[a / b / c / d / e / f / g / gif / h / hr / k / m / o / p / r / s / t / u / v / vg / vm / vmg / vr / vrpg / vst / w / wg] [i / ic] [r9k / s4s / vip / qa] [cm / hm / lgbt / y] [3 / aco / adv / an / bant / biz / cgl / ck / co / diy / fa / fit / gd / hc / his / int / jp / lit / mlp / mu / n / news / out / po / pol / pw / qst / sci / soc / sp / tg / toy / trv / tv / vp / vt / wsg / wsr / x / xs] [Settings] [Search] [Mobile] [Home]
Board
Settings Mobile Home
/g/ - Technology

[Advertise on 4chan]


Thread archived.
You cannot reply anymore.


[Advertise on 4chan]


File: alert.png (33 KB, 810x393)
33 KB
33 KB PNG
Holy shit based!
>>
I have to believe that the anti-Cloudflare FUD is just angry skiddies who want to DDoS people's servers to feel like 'hackers' at this point.
>>
>>83828727
yeah it's not like having 90% of the internet rely on a single point of failure would cause any issues
>>
>>83828639
even they told you to go back
>>
>>83828727
maybe it's also because routing the majority share of the internet off a single load balancer glows like a LED.
>>
>>83828772
>single point of failure.

Real interesting idea here.
Got me thinking.
have a (You) because I haven't decided whether the benefits of CF outweigh the costs of centralizing behind their management.
>>
>>83828727
Why do you have to believe that?
>>
>>83828639
I wish but all web devs without exception are so utterly retarded. They will go in a udemy course and "learn" about MIT attacks then go use cloudlfare without seeing any problems
Seriously, just how many security "experts" would something like cloudflare have to pass ? it's like every company having a website, every web code monkeying on the keyboard, every browser vendor, every academic... I don't any of those niggers ever even question cloudlfare
>>
>everything your send and receive
What did pajeet mean by this?
>>
>>83828727
>t. Cloudflare mobster
Go back to threatening website with DDOS if they don't pay for your service.
>>
>>83828895
Bob and vagena pics of course dummy
>>
cloudflare uses https. nothing is in plain text, nube

FUD alert, move along
>>
>>83828895
>What did pajeet mean by this?
you ssl to the cloudflare, then cloudflare proxy to the orginal server

your https ends at cloudflare
>>
>>83828639
CF is literally owned by the US government

>>83828916
they are the ones managing the encryption, retard
>>
File: cloudflare_ssl.png (13 KB, 302x277)
13 KB
13 KB PNG
>>83828916
they get the request(plain) then proxy it to the orginal server
>>
>>83828727
This, nobody has actually good point against them besides
>MUH MONOPOLY
>>
>>83828916
Well, I'm not sure how cloudfare operates since I have no need for load balancing for my personal website, but what the message implies is that the https certificate you receive comes from cloudfare, meaning the encryption only goes from you to their servers and the rest of the way between cloudfare servers and the website you visit could be plain text. However, i can neither deny nor confirm if cloudfare really operates like this. Personally, i believe it's highly unlikely that such a security risk would exist but then again you never know...
>>
>>
>>83829004
"Full" is mitm enabled kek
Also why not use strict?
>>
>>83828984
yea if youre not using full SSL

might as well say "dont use a safe, because if you keep it unlocked a bad actor could open it". YEA WELL MAYBE DONT KEEP IT UNLOCKED THEN DIPSHIT

FUD alert, move along
>>
File: 1631447936771.gif (513 KB, 700x394)
513 KB
513 KB GIF
>>83829035
>FUD alert, move along
Cloudflare has a full view of the request.
>>
>>83829026
Not that I care at this point, but it's the same as full, the only change is you have to pay for certificate.
>>
>>83829004
>>83829035
>>83828993
the ssl is between you and cloudflare and then between cloudflare and the server. This means cloduflare can read ALL traffic (including passwords, usernames, emails) even with their badly named "fully strict mode" (which doesn't actually do anything other than make it impossible for other people to Mitm other than cloudflare itself)

all of cloudflare's options are mitm regardless of how secure they sound

>"Cloudflare, as a proxy, decrypts your traffic internally to do what Cloudflare does, and then re-encrypts it for your visitors."
>The only way to “disable” this on Cloudflare is to sign up for an Enterprise plan and use Spectrum to tunnel plain TCP packets. In this case each request will be forwarded as-is to your origin.
>"Everything else (even with “Full strict” on, which actually is a good choice and the only way to properly secure the connection, apart from the decryption on the proxies) will have the request decrypted on the proxy side and then re-encrypted before it is sent on to your origin. Without that, most of Cloudflare’s features would not be possible."
https://community.cloudflare.com/t/does-cloudflare-proxy-servers-decrypt-my-data/145691
>>
>>83829143
btw cannot your hosting provider also collect all the request data? afterall all the encryption is done at his infrastructure
>>
>>83829219
Yes that is true. Hosting on your own hardware is the best option for privacy

