, AIM, and WinRAR.

Matt is a UK sysadmin who runs this ever-evolving personal site covering infosec, the indieweb movement, and life both on and offline. The site features multiple custom themes, a changelog documenting its evolution, technical guides, and a curated collection of favourite corners of the internet to explore.

The Hive is the personal corner of Apis Necros, a cybersecurity enthusiast who writes about cryptography, hacking, philosophy, and general life alongside showcasing original JavaScript prototypes and cipher experiments. Notable projects include a self-designed PentaBit Cipher and a Diffusion-limited Aggregation simulation, making this a genuinely curious blend of technical creativity and indie web spirit.

Anurag Agarwal's threat modeling blog dives into real-world web security vulnerabilities, including this post presenting a working proof-of-concept Ajax sniffer that overrides XMLHttpRequest to intercept and exfiltrate data. The site covers topics like XSS, Ajax worms, SQL injection, clipboard theft, and secure SDLC integration, making it a valuable technical resource for security researchers and developers.

Dig Deeper is a privacy and security-focused resource site covering browser selection, spyware testing, email providers, VPNs, darknet setup, and critiques of major software like Mozilla and various search engines. The site goes deep into practical guides and opinion pieces on digital autonomy, making it a substantial destination for anyone serious about escaping surveillance and corporate tech.

Christian Cleberg is a Technology Assurance Manager at KPMG who publishes technical guides, AWS security auditing posts, and personal projects through this minimalist personal site. Recent posts focus on auditing AWS IAM users, passwords, and S3 buckets, making it a useful stop for cloud security and IT assurance content.

Maia Arson Crimew is a Swiss hacktivist, investigative journalist, and musician whose personal site serves as a hub for her technical security research, hacking write-ups, and journalistic work including a column for the Swiss magazine Das Lamm. The site links to a blog covering high-profile hacks and hacktivism, music projects, DJ work, and sample packs, making it a fascinating window into one of the more notable figures in modern hacktivist circles.

GNUCITIZEN is a security research blog by pdp and collaborators, focused on exposing web vulnerabilities including UPnP exploitation, XSS attacks, and router reconfiguration weaknesses. This 2008 post details a serious design-level flaw allowing UPnP to be abused across the web without XSS, making it a compelling read for anyone interested in network security research.

The personal weblog of Martin Johns (aka Maddin), a security researcher whose posts focus on web security topics including CSRF protection, XSS detection, DNS rebinding, Firefox extensions, and OWASP conference coverage. It offers a window into early-to-late 2000s browser security research, with references to tools like NoScript, LocalRodeo, noXSS, and XSSDS that Johns developed or contributed to.