On Fri, Oct 9, 2015 at 9:59 AM, oshwm <oshwm@openmailbox.org> wrote:
Oh for fucks' sake. There are fuckers who do listen in and surveil, etc, but it is *not* okay to make their work easier. And it is *not* okay to make one's server logs broadly available in such a context.
True. Ahem especially AT&T, etc.
Why the fuck are people on this list slamming Snowden and freedom.press for using Cloudflare, and at the same time defending JYA for sending out server logs with dates and IP addresses?
Probably because acting independantly is valued. Using cloudflare is expressly not being independant... it's mainstream and subject.
Cloudflare's services in full knowledge that they MiTM and provide a irresistable data collection and collation point for the TLA's.
Some say CF or its employees have done work for the Govt at some point in lifespan (sources needed).
Snowden? He has his own agenda and is using the "leaks" (if they are
"Own agenda" sure, and historical leak partnerships are interesting and evolving. However the Snowden era will likely be completely known and over by the end of 2017 as to any US political game.
as your OpSec should assume EVERYTHING is compromised right down to discrete component level (think you can't fit an IC into the casing of a resistor or diode?).
Said this all along, but no one is willing to do anything about it, not even shave off a tenth or more of the risk via openfabs because OMG cost. Shame, and on not seeing long term rewards of such investment.