thought I committed this earlier
This commit is contained in:
parent
6966e70d37
commit
473549788b
19
NEWS.md
19
NEWS.md
|
@ -1,3 +1,22 @@
|
||||||
|
*2019.02.08*
|
||||||
|
|
||||||
|
* well written post, along with some causes for action in privacytools.io
|
||||||
|
|
||||||
|
https://github.com/privacytoolsIO/privacytools.io/issues/374#issuecomment-460077544
|
||||||
|
|
||||||
|
* another privacytools.io thread
|
||||||
|
|
||||||
|
https://github.com/privacytoolsIO/privacytools.io/issues/711
|
||||||
|
|
||||||
|
* Cryptome on CF's ability to deanonymize (2016)
|
||||||
|
|
||||||
|
https://cryptome.org/2016/07/cloudflare-de-anons-tor.htm
|
||||||
|
|
||||||
|
* bug report issued in wire webapp
|
||||||
|
|
||||||
|
https://github.com/wireapp/wire-webapp/issues/5716
|
||||||
|
|
||||||
|
|
||||||
*2019.02.01*
|
*2019.02.01*
|
||||||
|
|
||||||
* The global internet is rotting from within, and
|
* The global internet is rotting from within, and
|
||||||
|
|
41
article.txt
41
article.txt
|
@ -4,8 +4,6 @@ Audience: General, people who stumble upon gnu.org
|
||||||
755 words rahisibhasha
|
755 words rahisibhasha
|
||||||
stab at french
|
stab at french
|
||||||
|
|
||||||
Website.
|
|
||||||
|
|
||||||
#########################################
|
#########################################
|
||||||
|
|
||||||
大きい云墙
|
大きい云墙
|
||||||
|
@ -21,8 +19,7 @@ The Great Cloudwall
|
||||||
by Jeff Cliff
|
by Jeff Cliff
|
||||||
|
|
||||||
*There is a reason that none of your favourite work intermittently on tor since
|
*There is a reason that none of your favourite work intermittently on tor since
|
||||||
early 2016[15]. That reason has lead to the discovery of a threat to the operation
|
early 2016[15]. That reason has lead to the discovery of a threat to the operation of the world wide web itself.*
|
||||||
of the world wide web itself.*
|
|
||||||
|
|
||||||
Prerequisites: The Javascript Trap[47], understanding that Google is not to be trusted[45][46], "Trusted Third Parties are Security Holes" - Nick Szabo[44][48]
|
Prerequisites: The Javascript Trap[47], understanding that Google is not to be trusted[45][46], "Trusted Third Parties are Security Holes" - Nick Szabo[44][48]
|
||||||
|
|
||||||
|
@ -30,11 +27,16 @@ Cloudflare is a service for turing tests its users users, which means that
|
||||||
it frustrates attempts by users of its users to develop software to interact
|
it frustrates attempts by users of its users to develop software to interact
|
||||||
with their websites[3]. This might seem strange at first - why would you need
|
with their websites[3]. This might seem strange at first - why would you need
|
||||||
a program to access a web resource? But there's many things that work on the
|
a program to access a web resource? But there's many things that work on the
|
||||||
web like this, including RSS and podcasts which are completley broken by a
|
web like this, including RSS, podcasts, and antivirus definitions[57][58] which are completley broken by a
|
||||||
CAPTCHA appearing mid stream[11]. "We humans don't make HTTP requests,
|
CAPTCHA appearing mid stream[11]. "We humans don't make HTTP requests,
|
||||||
our machines to do it for us." makes clear what is really being tested here -
|
our machines to do it for us." makes clear what is really being tested here -
|
||||||
whether or not you have the *right* software stack in between you and
|
whether or not you have the *right* software stack in between you and
|
||||||
cloudflare. {{expand}}
|
cloudflare.
|
||||||
|
|
||||||
|
This is not a hypothetical: Cloudflare is currently attempting to dictate
|
||||||
|
which web browsers users of websites under cloudflare may use[60].
