Daily reminder that sites “protected” by cloudflare are effectively MITM attacks. HTTPS is now even more worthless. Cloudflare can see everything. this is a known fact and not a theory.

And if you think Cloudflare aren’t being tapped by the NSA, you’re sadly sadly naive.

All the “privacy respecting” sites use it too. So remember, as soon as you see that cloudflare portal page, you can assume that everything you plug into the site is property of NSA Inc. Trust no one, and do not trust code being served to you over the web if it comes through CF, there is no way to know what they’ve modified.

Edit: good info link below https://serverfault.com/questions/662946/does-cloudflare-know-the-decrypted-content-when-using-a-https-connection

  • cursed_technology@lemmy.world
    link
    fedilink
    English
    arrow-up
    66
    arrow-down
    4
    ·
    7 months ago

    CloudFlare is a huge danger to a free and open internet, in my opinion. I cringe every time I hear privacy-conscious people recommend it.

    • voxel@sopuli.xyz
      link
      fedilink
      arrow-up
      29
      arrow-down
      1
      ·
      7 months ago

      there’s no alternative tho, and by definition alternatives will have the same level of access…

      • SquiffSquiff@lemmy.sdf.org
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        1
        ·
        7 months ago

        Sure, there’s alternatives: Aws, Google cloud and Azure all have their own cdns if you want to use those

        • voxel@sopuli.xyz
          link
          fedilink
          arrow-up
          1
          ·
          edit-2
          7 months ago

          they don’t offer reasonable free tiers (I don’t have a reliable source of income and i just need it for hobby stuff) and I’m unable to sign up with either of those with my ukrainian credit card anyway (they all reject both my credit and debit cards)
          well i haven’t tried signing up for azure yet but I don’t have much hope

          also I don’t care about it’s cdn features, i need a dns server and a way to proxy ipv4 traffic over ipv6 (and cloudflare tunnels for ssh)

    • Scolding0513@sh.itjust.worksOP
      link
      fedilink
      arrow-up
      11
      arrow-down
      4
      ·
      7 months ago

      absolute fax

      I cannot begin to tell how pissed this makes me.

      Please for the love of all that is holy, do NOT call your site or yourself “privacy-respecting” or “privacy-oriented”, and then meet me with a Cloudflare MITM to knowingly and willingly give over everything i input in your site to NSA Inc.

      I’m sick to my stomach of all these orgs and companies and people talking about privacy, and then they constantly do all these kinds of things thst prove that they don’t actually care about privacy or anonymity or anything in between. They are Vipers and Snakes trying to make a quick dollar on a buzzword. It’s become sadly trite.

      We must return to the dark ages of p2p. The age of self-hosting, blockchain (the truly good parts like monero), ipfs, bittorrent, tor onions, i2p, any other p2p or decentralized network - these kinds of things are all that stands between us and internet controlled by a handful of NSA-worshipping megacorps.

      • Citizen@lemmy.ml
        link
        fedilink
        arrow-up
        3
        arrow-down
        1
        ·
        7 months ago

        This is why I like this community so much!

        I always learn from people like you!

        We discuss, sometimes we agree sometimes we don’t, but we speak our minds freely and come up with some neat solutions!

        Thank you!

        Its time to use the technology for the benefits of humans not against them!

        Let’s look into better solutions together!

    • Possibly linux@lemmy.zip
      link
      fedilink
      English
      arrow-up
      3
      ·
      7 months ago

      True but from what I can tell there isn’t much in way of alternatives as Cloudflare is huge.

      I wish Lemmy instances would find alternatives.

      • sip@programming.dev
        link
        fedilink
        arrow-up
        1
        ·
        7 months ago

        for a public platform, isn’t it kinda pointless? except for the clear text passwords… oh wait :/