>>83829238
he means your VPS provider, and yeah they can read right off your ram if they wanted.
>>
>>83829219
nvm i thought you meant "internet provider"
>>83829238
>>
>>83829238
lets say you rent virtual server
then the provider with local access can do whatever he want, no?
>>
>>83829276
>eagle
for you it's friend, friend
>>
>>83829269
Yeah, I misread that as ISP, sorry. Of course the hosting provider can read everything. The point is, you can still trust the hosting (or own it), but trusting cloudflare is a whole different level of retardation.
>>
>>83829300
>trust the hosting
sadly the internet is close to monopoly at $current year
>>
>>83829319
My site is hosted on a 15 y.o. laptop.
>>
>>83828639
IM TALKIN WITH THE MAN IN THE MIDDLE !

IM ASKIN HIM TO CHANGE HIS WAYS !
>>
>>83829362
based, have you had any ddos problems?
>>
How is this a problem again? And don't say a word about actual man-in-the-middle attacks
>>
>>83828639
Is this Firefox or something? I thought they were friends with Cloudflare given the whole DNS over HTTPS thing
>>
>>83829035
if you are, you still have to give them your certs, which means they still proxy all the (cleartext) traffic, dumbass. otherwise, what is even the point of CF? how would they stop attacks?
they CAN and DO read all traffic that passes through them.
>>
>>83829423
cloudflare can read your usernames, passwords, and content you consume/upload across almost the entirety of the internet
>>
>>83829545
Authentication is never served through a CDN. There's always a dedicated authentication server (or service) that handles it
>>
>>83828772
>yeah it's not like having 90% of the internet rely on a single point of failure would cause any issues
Pffffthsrahahahahahahahahahaha
cloudflare, a single point of failure wuhahahahahahahaha
Next time you research how the internet works, stop looking at the pictures and ask someone who can read to tell you what the words mean
>>
>>83829664
it is when the server wants DDOS protection
>>
>>83829724
yeah haha because only the network structure matters not like having one entity control it all is a single point haha not like the whole network has never gone down before hahaha
>>
>>83829724
two weeks ago you would have told me that Facebook isn't a single point of failure
>>
>>83829724
Are you being pedantic on purpose or just a glownigger?
Single point == single company
Even then, relying on their local datacenters is still a form of centralization.
>local cdn goes down
>half the internet becomes inaccessible to tech illiterates
Fuck off retard.
>>
File: 1631699401860s.jpg (10 KB, 226x223)
10 KB
10 KB JPG
>>83829824
>>
>>83829778
You can't find a single service on the face of the Earth that does that.
>>
>>83828772
Then the problem is not that a CDN exists, it's that more CDNs do not exist.
>>
>>83829480
Obiously some kind of fork, as the language is very direct and to the point.
Regular Firefox has that clean content-free corpo lingo that always assures you how private everything is even while you're getting sold to Google for accessing the addons page.
>>
File: 1608627030517.png (37 KB, 397x354)
37 KB
37 KB PNG
Large parts of internet have a MITM and nobody seems to care. Even 4chan is part of it (sup NSA).
>>
File: 4chins.png (2 KB, 329x112)
2 KB
2 KB PNG
>>83830105
>>
Why does /g/ have such a high rate of glowniggers?
>>
File: 1630701434420.jpg (523 KB, 1200x675)
523 KB
523 KB JPG
>>83830245
>schizophrenics
>>
>>83829219
They'd have to backdoor your OS, they wouldn't just be seeing cleartext packets going across the interface.
>>
>>83829837
>Single point == single company
Nope, not what single point of failure means
>>
>>83830321
>They'd have to backdoor your OS
I mean server owner that you rent virtual server from, he has local access, aka full control.
>>
>>83830303
Nice try COINTELPRO.
>>
>>83830380
Yes, but he'd have to do that within the guest OS, by default the host OS would only see encrypted packets and wouldn't be able to decrypt them.
The likelyhood they've set up the guest OS to do that is very unlikely since it'd use a lot of resources and wouldn't be very difficult to discover to someone who knew what they were doing.
>>
>>83830462
not an expert, and I don't imply that they actually do it, but
it should be doable with hypervisor and some listeners on apache's requests for guest processes
>>
>>83828639
Just wait until the first big story of CF willingly handing over request data at the first subpoena they get issued. all you CF shills will scatter like cockroaches
>>
>>83828916
retard alert
>>
>>83830614
>retard alert
now that was a game
>>
>>83828727
Endless hcaptcha on some sites and being unable to wget
>>
File: 1633069030605.gif (3.38 MB, 310x310)
3.38 MB
3.38 MB GIF
>>83828993
>>
>>83830303
Who gives a shit about your orange bad boogeyman, it's been a year already also not a burger
>>
>>83830638
I'm not sure if it'll work with wget, but with curl I just give it a useragent to use in the config file and I never have any problems with it.
>>
File: picard-laughing(1).jpg (500 KB, 1007x1080)
500 KB
500 KB JPG
>>83828793
>>
>>83830586
>two posts ago: HAHA TRUMP LOST CHUD WHAT WILL YOU DO?
>not obsessed with cheeto like some kind of rape victim
>>
>>83830673
Well for example on warosu that didn't help. I would have to pass the access cookie to it as well apparently but idk how to. Fortunately there are better alternatives
>>
>>83830687
>schizo
>still traumatized by le red hat man
We're not burgers or Republicans. Privacy is a human right so quit being a fucking bootlicker leftard.