|
||||||
|
|
||||||
|
{{expand}}
|
||||||
Your right to use Free Software in this stack is at risk, and could disappear
|
Your right to use Free Software in this stack is at risk, and could disappear
|
||||||
at any moment.
|
at any moment.
|
||||||
|
|
||||||
|
@ -72,7 +74,7 @@ More important, though is it starts to form a ratchet for web browser technology
|
||||||
"When you fetch a page from a website that is served from CloudFlare, Javascript has been injected on-the-fly into that page by CloudFlare. and they also plant a cookie that brands your browser with a globally-unique ID. ID. This happens even if the website is using SSL and shows a cute little padlock in your browser" [10]
|
"When you fetch a page from a website that is served from CloudFlare, Javascript has been injected on-the-fly into that page by CloudFlare. and they also plant a cookie that brands your browser with a globally-unique ID. ID. This happens even if the website is using SSL and shows a cute little padlock in your browser" [10]
|
||||||
|
|
||||||
- Cloudflare tracks you
|
- Cloudflare tracks you
|
||||||
Even if your web browsing traffic is protected from onlookers, cloudflare itself because they are a MiTM[14][31] can see your traffic[6]. And if Cloudflare has MITM'd you, then so has the NSA[33].
|
Even if your web browsing traffic is protected from onlookers, cloudflare itself because they are a MiTM[14][31] can see your traffic[6]. And if Cloudflare[53] has MITM'd you, then so has the NSA[33].
|
||||||
"If a site uses Cloudflare, then the browser lock icon is a false promise."[14]
|
"If a site uses Cloudflare, then the browser lock icon is a false promise."[14]
|
||||||
"The short version, a rhetorical question: Would you trust a key escrow régime, in which an “authorized” entity was entrusted with the potential to decrypt all communications at will? If not, why would you trust a de facto mass decryption chokepoint at which many communications are actually decrypted?"[34]
|
"The short version, a rhetorical question: Would you trust a key escrow régime, in which an “authorized” entity was entrusted with the potential to decrypt all communications at will? If not, why would you trust a de facto mass decryption chokepoint at which many communications are actually decrypted?"[34]
|
||||||
in other words
|
in other words
|
||||||
|
@ -153,7 +155,7 @@ to track online fraud and abuse.
|
||||||
|
|
||||||
The US Department of Homeland Security
|
The US Department of Homeland Security
|
||||||
approached the developers in 2007-8[1][36] for access to their data, and they have
|
approached the developers in 2007-8[1][36] for access to their data, and they have
|
||||||
been working with the US government and law enforcement ever since[1].
|
been working with the US government[54] and law enforcement ever since[1].
|
||||||
on HTTP GET requests:
|
on HTTP GET requests:
|
||||||
|
|
||||||
Cloudflare has a history of shutting down open DNS and open NTP servers.
|
Cloudflare has a history of shutting down open DNS and open NTP servers.
|
||||||
|
@ -177,14 +179,16 @@ actually resolving the issue[29][30][32]
|
||||||
- The more of the web is held within cloudflare the more pressure will be on
|
- The more of the web is held within cloudflare the more pressure will be on
|
||||||
websites not behind cloudflare
|
websites not behind cloudflare
|
||||||
- As of 2016, by cloudflare's own data tor was not as bad as normal internet connections.
|
- As of 2016, by cloudflare's own data tor was not as bad as normal internet connections.
|
||||||
- "But we need Cloudflare to protect from DDoS.” Hey, that’s a nice site you have there. It would be a shame, such a shame, if anything happened to it. Why don’t you let us decrypt all your TLS sessions, so we can protect you?"[14]
|
- "But we need Cloudflare to protect from DDoS.” Hey, that’s a nice site you have there. It would be a shame, such a shame, if anything happened to it. Why don’t you let us decrypt all your TLS sessions[59], so we can protect you?"[14]
|
||||||
|
|
||||||
*I heard Cloudflare is working with tor and all is good now?*
|
*I heard Cloudflare is working with tor and all is good now?*
|
||||||
|
|
||||||
- just because you can't see the problem doesn't mean it's not there anymore.
