0
7

[–] 20537882? 0 points 7 points (+7|-0) ago 

Only a matter of time before CF and CF are brought to justice, if I worked there, I would collect all the evidence and give it to AG Durham in New Haven.

0
1

[–] 20538690? 0 points 1 point (+1|-0) ago 

Seems like a short project!

  1. Web-scrape for "xyz@cloudflare.com" email addresses.
  2. Send an email to each of those recipients (separate emails so they don't see each other, I think would be better), with basically the above; also include the address for AG Durham, including physical, email, web, anonymous method to connect as well. Perhaps mention places to upload large amounts, like mega.

0
6

[–] 20538085? 0 points 6 points (+6|-0) ago 

FUCKING DISGUSTING.

because of cloudflare, EVERY PRIVATE MESSAGE sent between two users on voat.co is stored unencrypted at cloudflare because the SSL (https) certificate is not owned by voat.co, its cloudflare! really!

Look at the cert now if you doubt me

0
3

[–] 20538185? 0 points 3 points (+3|-0) ago 

Click on the green lock at the top, next to https and get more details, and you will see, cloudflare did indeed issue the certificate.

However, this does not necessarily mean cloudflare can read all messages, since there could be multiple layers of encryption. Should probably be possible to tell by observing the data leaving the browser from the network tab of the developer view in the browser.

But yeah, probably shouldn't expect secure messaging from a public site. Is cloudflare much worse than voat? Maybe. Maybe not.

0
3

[–] 20538379? 0 points 3 points (+3|-0) ago 

It means exactly that. Cloudflare decrypts and reads everything. Potentially stores it too.

Multiple layers are possible, but voat would have to implement that in JavaScript, which it didn’t.

0
3

[–] 20538241? 0 points 3 points (+3|-0) ago  (edited ago)

you are ...

100% INCORRECT!

It is not a certificate owned nor controlled by voat.co and data is in fact ONLY sent to actual voat.co server in palintext or in a DIFFERENT KEY if any.

If you read about RULES and PROCEDURES for using Cloudflare you would know this.

If you knew how to read the SSL cert you would know this.

If you read the news, or messages from cloudflare regarding us gov subpoenas , you would know they OFTEN give large amounts of data to feds... unencrypted on their end.

"But what seems to be overlooked by many is that fact that the ‘Flexible SSL’ option only provides secure traffic between the user and CloudFlares network – NOT between CloudFlare and your website. Which means the users traffic is exposed over the internet as normal HTTP traffic." :

https://www.itsupportguides.com/knowledge-base/website-tips/why-cloudflares-flexible-ssl-is-really-bad/

The Real Cost of a CloudFlare “Free” SSL Certificate :

https://info.ssl.com/the-real-cost-of-a-cloudflare-free-ssl-certificate/

and :

https://support.cloudflare.com/hc/en-us/articles/203295200

EDIT :

and "baby talk" explanation of scandal here :

https://www.reddit.com/r/privacy/comments/41cb4k/be_careful_with_cloudflare/

TL/DR: ALL DATA is momentarily decrypted by the real owner of the SSL key , Cloudflare, before exiting cloudflares servers to voat.co

0
2

[–] 20538587? 0 points 2 points (+2|-0) ago 

Why trust it?

Its like running from a sniper

1
0

[–] 20539136? 1 point 0 points (+1|-1) ago 

Of course it’s stored unencrypted, you don’t know the first goddamned thing about computers. Even if it was encrypted on disk, he key has to live somewhere; as long as the Voat servers themselves are going to store your message, it’s going to be decryptable without your knowledge.

The SSL certificate has fucking nothing to do with that. That’s encryption across the wire, not at rest.

If you wanted your messages across Voat to be secure, you would have to have a private encryption key in your client, and a public key in your profile, and other people’s clients would encrypt their messages to your public key.

Note that there’s nothing stopping you from using Keybase to store keys and then using GPG, but we would need users to get some goddamned agency and set up all of that, which they’re not going to do.

