Holy shit based!
I have to believe that the anti-Cloudflare FUD is just angry skiddies who want to DDoS people's servers to feel like 'hackers' at this point.
>>83828727yeah it's not like having 90% of the internet rely on a single point of failure would cause any issues
>>83828639even they told you to go back
>>83828727maybe it's also because routing the majority share of the internet off a single load balancer glows like a LED.
>>83828772>single point of failure.Real interesting idea here.Got me thinking.have a (You) because I haven't decided whether the benefits of CF outweigh the costs of centralizing behind their management.
>>83828727Why do you have to believe that?
>>83828639I wish but all web devs without exception are so utterly retarded. They will go in a udemy course and "learn" about MIT attacks then go use cloudlfare without seeing any problemsSeriously, just how many security "experts" would something like cloudflare have to pass ? it's like every company having a website, every web code monkeying on the keyboard, every browser vendor, every academic... I don't any of those niggers ever even question cloudlfare
>everything your send and receiveWhat did pajeet mean by this?
>>83828727>t. Cloudflare mobsterGo back to threatening website with DDOS if they don't pay for your service.
>>83828895Bob and vagena pics of course dummy
cloudflare uses https. nothing is in plain text, nubeFUD alert, move along
>>83828895>What did pajeet mean by this?you ssl to the cloudflare, then cloudflare proxy to the orginal serveryour https ends at cloudflare
>>83828639CF is literally owned by the US government>>83828916they are the ones managing the encryption, retard
>>83828916they get the request(plain) then proxy it to the orginal server
>>83828727This, nobody has actually good point against them besides>MUH MONOPOLY
>>83828916Well, I'm not sure how cloudfare operates since I have no need for load balancing for my personal website, but what the message implies is that the https certificate you receive comes from cloudfare, meaning the encryption only goes from you to their servers and the rest of the way between cloudfare servers and the website you visit could be plain text. However, i can neither deny nor confirm if cloudfare really operates like this. Personally, i believe it's highly unlikely that such a security risk would exist but then again you never know...
>>83829004"Full" is mitm enabled kekAlso why not use strict?
>>83828984yea if youre not using full SSLmight as well say "dont use a safe, because if you keep it unlocked a bad actor could open it". YEA WELL MAYBE DONT KEEP IT UNLOCKED THEN DIPSHITFUD alert, move along
>>83829035>FUD alert, move alongCloudflare has a full view of the request.
>>83829026Not that I care at this point, but it's the same as full, the only change is you have to pay for certificate.
>>83829004>>83829035>>83828993the ssl is between you and cloudflare and then between cloudflare and the server. This means cloduflare can read ALL traffic (including passwords, usernames, emails) even with their badly named "fully strict mode" (which doesn't actually do anything other than make it impossible for other people to Mitm other than cloudflare itself)all of cloudflare's options are mitm regardless of how secure they sound>"Cloudflare, as a proxy, decrypts your traffic internally to do what Cloudflare does, and then re-encrypts it for your visitors.">The only way to “disable” this on Cloudflare is to sign up for an Enterprise plan and use Spectrum to tunnel plain TCP packets. In this case each request will be forwarded as-is to your origin.>"Everything else (even with “Full strict” on, which actually is a good choice and the only way to properly secure the connection, apart from the decryption on the proxies) will have the request decrypted on the proxy side and then re-encrypted before it is sent on to your origin. Without that, most of Cloudflare’s features would not be possible."https://community.cloudflare.com/t/does-cloudflare-proxy-servers-decrypt-my-data/145691
>>83829143btw cannot your hosting provider also collect all the request data? afterall all the encryption is done at his infrastructure
>>83829219Yes that is true. Hosting on your own hardware is the best option for privacy>>83829238he means your VPS provider, and yeah they can read right off your ram if they wanted.
>>83829219nvm i thought you meant "internet provider">>83829238
>>83829238lets say you rent virtual serverthen the provider with local access can do whatever he want, no?
>>83829276>eaglefor you it's friend, friend
>>83829269Yeah, I misread that as ISP, sorry. Of course the hosting provider can read everything. The point is, you can still trust the hosting (or own it), but trusting cloudflare is a whole different level of retardation.
>>83829300>trust the hostingsadly the internet is close to monopoly at $current year
>>83829319My site is hosted on a 15 y.o. laptop.
>>83828639IM TALKIN WITH THE MAN IN THE MIDDLE !IM ASKIN HIM TO CHANGE HIS WAYS !
>>83829362based, have you had any ddos problems?
