Daily reminder that sites “protected” by cloudflare are effectively MITM attacks. HTTPS is now even more worthless. Cloudflare can see everything. this is a known fact and not a theory.

And if you think Cloudflare aren’t being tapped by the NSA, you’re sadly sadly naive.

All the “privacy respecting” sites use it too. So remember, as soon as you see that cloudflare portal page, you can assume that everything you plug into the site is property of NSA Inc. Trust no one, and do not trust code being served to you over the web if it comes through CF, there is no way to know what they’ve modified.

Edit: good info link below https://serverfault.com/questions/662946/does-cloudflare-know-the-decrypted-content-when-using-a-https-connection

  • Harrison@infosec.pub
    link
    fedilink
    arrow-up
    12
    arrow-down
    7
    ·
    7 months ago

    I’m all for healthy paranoia, keeping my attack surface small. That’s just professional IT ops.

    Incendiary statements like saying US intelligence compromised the supply chain with hidden backdoors, those really do need to be substantiated to not sound like a crazy uncle. Our adversaries have counterintelligence also, they aren’t incompetent, and if Cisco or Juniper or whatever planted backdoors in hardware shipped to China, the Chinese would make a ton of noise about it. And so would we; Huawei was banned without any substantiated proof, out of fears that if used, their 5G infra could have hidden backdoors and the hardware would be so widely distributed that it would be onerous to replace.

    • TechNerdWizard42@lemmy.world
      link
      fedilink
      arrow-up
      11
      arrow-down
      4
      ·
      edit-2
      7 months ago

      There is substantiated proof of Cisco and Juniper switches having US government backdoors through the management ports. They also have the capability of decrypting everything that passes through them and mirroring to an external host.

      I cannot say any more other than you will find that the NSA continuously denied all the backdoors that global security researchers were finding and Cisco denied putting them in. You will also find in leaked Snowden documents absolute proof that the NSA was behind it and did implement the backdoors and they do exist and work.

      I at the time being a lowly semiconductor designer with access to unreleased networking gear from the big guys, cannot say anything about what I know those spying piece of shit devices do. But I will say, go look up the Snowden documents. They speak louder than any random on the internet.

      And China has made a stink. It’s one reason their great fire wall is setup. It does somewhat prevent citizens from using western tools, but they know they do and really don’t care much. What it really is, is a way to monitor everything in and out. All the edge is Chinese hardware, no backdoors for the five eyes. Those prevent the backdoors, that are known or theorized, to be used. So essentially they are backdoored equipment inside a security fence that disallows the backdoor to establish a connection. Bad actors from within could make this bad for China. Or very very tricky phone home algorithms, but you have to be careful how it’s implemented in unfriendly territory.

      Most of the other countries just don’t give a crap. If the Ivory Coasts data is being spied on by the 5 eyes or China, they don’t care. Nobody cares about them either. It’s just the sad state of world power. Those that care, have a side.

      • Possibly linux@lemmy.zip
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        2
        ·
        7 months ago

        Did you seriously just say that the Chinese firewall is to prevent backdoors? Fun fact, it isn’t. It is a censorship and control tool that keeps the Chinese people from seeing anything but the official narrative.

        I do agree that hardware backdoors are bad though regardless of the country. We need more transparency so that multiple parties are monitoring for bad activity.

        • NuclearDolphin@lemmy.ml
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          1
          ·
          7 months ago

          You’re both completely wrong. This is the narrative the five eyes and three letters need you to believe.

          More important and more funded than domestic spying, US intelligence exists to facilitate regime change. The objective is to have both dragnet and targeted surveillance to obtain leverage (for strategic leverage, blackmail, or comms interception) over foreign political, social, and business leaders so they can maximize the unequal exchange between the US & developing countries.

          Keeping Africa, South America, the Middle East, and South East Asia from developing through political and social instability not only prevents them from competing with US exports, but more importantly keeps their economies dependent on natural resource exports, which they need to sell for cheap because they are dependent on technology imports.

          China as a manufacturing powerhouse threatens these unequal trade arrangements by supplying these undeveloped or developing countries with manufactured goods and technology, and thus is one of the primary targets of US covert regime change operations. (Also why you see news media crying bloody murder about China’s “dept trap diplomacy”). Much of this also applies to other developing powers that resist being imperialized or oppose US geopolitical goals like the USSR/Russia and Iran.

          So purpose #1 of the great firewall is to prevent the US from controlling its social and technology sphere and using it to cause instability.

          Purpose #2 is economic protectionism for China’s high tech sector. China knows that as long as it remains primarily industrial / low tech manufacturer, it will always be threatened by US intervention.

