Snowden on the Twitters

oshwm oshwm at openmailbox.org
Sun Oct 18 02:26:00 PDT 2015 


On 18/10/15 08:34, Ryan Carboni wrote:
>>
>> It is behind Cloudflare's MiTM service which adds web services names to
>> their existing certs as alternative Names.
>>
>> So your SSL/TLS connection is terminated on Cloudflare's web application
>> firewalls and NOT the web servers that you think is terminating it.
>>
>> Given CF handle over 4% of web traffic it is a great place to collect and
>> collate what was encrypted traffic for monitoring and anti-privacy purposes.
>>
>> Cheers,
>> Oshwm.
> 
> 
> Given that it was revealed that ISPs were subsidized in exchange for giving
> the NSA full take, it makes cloudflare mildly suspicious. Although I
> personally don't care. It's a free CDN and I suppose one expects some
> freedom to be lost somewhere.
> 

Not quite...

When your ISP (and every other ISP/Peer) logs traffic then you can
circumvent this by using a VPN/Tor/i2p etc and so the only logs they get
prove that you are a privacy conscious customer who is actively using
the internet.

You can't use VPN/Tor/i2p to bypass the CDN's because the CDN is the
endpoint in your communications.
Therefore, the CDN has access to the entire contents of your
communications which allows them to gather a massive amount of
information about you.
When they can do this across multiple websites then the ability to
correlate that information into a complete profile of you and your
online activities becomes very dangerous.

Unfortunately, avoiding CDNs is difficult because they are part of the
Corporate and Government effort to centralise the web for exactly the
reasons I outlined above.

So, the wise person expects to lose freedom but the wiser person does
everything they can to reduce the loss.

One of the things that surprises me on this list is the number of people
who are happy to accept the loss of privacy that the modern web allows.
It's as if this isn't the Cypherpunks list after all!!!





-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20151018/1b2586e2/attachment-0002.sig>

More information about the cypherpunks mailing list