How is this a problem again? And don't say a word about actual man-in-the-middle attacks
>>83828639Is this Firefox or something? I thought they were friends with Cloudflare given the whole DNS over HTTPS thing
>>83829035if you are, you still have to give them your certs, which means they still proxy all the (cleartext) traffic, dumbass. otherwise, what is even the point of CF? how would they stop attacks?they CAN and DO read all traffic that passes through them.
>>83829423cloudflare can read your usernames, passwords, and content you consume/upload across almost the entirety of the internet
>>83829545Authentication is never served through a CDN. There's always a dedicated authentication server (or service) that handles it
>>83828772>yeah it's not like having 90% of the internet rely on a single point of failure would cause any issuesPffffthsrahahahahahahahahahahacloudflare, a single point of failure wuhahahahahahahahaNext time you research how the internet works, stop looking at the pictures and ask someone who can read to tell you what the words mean
>>83829664it is when the server wants DDOS protection
>>83829724yeah haha because only the network structure matters not like having one entity control it all is a single point haha not like the whole network has never gone down before hahaha
>>83829724two weeks ago you would have told me that Facebook isn't a single point of failure
>>83829724Are you being pedantic on purpose or just a glownigger?Single point == single companyEven then, relying on their local datacenters is still a form of centralization.>local cdn goes down>half the internet becomes inaccessible to tech illiteratesFuck off retard.
>>83829778You can't find a single service on the face of the Earth that does that.
>>83828772Then the problem is not that a CDN exists, it's that more CDNs do not exist.
>>83829480Obiously some kind of fork, as the language is very direct and to the point.Regular Firefox has that clean content-free corpo lingo that always assures you how private everything is even while you're getting sold to Google for accessing the addons page.
Large parts of internet have a MITM and nobody seems to care. Even 4chan is part of it (sup NSA).
Why does /g/ have such a high rate of glowniggers?
>>83829219They'd have to backdoor your OS, they wouldn't just be seeing cleartext packets going across the interface.
>>83829837>Single point == single companyNope, not what single point of failure means
>>83830321>They'd have to backdoor your OSI mean server owner that you rent virtual server from, he has local access, aka full control.
>>83830303Nice try COINTELPRO.
>>83830380Yes, but he'd have to do that within the guest OS, by default the host OS would only see encrypted packets and wouldn't be able to decrypt them. The likelyhood they've set up the guest OS to do that is very unlikely since it'd use a lot of resources and wouldn't be very difficult to discover to someone who knew what they were doing.
>>83830462not an expert, and I don't imply that they actually do it, butit should be doable with hypervisor and some listeners on apache's requests for guest processes
>>83828639Just wait until the first big story of CF willingly handing over request data at the first subpoena they get issued. all you CF shills will scatter like cockroaches
>>83830614>retard alertnow that was a game
>>83828727Endless hcaptcha on some sites and being unable to wget
>>83830303Who gives a shit about your orange bad boogeyman, it's been a year already also not a burger
>>83830638I'm not sure if it'll work with wget, but with curl I just give it a useragent to use in the config file and I never have any problems with it.
>>83830586>two posts ago: HAHA TRUMP LOST CHUD WHAT WILL YOU DO?>not obsessed with cheeto like some kind of rape victim
>>83830673Well for example on warosu that didn't help. I would have to pass the access cookie to it as well apparently but idk how to. Fortunately there are better alternatives
>>83830687>schizo>still traumatized by le red hat manWe're not burgers or Republicans. Privacy is a human right so quit being a fucking bootlicker leftard.>REEE TAKE UR MEDS REEEI don't need meds and you don't need to be a spastic
>>83830724>everyone is americandumbass
Everyone STOP!How is MAGA correlated with cloudflare being antiprivacy by design?
>>83830765Nobody cares about your country except yourselves.
>>83829362Based, I had no problems selfhosting and even if it was true all I need to do is to block all US connections temporarily.>>83830724I'm criticizing him for seething over Trump, don't reply to me.
>>83829362My site is hosted on a spoiled jar of mayo
>>83830690Using cookies is just --load-cookies /path/to/file
>>83830448we don't need goggles
>>83830799I am annoyed at a thread about technology being derailed into a thread about American politics nobody cares abotu besides Americans. You are a faggot.
>>83830830Reminder that you have no friends and will never have sex. You will die alone and a virgin. Your spam folder will not hug you, it will bit rot away.
why are MIGAlets flooding our board?