|
- just because you can't see the problem doesn't mean it's not there anymore.
|
||||||
|
|
||||||
- This is not true. Their websites still CAPTCHA their users, same as ever, and
|
- This is not true. Their websites still CAPTCHA their users, same as ever, and
|
||||||
news agencies across the political spectrum screwed up stories about how the 'problem is fixed'[18]
|
news agencies across the political spectrum screwed up stories about how the 'problem is fixed'[18]
|
||||||
- it's actually worse, though[17] that we can't see it - it was easy to get a
|
|
||||||
|
- it's actually worse, though[17] if we couldn't see it[60] - it was easy to get a
|
||||||
lot of riled up tor users to understand that cloudflare was their adversary.
|
lot of riled up tor users to understand that cloudflare was their adversary.
|
||||||
it's a lot harder to convince people who are not blocked from their websites,
|
it's a lot harder to convince people who are not blocked from their websites,
|
||||||
today, why giving systematic control over the world wide web might be a bad thing tomorrow.
|
today, why giving systematic control over the world wide web might be a bad thing tomorrow.
|
||||||
|
@ -194,6 +198,11 @@ today, why giving systematic control over the world wide web might be a bad thin
|
||||||
- But they are now doing more to track users and threaten the anonymity of the
|
- But they are now doing more to track users and threaten the anonymity of the
|
||||||
users of the tor network.
|
users of the tor network.
|
||||||
|
|
||||||
|
- Cloudflare is one of a couple of large network providers that are capturing
|
||||||
|
the vast majority of digital communications, effectively creating private
|
||||||
|
networks the size of the modern internet that are competitive with and not
|
||||||
|
subject to the same kinds of scrutiny and regulation as the internet[58].
|
||||||
|
|
||||||
* What if we shut down cloudflare and migrate all websites out of them?*
|
* What if we shut down cloudflare and migrate all websites out of them?*
|
||||||
|
|
||||||
We're probably going to have the same problem with another company, very soon.
|
We're probably going to have the same problem with another company, very soon.
|
||||||
|
@ -202,6 +211,8 @@ get rid of the problem of proprietary software, there's a couple of problems
|
||||||
that if we don't solve them, something like Cloudflare is roughly inevitable
|
that if we don't solve them, something like Cloudflare is roughly inevitable
|
||||||
as a consequence:
|
as a consequence:
|
||||||
|
|
||||||
|
*Cloudflare DNS*
|
||||||
|
|
||||||
"DNS[50] is around, servers are insecure, proper end-to-end crypto isn't the norm hence MITM goes unnoticed, anonymity is an edge case, routing lacks built-in resiliency to disruption, we're always going to have actors building a bus.ness model around cobbling together superficial, overapproximating mitigations."[20]
|
"DNS[50] is around, servers are insecure, proper end-to-end crypto isn't the norm hence MITM goes unnoticed, anonymity is an edge case, routing lacks built-in resiliency to disruption, we're always going to have actors building a bus.ness model around cobbling together superficial, overapproximating mitigations."[20]
|
||||||
|
|
||||||
*Mozilla and Cloudflare*
|
*Mozilla and Cloudflare*
|
||||||
|