>REEE TAKE UR MEDS REEE
I don't need meds and you don't need to be a spastic
>>
>>83830724
>everyone is american
dumbass
>>
File: 1628904079790.png (338 KB, 785x854)
338 KB
338 KB PNG
Everyone STOP!
How is MAGA correlated with cloudflare being antiprivacy by design?
>>
>>83830765
Nobody cares about your country except yourselves.
>>
>>83829362
Based, I had no problems selfhosting and even if it was true all I need to do is to block all US connections temporarily.

>>83830724
I'm criticizing him for seething over Trump, don't reply to me.
>>
>>83829362
My site is hosted on a spoiled jar of mayo
>>
>>83830690
Using cookies is just
--load-cookies /path/to/file
>>
>>83830448
we don't need goggles
>>
>>83830799
I am annoyed at a thread about technology being derailed into a thread about American politics nobody cares abotu besides Americans. You are a faggot.
>>
>>83830830
fuck off
>>
>>83830830
Reminder that you have no friends and will never have sex. You will die alone and a virgin. Your spam folder will not hug you, it will bit rot away.
>>
File: unsafe code.png (49 KB, 998x648)
49 KB
49 KB PNG
why are MIGAlets flooding our board?
>>
File: 1632681081695.jpg (31 KB, 321x526)
31 KB
31 KB JPG
>>83830830
>>83830839
>>83830847
classic glow derail
>>
File: zion don.jpg (98 KB, 992x744)
98 KB
98 KB JPG
>>83830847
>>83830874
have your numbers really started dwindling so low that you need to resort to samefagging? this is quite entertaining ngl
>>
File: liberal media bias.jpg (252 KB, 1800x2700)
252 KB
252 KB JPG
>>83830903
my opsec is fine, i haven't trusted the government since 2001

