Why is everyone ignoring Cloudfare's MITM that affects 13% of sites worldwide and maybe 30% of English-language sites?
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I don't understand, what do you mean by that, that the problem comes and goes? LQ has chosen Cloudflare to route the website through their network. There's no problem in that, it's intentional.
That Cloudflare is far from well-intention, yes, sure, that's rather clear, but I don't understand your rationale
My mistake, if you point openssl at www.linuxquestions.org one gets a different certificate than from pointing at linuxquestions.org, without the www. prefix.
That will show the certificate chain, which is generally only two deep due to the excessive number registered in either browser. Certificates are just signed public keys. It's an admirable scam but one that has gone on for too long. The browsers don't warn about MitM certificates in general, even if they seem to be used increasingly and not just with Cloudflare. How encryption is on in the browser is long overdue an overhaul.
Back to the current situations, if you want just the certificate names,
It's their choice to run behind Cloudflare or not, and risk letting them become the gatekeeper for LQ, but it is something they could warn about since the browsers themselves don't make a warning for MitM attacks.
I'm amazed people are shocked when they find stuff like this. That is the real surprise to me. If you are connected in any way shape or form, someone is watching.
The shock is that security and privacy experts are ignoring it, not that Cloudflare exists.
The even bigger shock: the Tor Browser developers are ignoring it too. This is the best browser I know for privacy and there is no need to use it with Tor and raise flags, it can be used without Tor with a few tweaks. In fact I am about to switch to this as my main browser, minus the Tor functionality. But what is the matter with these people, why isn't there any warning that a MITM scheme is going on, what happened to the pretense of privacy?
@hazel Yes, the TLS certificate is provided by Cloudflare. There you go...
Oh, it's more than that. Some scripts from cdnjs.cloudflare.com.
I am far from even remotely expert in this, but I know one or two sites that work perfectly without javascript - except for Cloudflare's despicable "DDOS protection", which would require me to enable javascript only for that once redirected to the actual site, it's not required anymore). Ah, thankfully there's the Tor Browser for cases like that...
Nota bene, LQ works perfectly without javascript, be it from cloudflare or elsewhere.
I am aware this thread is about Cloudflare and not javascript, but: giving up encryption while going through their servers is one thing, but being sucked dry by their sniffing scripts is a whole extra serving of bad.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.