          By moving to high tech, China can eliminate its reliance on Western technology imports, eliminate threat vectors for adversaries to slip in, and let other rising nations like Vietnam, Brazil, Malaysia, and Mexico take some of the heat off them by outsourcing its manufacturing there. China also gets to benefit by having cutting edge tech that will benefit its public health, increase education levels, strengthen its military, and form the basis of its post-industrial economy.

          China “enforcing the official narrative” insofar as controlling public opinion is of far lower importance than denying the west avenues to destroy its society. China is incredibly diverse and a quick peek into Chinese social media reveals no shortage of western culture fetishizers, religious quacks, conspiracy theorists, anti-vaxxers, capitalist enthusiasts, shit talkers about political figures, and people pushing back on “the official narrative”. VPN usage is widespread. People read, share, and meme western news and social media.

          Yes they censor posts, no they don’t do that great of a job at it…because the goal isn’t censorship, its about denying the West the ability to exploit discontent to destabilize the country.

          See also:

          • Tibet in the 50s & 60s (notice the gap here, when the US thought China would be a useful bludgeon against the Soviet Union & allies)
          • Student protests in 1989
          • Honk Kong in 2019
          • Xinjiang when the US was in Afghanistan
          • Taiwan tensions and weapons sales ramping up now

          All of these being natural internal tensions exploited with great effort and to great effect by the US through mass media campaigns, radicalizing extremist and separatist groups, weapons transfers, and direct involvement in helping people commit violence.

          And the US isn’t Russia buying $10 million worth of Facebook ads and running not farms, this is the most developed, most funded, and most sophisticated intelligence apparatus in history. One so large, people with an interest in politics and spying, cannot name all the publicly known agencies without missing 5-10.

          You can quote me on this, if the US were to fall in the coming decades, the firewall would also fall within the year. Though, I suspect the US will just languish with internal infighting once the petrodollar loses reserve currency status and China takes the firewall down around 2035 once there aren’t powers posing a credible threat to its security.

          • Possibly linux@lemmy.zip
            link
            fedilink
            English
            arrow-up
            1
            arrow-down
            2
            ·
            7 months ago

            You can tell your self what ever you want but China still attacks journalists. You can’t even get on Reddit in China or use Signal or other encryption. It has nothing to do economic prosperity or anything like that. China is an authoritarian government who doesn’t want to lose control.

            • NuclearDolphin@lemmy.ml
              link
              fedilink
              English
              arrow-up
              1
              ·
              7 months ago

              You can’t even get on Reddit in China

              Oh no, the horror!

              Signal or other encryption

              Weird, that’s how I kept in contact with my family when I was there.

              It has nothing to do economic prosperity or anything like that

              plugs ears LA LA LA LA LA

              China is an authoritarian government who doesn’t want to lose control.

              wet_fart_noise.flac

    • Possibly linux@lemmy.zip
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      1
      ·
      7 months ago

      There is a ton a proof of Chinese hardware backdoors. It started with some dude wondering what a particular chip on the board did.

      • TechNerdWizard42@lemmy.world
        link
        fedilink
        arrow-up
        7
        arrow-down
        1
        ·
        7 months ago

        Same reason why Teslas are banned on Chinese military bases. Data goes back to US servers that are accessible by the US government at any time.

            • Possibly linux@lemmy.zip
              link
              fedilink
              English
              arrow-up
              1
              arrow-down
              2
              ·
              7 months ago

              The different in the US is that the US constitution grants US citizens protection and protects against totally tyrany. It is very much not perfect and the US is full of problems but at the end of the day I can still have my own beliefs without being in danger. Mass surveillance is very dangerous and I think it is a violation of what the US should stand for but the US still protects freedom.

              Also I do not think the US should be compared to China. At the end of the day two wrongs do not make a right. We should uphold strong ethics and be champions of individual freedom and democracy. We should challenge anything that we disagree with as the people need to be active in the government. If you challenge the state party in China you will be jailed or worse.

              The US has some dark history but we don’t bury it. Think slavery, Asian interment camps and South American conquest.

              • TechNerdWizard42@lemmy.world
                link
                fedilink
                arrow-up
                1
                arrow-down
                4
                ·
                7 months ago

                Lol that piece paper is not a god. It’s useless jibberish written by traitors starting a now failed nation.

                You have no rights in the USA. Everything you’re granted as a right, you are also denied as a right by other laws. It’s the playbook of a tyrannical society. Name ANY law that you have a right to, and then look up to find another law taking that exact right away from you.

                Just like a tyrannical society, you’re guaranteed nothing. But you can fly under the radar if you agree with the political powers that be. Which is no different than any country at any point in history.