0
0

[–] 20542735? ago  (edited ago)

I am sorry, you are retarded, and I , the OP and specifically hired to implement security on millions of computers for several fortune-100 corporations throughout history. By the way I am a SSL long time PROGRAMMER as well.

I told the truth. You must be a fed shill.

My words went over your head.

I guess I did not explain myself. Or you dont know what cloudflare is , or how their system works.

  • 1 > cloudflare offers free anti-ddos and dns fail-over to tens of thousands of large sites, including voat.co

  • 2 > its free, because it is NOT ALLOWED to send gibberish encrypted data predominantly through them, all data must be clear unencrypted and only encrypted with a CLOUDFLARE owned and cloudflare controlled key. In the near past they even reused this same key for thousands of servers, like voat.co.

  • 3 > for extra $, and rare according to their own FAQs , cloudflare will let voat.co also receive ssl encrypted data AFTER DECRYPED and stored at cloudflare for US gov and others, then re-encrypt using adifferent SSL key no user ever sees, but to make sure data on last part of the trip is ssl protected.

No one here, not even me is talking about voat.co servers representation of data, it gets decrypted at some point , so your lame "straw man" argument with yourself is retarded.

I TRIED TO WARN YOU GUYS, but morons here get in the way!

read this thread , i already addressed my points but you never read them I think or followed the links! Read here , it explains how Cloudflare prohibits real SSL controlled by voat.co : https://voat.co/v/QRV/3421748/20538241

0
4

[–] 20538312? 0 points 4 points (+4|-0) ago 

It is hilarious that people actually think that using a VPN keeps them anonymous, protected from tracking or being spied on by gov...People using VPN's are the first people they will spy on cause they must have something to hide...

There is no such thing as secure online or on a cell.....I bet all the big VPN's are run by the NSA or CIA...

0
0

[–] 20544211? ago 

I use VPN for torrents.....it bypasses my ISP who block torrent sites.

0
0

[–] 20545226? ago 

I think that is what most use a VPN for...but when I hear ads for VPN's they preach privacy...security ect...and for the most part is true...but not safe against the Government...

IMO...nothing can stop the GOV if they really want to see what you are doing...the average Joe don't have to worry...till he does cause who know what will make you a person of interest these days....just having someone that is 3 or for hops from a person of interest dial the wrong number one day could potentially make anyone suddenly interesting to the Gov.

0
2

[–] 20538070? 0 points 2 points (+2|-0) ago 

Guess what else is free...FascistBook, Twatter, Goolag, etc.

Yeah....no.

0
0

[–] 20538276? ago 

Voat is free, yet here you are.

0
2

[–] 20538325? 0 points 2 points (+2|-0) ago 

Firefox has been cucked for a long time, they decided to ban a lot of sites browser side on their own. Deleted that shit the same day.

0
1

[–] 20538689? 0 points 1 point (+1|-0) ago 

I stopped using Firefox when I learned their HQ is based out of San Francisco.

0
0

[–] 20539254? ago 

So what are you using instead? Did you find some other browser that respects your freedom and right to block ads?

0
0

[–] 20537830? [S] ago 

0
0

[–] 20540861? ago 

Firefox is now supported & funded (indirectly) by Soros.

There are a lot of articles about it, but here are some.

https://www.naturalnews.com/2017-08-14-firefox-browsers-will-soon-block-fake-news-flagged-by-george-soros-linked-left-wing-groups.html

https://steemit.com/freedom/@tell-me-a-vision/oh-no-mozilla-has-joined-up-with-george-soros

Fake News AKA anything that does against the globalist agenda.

Don't use Firefox or Chrome, obviously. Brave/Opera are two good choices.

0
1

[–] 20542771? 0 points 1 point (+1|-0) ago 

I like opera. DuckDuckGo has their own browser now too. Not bad.

0
0

[–] 20538018? ago 

BETA is free= unpaid testers

Hope it works, if it doesn't oh well

load more comments ▼ (9 remaining)