>>83830830>>83830839>>83830847classic glow derail
>>83830847>>83830874have your numbers really started dwindling so low that you need to resort to samefagging? this is quite entertaining ngl
>>83830903my opsec is fine, i haven't trusted the government since 2001i sure as hell am not going to trust a bunch of redditors defending orangeman for his autism though
>>83829824And I'll still tell you that.I didn't even realise it's down until someone told it to me a couple of hourse after it died. If you live in a 5th world country that actually does use FB for literally everything that's on you.
>>83830954>>83830957This is a board about TECHNOLOGY.You outed yourself as a ban diaspora newfag now fuck off.
So your point is that CloudFlare is Democrat or Republican?
>>83830865trump is a kike puppet who had his election stolen by biden, the chink puppet
>>83829143What the fuck. How is this legal?
>>83831167The site owner agrees to it
>>83829724I fucking hate you tourist niggers
>>83831167>What the fuck. How is this legal?do you even read agreements
>>83830980what does your country use
>>83831281retarded post, based webm
how can I get that notification in my browser?>>83828639>>83829959
>>83828639Is this firefox?
>>83828984>using cloudflare without full SSLYeah sounds like pajeet FUD. Any site not using end-to-end SSL in 2021 is poo in loo shit
>>83831401it is decrypted on cloudflare, then encrypted again on requestcloudflare actually sees your shit on plain textnotice the lock doesnt go over cloudflare as well
>>83831401>Yeah sounds like pajeet FUD.>can't read a basic diagram
Damn you glowies did a number on this thread trying to derail it, that only gives further evidence that CF is a MITM.
>>83831307Some use FB, some use VK, some don't bother with either. The only downside is that you also need like a dozen chat apps since a lot of people use different ones.
>>83828639So what's the solution? Just stop using sites with cloudflare?
>>83831528avoid putting sensitive info and complain to the site owners
>>83831528>Just stop using sites with cloudflare?
cloudflare is nsa simple as
>>83831475>Damn you glowies did a number on this thread trying to derail it, that only gives further evidence that CF is a MITM.so much this
>>83828772sometimes is hard to tell if people are shilling or just braindead.
>>83828866We're making practical, pragmatic decisions.The probability of issues (leaks or whatever else) caused by cloudflare is low compared to the mitigated risk of intrusion attempts and DDOSing that it provides.If we're as retarded as you suggest, you probably shouldn't trust that we've secured SSH properly and haven't left interesting debug ports open, right?If I just configure my provider-level firewall to only allow access from Cloudflare's IP range, it sidesteps such risks to a considerable degree.
>>83831528there is no solution, but being aware of the threat picture is critically important - plenty of people, most of which consider themselves savvy, think "oh neat ssl lock means only the host can read my shit". which is not the case.something to consider is always who and why. who is driving cloudflare adoption, and what do they hope to gain from it?well, the main advantage of cloudflare is that you mitm half the fucking internet. so, we're looking for actors who are both able and significantly interested in that - and who wish to do so quietly. if this was microsoft doing it just for ad mining you can bet your ass it would be called Microsoft(tm) Cloudflare(tm)(r) for Teams Enterprise Edition rather than just "hey kid, want free candy? just run this program, we're not affiliated with anyone promise".
no one ever got fired for leaking all their customer data to the NSA
>>83831700 (Me)Also- the days of your request going directly to on-prem servers are long gone. Your request's path probably goes something like this>you>cdn>provider loan balancers/firewall>kubernetes ingress/lb>host machine/VPS>nginx/caddy/apache/whatever>service>whatever third-party APIs my service passes your data onto, and all the network providers in THEIR chainTLS termination might happen more than once in this chain. But even if you ensure it only happens once, you still have to trust someone, somewhere. Even if you ARE entirely on-prem you have to trust everyone that has physical access to the machines, the manufacturers, etc.
>>83831727>well, the main advantage of cloudflare is that you mitm half the fucking internet>get's all the requests, your ip, your fingerprintit could potentially connect your whole web activity with you, quite useful, ngl
>>83828727doesnt L7 attacks work good on websites behind CDN?
This is the first google result for cloudflare mitm btw. The shills are shameless.> equating lack of CDN to lack of encryption
>>83832579>b-but without cdns you won't be able to use https because isps can't cache https content!!
>>83828639You gonna tell us what version of Firefox that is or...?Also: https://github.com/traktofon/cf-detectCloudflare
>>83832882this will never be in firefoxor any other globohomo browserobviously a fork
>>83831700Do your users know how hard you've fucking their inalienable right to privacy?
>>83828639How do I get this?