Cloudflare can intercept and modify all data sent to and from the Hexbear servers(www.tyil.nl)

posted 4 years ago

This part seems pretty pertinent to this site considering its political nature:

Cloudflare poses a huge risk by completely breaking the TLS/SSL chain used by browsers by setting itself up as a man in the middle. Cloudflare doesn’t do actual DDoS protection, they just make the request to the origin server for you. Once they have received the data, they decrypt it and re-encrypts it with their own certificate. This means that Cloudflare has access to all requests in plain text and can optionally modify the data you see. TLS/SSL is meant to prevent this very issue, but Cloudflare seems to care very little.

If we would consider Cloudflare to be a benevolent entity and surely never modify any data ever, this is still an issue. Much data can be mined from the plain text communications between you and the origin server. This data can be used for all kinds of purposes. It is not uncommon for the USA government to request a massive amount of surveillance information from companies without the companies being able to speak up about it due to a gag order. This has become clear once more by the subpoena on Signal. It should be clear to anyone that end-to-end encryption has to be a standard and implemented properly. Cloudflare goes out of its way to break this implementation.

Considering that this site uses Cloudflare, I don’t think it would be great if the feds could intercept all of our passwords and impersonate us.

Sort:

Hot Top Controversial New Old

You are viewing a single thread.

View all comments

[ - ]

LaBellaLotta [any]@hexbear.net

6 points

4 years ago

This seems bad but I mean I’m sure most of us are heavily compromised. They know you folks.

permalink

report

libre

!libre@hexbear.net

Create post

Welcome to libre

A comm dedicated to the fight for free software with an anti-capitalist perspective.

The struggle for libre computing cannot be disentangled from other forms of socialist reform. One must be willing to reject proprietary software as fiercely as they would reject capitalism. Luckily, we are not alone.

Resources

Free Software, Free Society provides an excellent primer in the origins and theory around free software and the GNU Project, the pioneers of the Free Software Movement.
Switch to GNU/Linux! If you’re still using Windows in $CURRENT_YEAR, flock to Linux Mint!; Apple Silicon users will want to check out Asahi Linux.

Rules

Be on topic: Posts should be about free software and other hacktivst struggles. Topics about general tech news should be in the technology comm or programming comm. That doesn’t mean all posts have to be serious though, memes are welcome!
Avoid using misleading terms/speading misinformation: Here’s a great article about what those words are. In short, try to avoid parroting common Techbro lingo and topics.
Avoid being confrontational: People are in different stages of liberating their computing, focus on informing rather than accusing. Debatebro nonsense is not tolerated.
All site-wide rules still apply

Artwork

Xenia was meant to be an alternative to Tux and was created (licensed under CC0) by Alan Mackey in 1996.
Comm icon (of Xenia the Linux mascot) was originally created by @ioletsgo
Comm banner is a close up of “Dorlotons Degooglisons” by David Revoy (CC-BY 4.0) for Framasoft

Community stats

1
Monthly active users
672
Posts
2.6K
Comments

Welcome to libre

Resources

Rules

Artwork

Community stats

Community moderators