Snowden on the Twitters

oshwm oshwm at
Wed Sep 30 12:38:14 PDT 2015

On 30/09/15 12:53, Georgi Guninski wrote:
> On Wed, Sep 30, 2015 at 08:13:09AM +0100, Oshwm wrote:
>> It is behind Cloudflare's MiTM service which adds web services names to their existing certs as alternative Names.
>> So your SSL/TLS connection is terminated on Cloudflare's web application firewalls and NOT the web servers that you think is terminating it.
> lol, did CA based PKI (d)evolved to buying an usable cert, but not
> having the private key?

Not sure if I'm missing something here but CF's CEO confirmed what I had
tested on Twitter.
The Web Service owners have to give CF their private keys.
So they are complicit in giving away your "secure" communications to CF
(and whoever they are buddies with, whether it be Advertisers or NSA et al).
But they do not tell the end users that they are using a service such as
CF which if they did would at least give the end users a chance to make
their own mind up.

> How do you survive large scale DDOS?

This is an issue that needs to be looked at but using WAF's is not a
solution to DDoS, it's a malware solution so in fact they only need to
ensure your traffic passes through CF without decrypting it to gain DDoS
protection - that is a routing issue.

> AFAICT most service providers will ditch you, since you are hurting
> their other customers.

There is a big problem with the centralisation with the internet in this
way but it is also very difficult and costly to for a website to handle
large volumes of traffic in an independent DC.
But responding to DDoS by using services such as CF is playing into the
hands of the likes of the NSA who may well be behind a number of the
attacks in order to promote the CF "solution".

> More ontopic, Snowden has nearly meeelion twatter actor followers and
> some of them call him "traitor", not sure how he deals with the twatter
> spam.
> IIRC (from Snowden's dox) the dear NSA infiltrated some? CC of botnets,
> so they can use them for any kind of DDOS.

Snowden is a moderate extremist, he doesn't want transparent government
and private individuals, he just wants a discussion on where to draw the
line with surveillance, his leaks are purely to further this aim.
Assange and the people who have worked with him on leaks are more the
kind of people we need.

More information about the cypherpunks mailing list