Re: Snowden on the Twitters
It is behind Cloudflare's MiTM service which adds web services names to their existing certs as alternative Names.
So your SSL/TLS connection is terminated on Cloudflare's web application firewalls and NOT the web servers that you think is terminating it.
Given CF handle over 4% of web traffic it is a great place to collect and collate what was encrypted traffic for monitoring and anti-privacy purposes.
Cheers, Oshwm.
Given that it was revealed that ISPs were subsidized in exchange for giving the NSA full take, it makes cloudflare mildly suspicious. Although I personally don't care. It's a free CDN and I suppose one expects some freedom to be lost somewhere.
On 18/10/15 08:34, Ryan Carboni wrote:
It is behind Cloudflare's MiTM service which adds web services names to their existing certs as alternative Names.
So your SSL/TLS connection is terminated on Cloudflare's web application firewalls and NOT the web servers that you think is terminating it.
Given CF handle over 4% of web traffic it is a great place to collect and collate what was encrypted traffic for monitoring and anti-privacy purposes.
Cheers, Oshwm.
Given that it was revealed that ISPs were subsidized in exchange for giving the NSA full take, it makes cloudflare mildly suspicious. Although I personally don't care. It's a free CDN and I suppose one expects some freedom to be lost somewhere.
Not quite... When your ISP (and every other ISP/Peer) logs traffic then you can circumvent this by using a VPN/Tor/i2p etc and so the only logs they get prove that you are a privacy conscious customer who is actively using the internet. You can't use VPN/Tor/i2p to bypass the CDN's because the CDN is the endpoint in your communications. Therefore, the CDN has access to the entire contents of your communications which allows them to gather a massive amount of information about you. When they can do this across multiple websites then the ability to correlate that information into a complete profile of you and your online activities becomes very dangerous. Unfortunately, avoiding CDNs is difficult because they are part of the Corporate and Government effort to centralise the web for exactly the reasons I outlined above. So, the wise person expects to lose freedom but the wiser person does everything they can to reduce the loss. One of the things that surprises me on this list is the number of people who are happy to accept the loss of privacy that the modern web allows. It's as if this isn't the Cypherpunks list after all!!!
On 10/18/2015 03:26 AM, oshwm wrote: <SNIP>
When your ISP (and every other ISP/Peer) logs traffic then you can circumvent this by using a VPN/Tor/i2p etc and so the only logs they get prove that you are a privacy conscious customer who is actively using the internet.
Right. But it's best if you start with a mass-market popular VPN service. Then do nested tunnels. Maybe do some torrenting. Blend.
You can't use VPN/Tor/i2p to bypass the CDN's because the CDN is the endpoint in your communications.
Of course not.
Therefore, the CDN has access to the entire contents of your communications which allows them to gather a massive amount of information about you.
True. All of it, arguably. But it won't be useful if you've compartmentalized well enough, through different channels. Some of my personas probably look a lot more like some of your personas than some of my other personas. Or if not you, others who are reading this.
When they can do this across multiple websites then the ability to correlate that information into a complete profile of you and your online activities becomes very dangerous.
Only if you haven't compartmentalized well enough.
Unfortunately, avoiding CDNs is difficult because they are part of the Corporate and Government effort to centralise the web for exactly the reasons I outlined above.
No problem. Compartmentalize!
So, the wise person expects to lose freedom but the wiser person does everything they can to reduce the loss.
For sure.
One of the things that surprises me on this list is the number of people who are happy to accept the loss of privacy that the modern web allows. It's as if this isn't the Cypherpunks list after all!!!
There are many funny people on this list ;)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/18/2015 05:26 AM, oshwm wrote: [...]
So, the wise person expects to lose freedom but the wiser person does everything they can to reduce the loss.
One of the things that surprises me on this list is the number of people who are happy to accept the loss of privacy that the modern web allows. It's as if this isn't the Cypherpunks list after all!!!
Ask not how to do everything you can to reduce State and corporate surveillance of your doings on the Internet. Ask rather, how to do everything you can to make your use of the Internet damage the interests of State and corporate actors, more than their surveillance and responses to same can damage you. We do not pursue "freedom" because it is easy. We pursue "freedom" because it is hard - and should not be. :D -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJWI6fuAAoJEDZ0Gg87KR0Lwg0P/2diRazbUwaiMS50drXJy2eU zSCu8B/oHlTBvrjxK1VhHxP+0mbDuDSAOQXetCM15uuixUqpFx8WIhKo5m4SiMm2 5I1XMfSWGmYk4o65Ej0rf27HiAkM31rwfH8RrtTk4cg/GTrYzZJF4QviEf/1SPpe g1mvOafTU50TU5HAv84ruKYql+hjvGwRWRV28d0rkhpLkmkINlV0Lp7WLq3tgTXT 77PyHOIz9rlcEt9h5o50OAJdMeOmB1xnRSB16pEJ3QVJNqAkuPYRq1N34NqWWFYv 9mOvTq9d59sszZJra2vkVMvCGSht7QmX1x2vKUkcs6m6yWwBlYO+GRX79GpKKBAS j6hrtJ5/2QlcvFuO8kJUnTmy8/l7T43ML2xo55hRNdCvcgGWVEJEvpugKl87uQ8N TgQdVImkQs9vws6X/dJyne6DJ5MVg4+8ZYWXfqSa2geBk1uV8VdTvtn+nBIQir22 7stMaczXiA7Mj9Vs0sJgEplNWfEGr+tD/vVPE/2YoBln9/uqVJfcziR1ED6PCDfk 5tWx4G11WyG3GO4Qk90PdmKRcN6IOAb2coequwU+U0xkDCZMctJZX61UkM2d7JHb eRtGWDHLJB5P34H3a8W/kIMMNsX5xXS3XLuascU/n4wPZZsXwYJ/l3589rCWJ1j8 Vx8STxB9HATPKZTuqBWl =I1ZK -----END PGP SIGNATURE-----
On October 18, 2015 7:18:36 AM Steve Kinney <admin@pilobilus.net> wrote:
Ask not how to do everything you can to reduce State and corporate surveillance of your doings on the Internet. Ask rather, how to do everything you can to make your use of the Internet damage the interests of State and corporate actors, more than their surveillance and responses to same can damage you.
