this post was submitted on 08 Jun 2024
244 points (89.1% liked)

Privacy

32109 readers
831 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
244
The Cloudflare Poison (sh.itjust.works)
submitted 5 months ago* (last edited 5 months ago) by Scolding0513@sh.itjust.works to c/privacy@lemmy.ml
 

Daily reminder that sites "protected" by cloudflare are effectively MITM attacks. HTTPS is now even more worthless. Cloudflare can see everything. this is a known fact and not a theory.

And if you think Cloudflare aren't being tapped by the NSA, you're sadly sadly naive.

All the "privacy respecting" sites use it too. So remember, as soon as you see that cloudflare portal page, you can assume that everything you plug into the site is property of NSA Inc. Trust no one, and do not trust code being served to you over the web if it comes through CF, there is no way to know what they've modified.

Edit: good info link below https://serverfault.com/questions/662946/does-cloudflare-know-the-decrypted-content-when-using-a-https-connection

you are viewing a single comment's thread
view the rest of the comments
[–] TimLovesTech@badatbeing.social 3 points 5 months ago

Agreed, it can work for those wanting to be an admin (and know enough to be "dangerous"). I think the bigger issue comes when you want to open services to the internet, because unless you are an admin you probably don't want to do that without a proxy (and possibly firewall) of some kind in front of your home network. Which is kinda what I was thinking with this anti-Cloudflare post. If you are interacting with the Internet you have to trust a network and hardware outside of your own. And I think it's naive to fear the 3-letter orgs being inside Cloudflare, and then thinking that putting your data in a datacenter you don't control is any "safer".

I think ultimately if the 3 letter groups want your data that bad because you're on some list, I think the internet as a whole is something you should probably be avoiding anyways. And for randoms, if they are sweeping up data like that you can be sure they would do it at more than just Cloudflare.