i 100% agree with everything youve said meow. in school i was always treated differently and it only pushed me to be more isolated. i just wanted to add in my two cents on this statement here:

this would take resources away from those who need them more

i get what you mean and i think if you genuinely dont want to accept help from programs/stuff like that, thats okay!! but this statement isnt quite true, in fact, its the opposite.
when local, state, or federal programs or nonprofits offer assistance to certain groups of people, 99.99% of the time it actually helps MORE to accept it. many people have the same mindset that accepting it means someone else wont get it. but accepting it means the program can say theyre helping more and more people, which in turn, gives them more funding to help more people who need it. this applies to many things, its generally helpful to boost their program's metrics so they can receive more funding.

just my two cents, not trying to change your mind, but i hope this might encourage others to not feel bad about accepting assistance and stuff.

this is a public vulnerability disclosure, cus i cant reach the developers of textem.net and i noticed bdns users (even staff members) use this site often.

tl;dr: textem has multiple vulnerabilities, potentially compromising all your texts, password, email address. i suggest deleting your account asap and using a different platform.

textem is an old texting site from 2006 and still seemingly popular. here are three vulnerabilities ive found, the exact details are withheld to avoid malicious attacks on users.

1. broken access control (+ config file misconfiguration)
while this is technically a category of vulnerability, i wasnt able to pinpoint the exact vuln name. however because of a misconfiguration in a certain file and lack of adequate access controls, any user's texts are revealed to the public. as a user, you cannot prevent this or retroactively remove your texts. this is extremely easy to take advantage of.

2. improperly sanitized input.
this one is far more dangerous, however slightly more technical (involving writing exploit code) as it allows an attacker to essentially control any user's browser, without warning or alert. this means steal your passwords, read your texts, show you fake login websites for your email, bdns, etc. and you wouldnt even know it.

3. lack of rate limiting, poor password standards, and weak admin passwords
im editing this one in cus i forgot about it. but essentally any user's account is typically extremely easy to bruteforce. in fact, while testing, i could hack the admin account in less than 10 minutes.

the presence of these easily exploitable vulnerabilities means theres likely even more issues, potentially even more dangerous. if you are a user, please follow these steps:

1. if you rely on textem to communicate, immediately switch to a different website.
2. change passwords (ideally to something unique and even forgettable, make sure you never reused it anywhere else - after all, youll be leaving the website anyway)
3. if you discussed private matters in texts (e.g sharing passwords), assume its public and act accordingly.
4. delete your account if possible.

again, i havent been able to contact the developers, but if they ever fix this, ill update this post :3

all of my gcs have incriminatig evidence. no.

IM NOT MAAAAAAALLE CRIES

using ip addresses for authentication is extremely risky, even if switch users may not be able to easily access email. ill label a few reasons.
(1.) often, residential ip addresses are dynamic, so theyll change often. this can prevent someone from authenticating.
(2.) when a user requests a password change via email and doesnt receive an email, they are encouraged to contact bdns and submit their ip address. what if an attacker ip logs a user to take over their account? will the sender email address be verified, and what if the user registered with an email address they can no longer access? how will any of this be verified?
(3.) user accounts could be stolen if an attacker on a local network impersonates them.
while the attack scenarios can be considered edge cases, they still need to be considered, especially in a forum this large. someone is bound to run into one of these issues eventually.

instead of ip authentication, i suggest any of the following:

• knowledge based authentication. such as having multiple security questions that the user creates upon registration.
• access based authentication. force users to register with email addresses. for switch users, provide suggestions on email providers that are minimal and work with low resource consumption.

i dont mean to complain or whine about this password reset policy, im just concerned it could backfire and cause future issues.

hallo all!!

tools4all (https://t4a.tech) provides resources for users on limited devices such as email provider, and soon to be phone number texting & virtual computers.

just a few updates:

• "Navigate" button added to the Webmail menu, allowing you to easily navigate to any URLs directly in the page (similar to BDNS)
• Password reset function added
• Several spam accounts disabled

apologies for slow development, ive been super busy irl x.x i wont be giving up on t4a tho!!

@SweetLikeTarmac ofc, im glad its helpful!! tysm for the support<333 it truly means a lot and encourages me to keep it running and develop more tools

hallo friends!!!

given the lack of options for switch capable email providers, i have been working on making my own for the community to use. these are the features i already added and plan to add soon.

• lightweight with minimal resources needed, no more "Reload the page" prompts or ads slowing things down.
• minimum 1gb storage for every user (more storage if requested)
• modern but simple user interface
• for added security, a paid bug bounty program will be implemented (up to $500), as well as transparency on our security measures.
• emails dont land in spam folder (atm sending isnt set up yet, but receiving is working)

(for the most part, everything is already developed already and nearly production ready)

eventually i intend on also developing other switch-centered tools so the entire community has access to resources regardless of technical capability.

if you have any suggestions for this email provider, please let me know!!! i want this to be a community-driven project and i want to make sure everyone's needs and wants are met.

love, maple <3

@IM_N0T_ØKAY i wouldve offered help but i kinda got the vibe you wanted someone else to do the harder work and you can be the staff, this kinda confirms it :sob:

@Eggyz999 ikr [censored] clankers they can go clank their little metal parts together away from us

go back to the factory where you came from clanker kys

regarding id verification, particularly for discord, there used to be a bypass to automatically verify your account without providing an id. discord's id verification platform had some vulnerabilities so really you just had to craft a special url, click it, boom id verified. i dont know if its been patched tho its been a few months since the exploit research was published (and to comply with rules - i am not encouraging or enabling bypassing rules or laws, just sharing what ive learned)

@Snoopy LMAOAOOAFNFJ I DID . he urged me to ethically disclose the exploit so i reluctantly did (and got paid $128 for it!!!)

@Yanderemenhera MWAH

@Aries idk it was some random person haha...... i would NEVER hack someone wink wink

@YourAriesBestie you just take your job too srsly, youve done this before with other joke posts i made :sob:

pawthetic? more like.. loserthetic hahahaha ..

maple says trans rights