Very well said! There are situations where crypto is required. We should do everything we can to help people learn to use it, especially to facilitate their communications when secrecy is absolutely necessary. Yes, it's sometimes fun to encrypt fuck-off messages to the spooks inside lolcats. But I've reached a point where I'm tiring of the cat-and-mouse game 24/7. Encrypting *everything* frustrates them, but to me it also signals that we expect they are monitoring everything without cause or suspicion (in violation of the 4th amendment and many other laws of sovereign nations, worldwide) and we are giving them tacit permission to continue to do so. Those who understand encryption and can use it correctly are still a relatively small minority. I feel like "encrypting everything" just because *I* can, while the majority of the planet has never even heard of Whit Diffie or elliptical curve, sort of defeats the purpose. We can protect ourselves (and in some cases, at this point in time, encryption is mandatory to our personal safety - but should not be used as false security), but dismantling the surveillance machine that captures everyone's emails to grandma, catalogues every single purchase and aids in the perversion of justice (via parallel construction, etc) seems to me to be the nobler goal. Just my .02. -S
We do not pursue "freedom" because it is easy. We pursue "freedom" because it is hard - and should not be.
:D
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBAgAGBQJWI6fuAAoJEDZ0Gg87KR0Lwg0P/2diRazbUwaiMS50drXJy2eU zSCu8B/oHlTBvrjxK1VhHxP+0mbDuDSAOQXetCM15uuixUqpFx8WIhKo5m4SiMm2 5I1XMfSWGmYk4o65Ej0rf27HiAkM31rwfH8RrtTk4cg/GTrYzZJF4QviEf/1SPpe g1mvOafTU50TU5HAv84ruKYql+hjvGwRWRV28d0rkhpLkmkINlV0Lp7WLq3tgTXT 77PyHOIz9rlcEt9h5o50OAJdMeOmB1xnRSB16pEJ3QVJNqAkuPYRq1N34NqWWFYv 9mOvTq9d59sszZJra2vkVMvCGSht7QmX1x2vKUkcs6m6yWwBlYO+GRX79GpKKBAS j6hrtJ5/2QlcvFuO8kJUnTmy8/l7T43ML2xo55hRNdCvcgGWVEJEvpugKl87uQ8N TgQdVImkQs9vws6X/dJyne6DJ5MVg4+8ZYWXfqSa2geBk1uV8VdTvtn+nBIQir22 7stMaczXiA7Mj9Vs0sJgEplNWfEGr+tD/vVPE/2YoBln9/uqVJfcziR1ED6PCDfk 5tWx4G11WyG3GO4Qk90PdmKRcN6IOAb2coequwU+U0xkDCZMctJZX61UkM2d7JHb eRtGWDHLJB5P34H3a8W/kIMMNsX5xXS3XLuascU/n4wPZZsXwYJ/l3589rCWJ1j8 Vx8STxB9HATPKZTuqBWl =I1ZK -----END PGP SIGNATURE-----
On Sun, Oct 18, 2015 at 12:34:16AM -0700, Ryan Carboni wrote:
personally don't care. It's a free CDN and I suppose one expects some freedom to be lost somewhere.
Yeah, it starts this way: First you lose 1% freedom, then 2%, then 4%, then 8% ... and after 99-128% you are a product to be sold. Observe that CF has your _private key_ and you don't have it.
On Sun, Oct 18, 2015 at 6:24 AM, Georgi Guninski <guninski@guninski.com> wrote:
First you lose 1% freedom, then 2%, then 4%, then 8% ... and after 99-128% you are a product to be sold.
Other way around, you're sold at the very first and most basic dataset... name, dob, id, address, phone, govt picture. That's trivial %. Add in credit / purchase. Add in pictures, email, social. Add in anything juicy like private associations, real thoughts, offline bits, etc. Deeper the DB's go, more people are silently calculated upon, twisted and used en masse from above. DB's do not exist to serve you, they serve the Corp and the State and others against you, remove them.
participants (7)
-
Georgi Guninski -
grarpamp -
Mirimir -
oshwm -
Ryan Carboni -
Shelley -
Steve Kinney