I take the security and privacy of my visitors very seriously. This website is secured via SSL with certificates issued by Let's Encrypt, with an A+ rating from the Qualys SSL Labs report. My web server is configured to use HTTP Strict Transport Security (HSTS) with a long-duration header, as well as OCSP stapling.
This website does not handle any personally-identifiable information. It does not load any external resources from Content Delivery Networks (CDNs). Instead all assets are hosted at the static
s.hong.io subdomain, with subresource integrity (SRI) enabled. This way, information about my visitors will not be leaked to third parties. Likewise, there are no tracking cookies, or analytic scripts of any kind. For further details, see my privacy page.
PGP Public Key
This is my current PGP public key. It is available as a direct download from my website at the following link (PGP Key). Likewise, it is available for download via the OpenPGP.org keyserver, at the following link (PGP Key). I also maintain a regularly updated PGP canary (Link) which demonstrates that I still maintain possession of my PGP key.
- Update 2022-05-06: I have added additional User IDs to my existing PGP key. The key and signature are still the same, but this changes the public key slightly. You can verify that the PGP key has not changed by checking signatures against both the old public key, and the new public key– they will both verify correctly, since they correspond to the same underlying private key.
- Update 2023-04-04: I have updated the expiry date on my PGP keys.
PGP Key Fingerprint
PGP Public Key
Tor Onion Service
This website is also available as a Tor Onion Service (Hidden Service) over the Tor Network. Users with advanced privacy and security requirements may opt to access my website via its Onion Service link via the Tor Browser. The Onion Service link is:
You may verify the provenance of the Onion Service link by visiting the
mirrors.txt file located at this domain (Link Here). The linked file is signed with my PGP key, which you may verify. My Onion Service implements the Onion Mirror Guidelines specification.
The Onion Service is available over HTTPS. The TLS certificate is signed by the HARICA, the Hellenic Academic and Research Institutions Cert. Authority. The certificate is installed by default within the Tor Browser Trust Store. The certificate fingerprints are:
If you believe you have found a security issue on my website, or any of my associated infrastructure, I encourage you to contact me and disclose it responsibly. I am happy to work with security researchers and hobbyists to rectify any bugs and issues that are found, and coordinate a disclosure. Discoverers of any security issues will be acknowledged in the Security Hall of Fame section below. I do not run a bug bounty program at this time.
Security Hall of Fame
I give my thanks and gratitude to the following individuals, who have contacted me with security issues or concerns, and worked with me to rectify them.
2023 – 2024:
- No submissions (so far).
2022 – 2023:
- No submissions.
2021 - 2022:
- No submissions.