i sure as hell am not going to trust a bunch of redditors defending orangeman for his autism though
>>
File: 1634173615971.png (371 KB, 442x457)
371 KB
371 KB PNG
>>83830883
>>
>>83829824
And I'll still tell you that.
I didn't even realise it's down until someone told it to me a couple of hourse after it died. If you live in a 5th world country that actually does use FB for literally everything that's on you.
>>
>>83830954
>>83830957
This is a board about TECHNOLOGY.
You outed yourself as a ban diaspora newfag now fuck off.
>>
File: 1629423659816.png (18 KB, 640x400)
18 KB
18 KB PNG
So your point is that CloudFlare is Democrat or Republican?
>>
>>83830865
trump is a kike puppet who had his election stolen by biden, the chink puppet
>>
>>83829143
What the fuck. How is this legal?
>>
>>83831167
The site owner agrees to it
>>
>>83829724
I fucking hate you tourist niggers
>>
File: 1629415792809.png (28 KB, 902x735)
28 KB
28 KB PNG
>>83831167
>What the fuck. How is this legal?
do you even read agreements
>>
>>83831248
rude
>>
File: dunked on.png (195 KB, 500x500)
195 KB
195 KB PNG
>>83831119
>>83831099
>>83831078
>>83831015
>>83830957
>>83830903
>>83830839
>>83830754
>>83830622
holy obsessed
>>
>>83830980
what does your country use
>>
>>83831281
retarded post, based webm
>>
how can I get that notification in my browser?
>>83828639
>>83829959
>>
>>83828639
Is this firefox?
>>
>>83828984
>using cloudflare without full SSL
Yeah sounds like pajeet FUD. Any site not using end-to-end SSL in 2021 is poo in loo shit
>>
>>83831401
it is decrypted on cloudflare, then encrypted again on request
cloudflare actually sees your shit on plain text
notice the lock doesnt go over cloudflare as well
>>
File: 1628546067614.gif (667 KB, 278x228)
667 KB
667 KB GIF
>>83831401
>Yeah sounds like pajeet FUD.
>can't read a basic diagram
>>
Damn you glowies did a number on this thread trying to derail it, that only gives further evidence that CF is a MITM.
>>
>>83831307
Some use FB, some use VK, some don't bother with either. The only downside is that you also need like a dozen chat apps since a lot of people use different ones.
>>
>>83828639
So what's the solution? Just stop using sites with cloudflare?
>>
>>83831528
avoid putting sensitive info and complain to the site owners
>>
File: 1633017892748.jpg (16 KB, 320x320)
16 KB
16 KB JPG
>>83831528
>Just stop using sites with cloudflare?
>>
cloudflare is nsa simple as
>>
File: 1628886680694.jpg (38 KB, 960x641)
38 KB
38 KB JPG
>>83831475
>Damn you glowies did a number on this thread trying to derail it, that only gives further evidence that CF is a MITM.
so much this
>>
>>83828772
sometimes is hard to tell if people are shilling or just braindead.
>>
>>83828866
We're making practical, pragmatic decisions.
The probability of issues (leaks or whatever else) caused by cloudflare is low compared to the mitigated risk of intrusion attempts and DDOSing that it provides.
If we're as retarded as you suggest, you probably shouldn't trust that we've secured SSH properly and haven't left interesting debug ports open, right?
If I just configure my provider-level firewall to only allow access from Cloudflare's IP range, it sidesteps such risks to a considerable degree.
>>
>>83831528
there is no solution, but being aware of the threat picture is critically important - plenty of people, most of which consider themselves savvy, think "oh neat ssl lock means only the host can read my shit". which is not the case.

something to consider is always who and why. who is driving cloudflare adoption, and what do they hope to gain from it?

well, the main advantage of cloudflare is that you mitm half the fucking internet. so, we're looking for actors who are both able and significantly interested in that - and who wish to do so quietly. if this was microsoft doing it just for ad mining you can bet your ass it would be called Microsoft(tm) Cloudflare(tm)(r) for Teams Enterprise Edition rather than just "hey kid, want free candy? just run this program, we're not affiliated with anyone promise".
>>
no one ever got fired for leaking all their customer data to the NSA
>>
>>83831700 (Me)
Also- the days of your request going directly to on-prem servers are long gone. Your request's path probably goes something like this
>you
>cdn
>provider loan balancers/firewall
>kubernetes ingress/lb
>host machine/VPS
>nginx/caddy/apache/whatever
>service
>whatever third-party APIs my service passes your data onto, and all the network providers in THEIR chain
TLS termination might happen more than once in this chain. But even if you ensure it only happens once, you still have to trust someone, somewhere. Even if you ARE entirely on-prem you have to trust everyone that has physical access to the machines, the manufacturers, etc.
>>
File: 1631647875837.gif (1.48 MB, 328x328)
1.48 MB
1.48 MB GIF
>>83831727
>well, the main advantage of cloudflare is that you mitm half the fucking internet
>get's all the requests, your ip, your fingerprint
it could potentially connect your whole web activity with you, quite useful, ngl
>>
>>83828727
doesnt L7 attacks work good on websites behind CDN?
>>
File: shameless.png (34 KB, 892x101)
34 KB
34 KB PNG
This is the first google result for cloudflare mitm btw. The shills are shameless.

> equating lack of CDN to lack of encryption
>>
>>83832579
>b-but without cdns you won't be able to use https because isps can't cache https content!!
>>
>>83828639
You gonna tell us what version of Firefox that is or...?

Also: https://github.com/traktofon/cf-detect

Cloudflare
>>
>>83832882
this will never be in firefox
or any other globohomo browser
obviously a fork
>>
>>83831700
Do your users know how hard you've fucking their inalienable right to privacy?
>>
>>83828639
How do I get this?



Delete Post: [File Only] Style:
[Disable Mobile View / Use Desktop Site]

[Enable Mobile View / Use Mobile Site]

All trademarks and copyrights on this page are owned by their respective parties. Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.