newsflash! cypherpunks mailing list is behind cloudflare-NSA

Punk punks at tfwno.gf
Fri Jul 12 13:15:27 PDT 2019 

On Fri, 12 Jul 2019 11:42:04 -0700
Greg Newby <gbnewby at pglaf.org> wrote:

> Newsflash! This happened in April, and was announced here:
>   https://lists.cpunks.org/pipermail/cypherpunks/2019-April/045250.html


	I was about to write that "oops, I missed that message", but I actually didn't. I read that message when it was posted and I just re-read it, and it says nothing about cloudflare being used. 


> 
> We have been on Cloudflare's DNS since then for the email lists. 
> 
> I have shut their CDN on and off, and it's currently on. This means that their content distribution network does some caching of visits to https://lists.cpunks.org


	yeah that's what I saw (cloudflare notice when JS is disabled)

	Using cloudflare's cdn also means that the NSA gets a direct record of who looks at the archives, or at least they get the traffic for further 'traffic analysis'. Also obv cloudflare-NSA automatically tracks visitors across all sites that use cloudflare. 

	Now, given how entrenched the surveillance state is, one could 'argue' that this is just another drop in the ocean, but still...



> (i.e., the Mailman interface to list archives etc.).
> 
> But the CDN doesn't handle emails. Those go through the (only) server for the list, which is also known as PGLAF.org.

	oh, ok. 



> 
> In olden days of cypherpunks, there was a distributed list delivery via multiple servers. These days, it's on the single server, managed by the Mailman software. The server has the usual array of anti-spam measures like graylisting, SPF, DKIM and DMARC. But it's not that hard to spoof another user... if there are problems, I can dig into them a bit via the server logs.
> 
> And, if people think we should turn off the Cloudflare CDN, I can do that easily enough. It is not very relevant for us, other than perhaps making it a bit faster for people who are harvesting the list archives from somewhere that the CDN is faster than the (GigE) network that PGLAF.org sits on.
>  - Greg
> 
> On Fri, Jul 12, 2019 at 01:02:20AM -0300, Punk wrote:
> > 
> > 
> > subject says it all. 
> > 
> > oh and I didn't send the previous message "Cryptocurrency: Trump Pumps Cryptos, Andreas Blasts jewcoins"

More information about the cypherpunks mailing list