You are viewing a single comment's thread.

view the rest of the comments →

0
3

[–] 20538185? 0 points 3 points (+3|-0) ago 

Click on the green lock at the top, next to https and get more details, and you will see, cloudflare did indeed issue the certificate.

However, this does not necessarily mean cloudflare can read all messages, since there could be multiple layers of encryption. Should probably be possible to tell by observing the data leaving the browser from the network tab of the developer view in the browser.

But yeah, probably shouldn't expect secure messaging from a public site. Is cloudflare much worse than voat? Maybe. Maybe not.

0
3

[–] 20538379? 0 points 3 points (+3|-0) ago 

It means exactly that. Cloudflare decrypts and reads everything. Potentially stores it too.

Multiple layers are possible, but voat would have to implement that in JavaScript, which it didn’t.

0
3

[–] 20538241? 0 points 3 points (+3|-0) ago  (edited ago)

you are ...

100% INCORRECT!

It is not a certificate owned nor controlled by voat.co and data is in fact ONLY sent to actual voat.co server in palintext or in a DIFFERENT KEY if any.

If you read about RULES and PROCEDURES for using Cloudflare you would know this.

If you knew how to read the SSL cert you would know this.

If you read the news, or messages from cloudflare regarding us gov subpoenas , you would know they OFTEN give large amounts of data to feds... unencrypted on their end.

"But what seems to be overlooked by many is that fact that the ‘Flexible SSL’ option only provides secure traffic between the user and CloudFlares network – NOT between CloudFlare and your website. Which means the users traffic is exposed over the internet as normal HTTP traffic." :

https://www.itsupportguides.com/knowledge-base/website-tips/why-cloudflares-flexible-ssl-is-really-bad/

The Real Cost of a CloudFlare “Free” SSL Certificate :

https://info.ssl.com/the-real-cost-of-a-cloudflare-free-ssl-certificate/

and :

https://support.cloudflare.com/hc/en-us/articles/203295200

EDIT :

and "baby talk" explanation of scandal here :

https://www.reddit.com/r/privacy/comments/41cb4k/be_careful_with_cloudflare/

TL/DR: ALL DATA is momentarily decrypted by the real owner of the SSL key , Cloudflare, before exiting cloudflares servers to voat.co

1
0

[–] 20538682? 1 point 0 points (+1|-1) ago 

So cloudflare doesn't allow you to encrypt the data before you send it thru them? That's bullshit. Prove me wrong.

0
0

[–] 20538363? ago 

data is in fact ONLY sent to actual voat.co server in palintext ...

STOP! Too technical. Please explain terms such as "palintext" for the rest of us numpties.

0
2

[–] 20538587? 0 points 2 points (+2|-0) ago 

Why trust it?

Its like running from a sniper