bipface said:
gnuorange said:
At least the website doesn't use cloudflare...
>do a whois rule34.xxx
Shit
Name Server: WILL.NS.CLOUDFLARE.COM
Name Server: ROXY.NS.CLOUDFLARE.COM
Why is more than 1/3 of the internet under this horrible system.
ikr
you probably heard about
en.wikipedia.org/wiki/Cloudbleed ?
just waiting to see which ubiquitous internet service or library bleeds next …
More than just heard.
After the information was out and seing the impact of it (more than 4 million website on cloudflare)
github.com/pirate/sites-using-cloudflareWith some fellow sysadmins we investigated what was cloudflare further because we personally never had to use this kind of services that they promoted.
This is basically a copypasta from a image board but it resumes what we found and understood.
------------------------------
-cloudflare makes it extremely difficult for Tor users and users who disable javascript. This difficulty was originally just a simple CAPTCHA, that progressed into impossible CAPTCHAs (CAPTCHAs that would reject all answers).
-cloudflare arbitrarily bans whoever they want. Today, it is Tor users who disable javascript. Tomorrow, it could be all Firefox users, Gnu/Linux users, VPN users, Brazillians, Germans, Snowden supporters, filesharers, anons, children, women, homosexuals, Christians. The exact criteria doesn't matter, because it is completely at the whim of cloudflare.
-cloudflare completely breaks SSL
Standard SSL handshake
User -> website's key -> website
User <- User's key <- website
Only the User and the website can read or write data transferred over the HTTPS connection. Authenticity, integrity, confidentiality guarenteed by cryptography.
cloudflare's SSL version of it
User -> cloudflare's key -> cloudflare -> website's key -> website
User <- User's key <- cloudflare <- cloudflare's key <- website
cloudflare outright decrypts ALL CIPHERTEXT THAT PASSES THROUGH IT. cloudflare has COMPLETE ACCESS TO ALL PLAINTEXT. In other words, cloudflare in a Man-in-the-Middle (MitM) attack.
-cloudflare (untraceably) conducts internet surveillance
-cloudflare (untraceably) steals passwords: online banking, e-voting, internet connected devices, medical implants. If you have used a web frontend for server admin such as PHPMyAdmin, then cloudflare has your server's login password.
-cloudflare (untraceably) steals data: every file uploaded through cloudflare can be read by cloudflare.
-cloudflare can (untraceably) censor content
-cloudflare can implement an Acceptable Content Policy, denying access to any site that does not conform and censor content.
-Word filter
-Copyright detection
-Deep-packet inspection
-Per-user censorship
-cloudflare can (untraceably) tamper with content
-JS exploit injection
-Altering downloaded executables
-Misattributing words
-Framing users for sending data that they did not send.
Untraceably, because unlike a standard MitM, which can always be detected by saving and comparing public keys between sessions, cloudflare is always in the middle and is always either forging a fake public key or even TAKING YOUR PRIVATE KEY.
-cloudflare centralizes the internet, creating a single point of failure. If cloudflare goes down, every server routing through them goes down.
-cloudflare does not actually protect against hacking. They can be bypassed using any proxy other than Tor, let alone nation-state botnets of hundreds of millions of compromised systems.
-cloudflare costs money. You are paying for the privilege of giving away your domain, SSL key and server traffic to a third party.
The rational conclusion to the above would be that cloudflare is attempting to consume the entire internet, like cancer.
As cloudflare is a US corporation, which appeared out of nowhere with more bandwidth and better hardware than most ISPs and has rapidly spread across the internet, it is highly likely they are an NSA front designed to completely take over the internet. Use cloudflare or be DDoS'd, that is the definition of a protection racket. Do not let them succeed, if you value the internet.
------------------------------
That last part about CIA/NSA is just speculation but in our sad times it is possible.
We disused this in private with security researchers and they are well aware of what cloudflare can do, they even showed us that it's even possible to rehash any data and inject malicious code. They explained that it already happened to BSD several years ago which was surreal to hear because that day they lost a lot of friends.
For now I am looking for solutions try to warn people their and that.
The only promising solution that some anon presented was gnunet which is pretty interesting.
Anyway
Have a good day m8