←back to thread

Mitigating the Hetzner/Linode XMPP.ru MitM interception incident

(www.devever.net)
341 points hlandau | 1 comments | 20 Oct 23 20:31 UTC | HN request time: 0.204s | source
Show context
mike_d ◴[20 Oct 23 23:34 UTC] No.37962674[source]
Great callout:

> Don't use Cloudflare or similar services. See my article here for an explanation on why. If you use a service like this, you're basically already MitMing yourself.

I wish more people would realize that when arguing on the internet about CAA, DNSSEC, NSA, etc. that none of it really matters. We willingly allow a government aligned entity to unwrap 20% of all TLS connections on the internet and peak inside.

replies(3): >>37962900 #>>37963174 #>>37964536 #
worldofmatthew ◴[21 Oct 23 00:14 UTC] No.37962900[source]
Cloudflare is horrible for privacy. It is also a bit of a sovereignty issue for European countries to have all their citizens web habits to be MITM by a forging power (no matter how friendly they seam).

Edit: not even going in to the sovereignty issue of having an American private company effectively decide your internet regulations.

replies(2): >>37963087 #>>37964622 #
schleck8 ◴[21 Oct 23 06:40 UTC] No.37964622[source]
Cloudflare exists out of necessity for the most part. The alternatives to shield from large scale DDoS are all US American too.
replies(4): >>37964747 #>>37965678 #>>37966385 #>>37974403 #
1. immibis ◴[22 Oct 23 11:14 UTC] No.37974403[source]
Most sites don't get DDoSed. https://immibis.com/ has been running without DDoS protection for a long time now. It's as simple as nobody caring to do so. Why would they? What's in it for them?

And if someone does knock it offline, I still don't care. I can wait until they get bored. The site isn't important to me, either.

And if I really do care, Cloudflare encourages people to sign up whilw they are actively under attack. Of course, it costs money, because you aren't paying with your access logs all the times you aren't under attack.