Posted by: 3421748?
Posting time: 1.2 years ago on
Last edit time: never edited.
Archived on: 12/11/2019 10:00:00 AM
Views: 451
SCP: 72
73 upvotes, 1 downvotes (99% upvoted it)
~91 user(s) here now
Subverse anonymized: usernames are hidden and votes don't count.
NSFW: Yes
Authorized: No
Anon: Yes
Private: No
Type: Default
view the rest of the comments →
[–] 20538185? 0 points 3 points 3 points (+3|-0) ago
Click on the green lock at the top, next to https and get more details, and you will see, cloudflare did indeed issue the certificate.
However, this does not necessarily mean cloudflare can read all messages, since there could be multiple layers of encryption. Should probably be possible to tell by observing the data leaving the browser from the network tab of the developer view in the browser.
But yeah, probably shouldn't expect secure messaging from a public site. Is cloudflare much worse than voat? Maybe. Maybe not.
[–] 20538379? 0 points 3 points 3 points (+3|-0) ago
It means exactly that. Cloudflare decrypts and reads everything. Potentially stores it too.
Multiple layers are possible, but voat would have to implement that in JavaScript, which it didn’t.
[–] 20538241? 0 points 3 points 3 points (+3|-0) ago (edited ago)
you are ...
100% INCORRECT!
It is not a certificate owned nor controlled by voat.co and data is in fact ONLY sent to actual voat.co server in palintext or in a DIFFERENT KEY if any.
If you read about RULES and PROCEDURES for using Cloudflare you would know this.
If you knew how to read the SSL cert you would know this.
If you read the news, or messages from cloudflare regarding us gov subpoenas , you would know they OFTEN give large amounts of data to feds... unencrypted on their end.
"But what seems to be overlooked by many is that fact that the ‘Flexible SSL’ option only provides secure traffic between the user and CloudFlares network – NOT between CloudFlare and your website. Which means the users traffic is exposed over the internet as normal HTTP traffic." :
https://www.itsupportguides.com/knowledge-base/website-tips/why-cloudflares-flexible-ssl-is-really-bad/
The Real Cost of a CloudFlare “Free” SSL Certificate :
https://info.ssl.com/the-real-cost-of-a-cloudflare-free-ssl-certificate/
and :
https://support.cloudflare.com/hc/en-us/articles/203295200
EDIT :
and "baby talk" explanation of scandal here :
https://www.reddit.com/r/privacy/comments/41cb4k/be_careful_with_cloudflare/
TL/DR: ALL DATA is momentarily decrypted by the real owner of the SSL key , Cloudflare, before exiting cloudflares servers to voat.co
[–] 20538682? 1 point 0 points 1 point (+1|-1) ago
So cloudflare doesn't allow you to encrypt the data before you send it thru them? That's bullshit. Prove me wrong.
[–] 20538363? ago
STOP! Too technical. Please explain terms such as "palintext" for the rest of us numpties.
[–] 20538587? 0 points 2 points 2 points (+2|-0) ago
Why trust it?
Its like running from a sniper