diff options
| author | Amolith <amolith@nixnet.xyz> | 2019-05-24 11:25:04 -0400 |
|---|---|---|
| committer | Amolith <amolith@nixnet.xyz> | 2019-05-24 11:25:04 -0400 |
| commit | 46a82dbd1ba5a2162063e7e57e85159953208e03 (patch) | |
| tree | c5099d8e77be116bfcb122680692d7ed6e494cae /article.txt | |
| parent | 88b04c754a288cf98da4f2ce94f4e4c31292c907 (diff) | |
| download | cloudflare-tor-46a82dbd1ba5a2162063e7e57e85159953208e03.tar cloudflare-tor-46a82dbd1ba5a2162063e7e57e85159953208e03.tar.gz cloudflare-tor-46a82dbd1ba5a2162063e7e57e85159953208e03.tar.lz cloudflare-tor-46a82dbd1ba5a2162063e7e57e85159953208e03.tar.xz cloudflare-tor-46a82dbd1ba5a2162063e7e57e85159953208e03.zip | |
switch MiTM with MITM - #8
Diffstat (limited to 'article.txt')
| -rw-r--r-- | article.txt | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/article.txt b/article.txt index a7a65608..e805d582 100644 --- a/article.txt +++ b/article.txt @@ -78,8 +78,8 @@ More important, though, is that it starts to form a ratchet for web browser tech "When you fetch a page from a website that is served from Cloudflare, JavaScript has been injected on-the-fly into that page by Cloudflare. And they also plant a cookie that brands your browser with a globally-unique ID. This happens even if the website is using SSL and shows a cute little padlock in your browser" [10] - Cloudflare tracks you -Even if your traffic is protected from onlookers, Cloudflare itself can see your traffic[6] because they are a MiTM[14][31]. -In addition, if Cloudflare[53] has intercepted your traffic(MiTM), so has the NSA[33]. +Even if your traffic is protected from onlookers, Cloudflare itself can see your traffic[6] because they are a MITM[14][31]. +In addition, if Cloudflare[53] has intercepted your traffic(MITM), so has the NSA[33]. "If a site uses Cloudflare, then the browser lock icon is a false promise."[14] "The short version, a rhetorical question: Would you trust a key escrow regime, in which an “authorized” entity was entrusted with the potential to decrypt all communications at will? If not, why would you trust a de facto mass decryption chokepoint at which many communications are actually decrypted?"[34] In other words, @@ -112,7 +112,7 @@ The next time a large group wakes up, millions of websites might be down (includ *Background : How Cloudflare threatens the web* -- Cloudflare is a MiTM for the whole web +- Cloudflare is a MITM for the whole web - As of 3 years ago 10% of the top 25,000 websites used Cloudflare[2] - A billion people in china are restricted by the Great Firewall[8]. Anyone who goes so far as to circumvent that must then deal with the "Great Cloudwall" for accessing the open internet. @@ -203,7 +203,7 @@ of problems that, if we don't solve them, something like Cloudflare is roughly i *Cloudflare DNS* -"DNS[50] is around, servers are insecure, proper end-to-end crypto isn't the norm hence MiTM goes unnoticed, anonymity is an edge case, routing lacks built-in resiliency to disruption, we're always going to have actors building a business model around cobbling together superficial, overapproximating mitigations."[20] +"DNS[50] is around, servers are insecure, proper end-to-end crypto isn't the norm hence MITM goes unnoticed, anonymity is an edge case, routing lacks built-in resiliency to disruption, we're always going to have actors building a business model around cobbling together superficial, overapproximating mitigations."[20] *Mozilla and Cloudflare* |