Remix.run Logo
fragmede 4 hours ago

CT logs just explain how they found the domain. T doesn't explain how they could have found unlinked content on the domain itself. If I put up secret-example.com/asdf-1234567.html, how does that page get found if there are no public links to it?

pohuing an hour ago | parent | next [-]

True. I just assumed imprecise phrasing.

Google misusing chrome browser history as a hitlist for indexing sounds wild to me, so I tried to see if there's another way.

It also felt unlikely because there's multiple subdomains of mine that aren't indexed, and wildcards+no preload are the only precautions I've made myself for my private sites.

This might also be an EU vs rest of World thing, or my stuff isn't interesting enough to index(in retrospect the most likely reason I suppose)

Lomlioto 3 hours ago | parent | prev [-]

Don't underestimate people not knowing were they share stuff by accident.

Creating Sitemaps, sharing it somewere public, putting the url in some 3th party service, server logs, some indirect path in javascript.

But if you never mention that url, it will not be found if not leaked by your server.

saghm 2 hours ago | parent [-]

> But if you never mention that url, it will not be found if not leaked by your server

That sounds like a claim that security through obscurity is infallible, which is dubious. Don't get me wrong, it can be a reasonable part of defense-in-depth strategy, but like, brute force attacks are kinda a well known thing, especially if your URLs aren't truly random...