Popular Tumblr-inspired social media platform Pillowfort was back online on Thursday after a three-month shutdown over potential security concerns.
The site, which is available to pre-registered users as of Thursday afternoon, is an NSFW-friendly microblogging website where users can post images, text, and video posts to their followers. Users can also join communities for different subject matters, from pornographic artwork to Animal Crossing.
“Pillowfort aims to be a sort of hybrid of your favorite blogging websites—keeping the strengths of these platforms while compensating for their shortcomings,” the site’s homepage reads.
Pillowfort first garnered interest as a Kickstarter project in 2018. After Tumblr banned NSFW content later that year, Pillowfort became an attractive alternative for adult artists, fandom communities, and LGBTQ members.
Initially, Pillowfort launched public registrations on Jan. 25, sparking widespread interest on Twitter. However, users quickly found a series of HTML exploits that “could potentially allow cross-site scripting” attacks, one security expert told Motherboard. Pillowfort closed user access shortly after and began a three-month process to fix the site’s vulnerabilities.
“Since then our developers, with the assistance of an experienced security consultant, reviewed & revised the entire platform to have a more holistic approach to site security,” a post from Pillowfort staff reads. “Our consultant also performed a thorough investigation of the site to identify any existing security issues and provide remediation strategies, which we enacted.”
Twitter and Pillowfort users have generally celebrated the site’s return. One popular adult artist, Mr Pecu, called Pillowfort “very welcoming to NSFW artists” and “the most promising alternative platform” for illustrators. However, some expressed concerns about its safety after January. Password resets were already reported to have a 404 issue (Pillowfort is “pushing a fix for this ASAP,” according to one tweet).
On Thursday, Pillowfort kept free registrations closed to control traffic access and “address any new issues that may come up,” according to the staff post. New users can still join the site with a user invite code or purchase a registration key for $5.
“The invitation system, which allows all users to generate up to 3 free registrations keys to give out a week, is temporarily re-instated,” the staff wrote. “We will let you know when we reopen free registrations again.”
The Daily Dot reached out to Pillowfort for comment.
Update 5:59pm CT, April 29: When reached for comment, Pillowfort adult artist Mr Pecu directed the Daily Dot to a thread by a web developer outlining ongoing security vulnerabilities within Pillowfort. These include problems with how Pillowfort handles users’ passwords, concerns with data regulation compliance, and other “potentially destructive” concerns.
While Mr Pecu called Pillowfort “one of the most pleasant experiences” he’s had on a blogging site since Tumblr, he expressed concern for Pillowfort’s future.
“As much as I love Pillowfort and hope they succeed, they’ve hit quite a few bumps in their development, and I do worry about how they’re handling their security,” he told the Daily Dot. “I’m not gonna pretend like I know the ins and outs of web development. I’m just an X-rated webcomic artist lol, but I hope they pull their act together soon.”