• 3 Posts
  • 6 Comments
Joined 9 months ago
Cake day: February 10th, 2024
  • mox@lemmy.sdf.orgtoTechnology@lemmy.worldCloudflare to EU: Anti-Piracy Measures Shouldn't Harm Privacy and SecurityEnglish
    1·
    6 days ago

    Cloudflare is a provider that you can choose to have as a part of your own infrastructure.

    Indeed.

    man in the middle implies “attack”

    That can be a convenient shorthand if the parties in a discussion agree to use it as such in context. For example, in a taxonomy of cryptographic attacks, it would make sense. It is not the general meaning, though, at least not a universally accepted one. Similarly, “counter” does not imply “counter attack”, unless we happen to be discussing attack strategy.

    More to the point, nothing that I wrote misrepresents the situation as was claimed by that other person. If I had meant attack, I would have said attack. Rather, they made a leap of logic because I (like most of my colleagues) don’t happen to follow a convention that they like, and picked a fight over it. No thanks.

  • mox@lemmy.sdf.orgtoTechnology@lemmy.worldCloudflare to EU: Anti-Piracy Measures Shouldn't Harm Privacy and SecurityEnglish
    2·
    7 days ago

    It bugs me when people say Cloudflare is a MitM, because that is a disingenuous representation the situation.

    No, it is a clear description of what is happening: Instead of https keeping the traffic encrypted from user to service, it runs only from user to Cloudflare (and then in some cases from Cloudflare to service, although that’s irrelevant here). The result is that a third party (Cloudflare) is able to read and/or modify the traffic between the two endpoints. This is exactly what we in mean in cryptography discussions by man-in-the-middle.

    You can decide that you don’t mind it because it’s not a secret, or because they haven’t been caught abusing it yet, but to say it’s not a man-in-the-middle is utter nonsense.

    and you opt into it.

    No, the service operator opts in to it, without consulting the user, and usually without informing them. The user has no choice in the matter, and typically no knowledge of it when they send and receive potentially sensitive information. They only way they find out that Cloudflare is involved is if Cloudflare happens to generate an error page, or if they are technically inclined enough to manually resolve the domain name of the service and look up the owner of the net block. The vast majority of users don’t even know how to do this, of course, and so are completely unaware.

    All the while, the user’s browser shows “https” and a lock icon, assuring the user that their communication is protected.

    And even if they were aware, most users would still have no idea what Cloudflare’s position as a middleman means with respect to their privacy, especially with how many widely used services operate with it.

    To be clear, this lack of disclosure is not what makes it a man in the middle. It is an additional problem.

    it cannot be a MitM because both sides of the connection are aware of this layer.

    This is false. Being aware of a man in the middle and/or willingly accepting it does not mean it ceases to exist. It just means it’s not a man-in-the-middle attack.

  • mox@lemmy.sdf.orgtoTechnology@lemmy.worldCloudflare to EU: Anti-Piracy Measures Shouldn't Harm Privacy and SecurityEnglish
    5·
    7 days ago

    music group IFPI complained that while Cloudflare discloses the hosting locations of pirate sites in response to abuse reports, it doesn’t voluntarily share the identity of these pirate customers with rightsholders.

    “Where IFPI needs to obtain the customer’s contact information, Cloudflare will only disclose these details following a subpoena or court order – i.e. these disclosures are mandated by law and are not an example of the service’s goodwill or a policy or measures intended to assist IP rights holders,” IFPI wrote.

    So the corporations enjoying enormous profits from other people’s work are unhappy that Cloudflare doesn’t make it easy for them to circumvent due process. What a surprise.

    (I’m generally not a fan of Cloudflare, because its man-in-the-middle position between users and services has grown to an unhealthy scale, making it ripe for dragnet surveillance and other abuses. But it would be even worse if it was actively helping these greedy, predatory corporations dodge the law.)

  • mox@lemmy.sdf.orgtoTechnology@lemmy.worldMusic industry’s 1990s hard drives, like all HDDs, are dyingEnglish
    0·
    2 months ago

    I explained that they ought to be recipes to new media every N number of years or risk deteriorating or becoming unreadable

    This is important, and for some media, it should be more often than that.

    People forget that flash memory uses electrical charge to store data. It’s not durable. If left unpowered for too long, that data will get corrupted. A failure might not even be visible without examining every bit of every file.

    Keep backups. Include recovery data (e.g. PAR2). Store them on multiple media. Keep them well-maintained (e.g. give flash drives power). Mind their environment. Copy them to new storage devices before the old ones become obsolete.

    It’s funny that with all our technology, paper is still the most durable storage medium (under normal conditions) that doesn’t cost an arm and a leg.