@ -263,5 +274,11 @@ Learn more about cloudflare, and make sure the people around you know about clou
|
||||||
[50] https://www.quora.com/How-likely-is-it-that-CloudFlare-is-an-NSA-operation/answer/Hamid-Sarfraz
|
[50] https://www.quora.com/How-likely-is-it-that-CloudFlare-is-an-NSA-operation/answer/Hamid-Sarfraz
|
||||||
[51] https://medium.com/@karthikb351/airtel-is-sniffing-and-censoring-cloudflares-traffic-in-india-and-they-don-t-even-know-it-90935f7f6d98
|
[51] https://medium.com/@karthikb351/airtel-is-sniffing-and-censoring-cloudflares-traffic-in-india-and-they-don-t-even-know-it-90935f7f6d98
|
||||||
[52] http://pleroma.oniichanylo2tsi4.onion/notice/1563
|
[52] http://pleroma.oniichanylo2tsi4.onion/notice/1563
|
||||||
|
[53] https://github.com/mozilla-mobile/focus-android/issues/1743#issuecomment-351555735
|
||||||
|
[54] https://lists.torproject.org/pipermail/tor-talk/2018-January/043889.html
|
||||||
|
[55] https://www.eff.org/document/crypto-wars
|
||||||
|
[56] http://forums.clamwin.com/viewtopic.php?t=4915
|
||||||
|
[57] http://lists.clamav.net/pipermail/clamav-users/2018-November/thread.html
|
||||||
|
[58] https://www.itu.int/en/ITU-T/Workshops-and-Seminars/20181218/Documents/Geoff_Huston_Presentation.pdf
|
||||||
|
[59] https://github.com/ghacksuserjs/ghacks-user.js/issues/310#issuecomment-351913412
|
||||||
|
[60] https://github.com/privacytoolsIO/privacytools.io/issues/374#issuecomment-460413259
|
||||||
|
|
|
@ -198,7 +198,15 @@ in a way that’s friendly to the marketing industry "
|
||||||
|
|
||||||
http://exiledonline.com/isucker-big-brother-internet-culture/
|
http://exiledonline.com/isucker-big-brother-internet-culture/
|
||||||
|
|
||||||
20) Followup / Further research:
|
20)
|
||||||
|
|
||||||
|
How, technically, does Cloudflare deanonymize tor users?
|
||||||
|
|
||||||
|
https://cryptome.org/2016/07/cloudflare-de-anons-tor.htm
|
||||||
|
https://trac.torproject.org/projects/tor/ticket/18361#comment:147
|
||||||
|
|
||||||
|
|
||||||
|
21) Followup / Further research:
|
||||||
|
|
||||||
See also
|
See also
|
||||||
https://trac.torproject.org/projects/tor/wiki/org/doc/ListOfServicesBlockingTor
|
https://trac.torproject.org/projects/tor/wiki/org/doc/ListOfServicesBlockingTor
|
||||||
|
@ -222,7 +230,7 @@ https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block
|
||||||
https://support.cloudflare.com/hc/en-us/articles/200170056-What-is-CloudFlare-s-Babysic-Security-Level-
|
https://support.cloudflare.com/hc/en-us/articles/200170056-What-is-CloudFlare-s-Babysic-Security-Level-
|
||||||
https://support.cloudflare.com/hc/en-us/articles/200170116-What-do-the-Threat-Scores-mean-
|
https://support.cloudflare.com/hc/en-us/articles/200170116-What-do-the-Threat-Scores-mean-
|
||||||
|
|
||||||
21) Sources
|
22) Sources
|
||||||
|
|
||||||
[1] http://themusicgod1.deviantart.com/art/the-great-cloudwall-1-595382698
|
[1] http://themusicgod1.deviantart.com/art/the-great-cloudwall-1-595382698
|
||||||
|
|
||||||
|
|
|
@ -57642,6 +57642,7 @@ privacystudio.eu
|
||||||
privacytax.com
|
privacytax.com
|
||||||
privacy-tools.com
|
privacy-tools.com
|
||||||
privacytools.com
|
privacytools.com
|
||||||
|
privacyTools.io
|
||||||
privacytools.io
|
privacytools.io
|
||||||
privacytools.org
|
privacytools.org
|
||||||
privacywanted.com
|
privacywanted.com
|
||||||
|
|
Loading…
Reference in New Issue