On 09/10/15 10:52, rysiek wrote:
Dnia czwartek, 8 października 2015 20:45:50 Mirimir pisze:
On 10/08/2015 07:42 PM, coderman wrote:
On 10/7/15, Michael Best <themikebest@gmail.com> wrote:
Let me begin by saying that Cryptome initially denied the leak, then that the data was stolen, then that the whole thing was a fake "a lie by [a] spy-newbie."
the lie is assuming these requests over plain-text were ever private :P
That is the key point!
And anyway, all traffic to all websites is public.
Oh for fucks' sake. There are fuckers who do listen in and surveil, etc, but it is *not* okay to make their work easier. And it is *not* okay to make one's server logs broadly available in such a context.
Why the fuck are people on this list slamming Snowden and freedom.press for using Cloudflare, and at the same time defending JYA for sending out server logs with dates and IP addresses?
I feel the need to respond here although previously having sat and watched as I was involved quite heavily in the CF/freedom.press discussion. So, here's my viewpoint:- EVERYONE is responsible for their own OpSec and can trust NO website no matter who created/maintains it. You can't even trust the infrastructure that your data travels on - check out you cable/DSL router, the ISP has remote access to it and that's in your own property supposedly managed by you. Having said that, it is the duty of EVERY honest website owner to reduce the amount of user data they hold and/or expose - to do any different is reckless, inconsiderate and possibly dangerous. With respect to Cloudflare, there are a different set of problems:- 1) MiTM - they terminate your secure connections without letting you know BEFORE you connect or transfer confidential communications. 2) They sit in the path fo so much internet traffic that just CF alone can be used to correlate various bits of data/metadata with regards to someone that they are a one corp logging system for TLA's etc. This issue is far larger than the cryptome one although cryptome is going against what I wrote earlier about data reduction. freedom.press, like MANY other organisations around the world are using Cloudflare's services in full knowledge that they MiTM and provide a irresistable data collection and collation point for the TLA's. And yet, still claim to be fighting for the good guys. Snowden? He has his own agenda and is using the "leaks" (if they are real) to push that agenda - if you agree with what he wants "a conversation about mass surveillance" then cool, cheer him on (whether his data is crap or not), otherwise he can be ignored for the most part as your OpSec should assume EVERYTHING is compromised right down to discrete component level (think you can't fit an IC into the casing of a resistor or diode?). As for Best, as previously said, I haven't time at the moment to review the data he has presented to know if he has an angle or if he's just a good guy. Position clarified enough?
The hell is this bullshit?