Conversation
Notices
-
Embed this notice
寮 (ryo@social.076.ne.jp)'s status on Wednesday, 07-Dec-2022 09:40:39 JST 
寮
@digdeeper Could you clear this shit up?
I really start getting doubt in that "Block CloudFlare MitM Attack" extension.-
Embed this notice
Dig Deeper (digdeeper@social.076.ne.jp)'s status on Wednesday, 07-Dec-2022 09:44:05 JST 
Dig Deeper
@ryo I do not control that mirror, it's hosted by an old friend. I am pretty sure he changed the headers as a joke, I don't even think onions can be CFed. 寮 likes this. -
Embed this notice
寮 (ryo@social.076.ne.jp)'s status on Wednesday, 07-Dec-2022 09:48:04 JST
寮
@digdeeper Yea, I know that onions can't use Cuckflare, considering it needs you to change DNS settings, which none of the darknets rely on.
By the way, which Tor and I2P mirrors are under your control?
I'll update my webring accordingly, as I don't really trust 3rd party controlled ones for having them up forever (think cancel culture for example). -
Embed this notice
Dig Deeper (digdeeper@social.076.ne.jp)'s status on Wednesday, 07-Dec-2022 09:50:12 JST
Dig Deeper
@ryo Only Clearnet 1, Onion 1 and I2P 1 are mine. 寮 likes this. -
Embed this notice
寮 (ryo@social.076.ne.jp)'s status on Wednesday, 07-Dec-2022 09:51:18 JST
寮
@digdeeper I see, thanks. -
Embed this notice
Depraved_Cunny (lilianabreeder@varishangout.net)'s status on Wednesday, 07-Dec-2022 10:01:05 JST 
Depraved_Cunny
@ryo @digdeeper
onions can be glowflared since they created an onion service that can act as a MitM, which in fact, everybody who uses Tor are connecting (at startup) unless you disable svc on about:config.寮 likes this.Udon repeated this. -
Embed this notice
寮 (ryo@social.076.ne.jp)'s status on Wednesday, 07-Dec-2022 10:01:53 JST
寮
@lilianabreeder @digdeeper These motherfuckers...
Which one? -
Embed this notice
Depraved_Cunny (lilianabreeder@varishangout.net)'s status on Wednesday, 07-Dec-2022 10:26:46 JST
Depraved_Cunny
@ryo @digdeeper network.http.altsvc.enabled, cunnyman. -
Embed this notice
Dig Deeper (digdeeper@social.076.ne.jp)'s status on Wednesday, 07-Dec-2022 10:26:55 JST
Dig Deeper
@lilianabreeder @ryo
Since we're talking about Cloudflare, can I complain about it again? 18.4% of sites MitMed worldwide (I see it went down after the Kiwifarms censorship scandal - used to be over 20% already sometime ago). Still, NONE of the big privacy sites speak about it. NONE of the security experts like Krebs and Schneier speak about it. Some praise it. It's insane, I'm beginning to think this world is cursed. -
Embed this notice
Depraved_Cunny (lilianabreeder@varishangout.net)'s status on Wednesday, 07-Dec-2022 10:45:45 JST
Depraved_Cunny
@digdeeper @ryo the swarm of lazy devs who wants a free firewall+free+cdn+free+ca also like all major centralized spyware out they have the first mover advantage.
maybe some gov bs involved but i have no solid proof except from whats said in crimeflare.寮 likes this. -
Embed this notice
Udon (udon@social.076.ne.jp)'s status on Wednesday, 07-Dec-2022 12:44:12 JST 
Udon
@lilianabreeder @digdeeper @ryo
What is network.http.altsvc.enabled used for?寮 likes this. -
Embed this notice
Udon (udon@social.076.ne.jp)'s status on Wednesday, 07-Dec-2022 12:46:49 JST
Udon
@lilianabreeder @digdeeper @ryo
> maybe some gov bs involved
Well, I'll think it in this way: If I were the government I will be ashamed if I don't get my dirty hands on such a big target. And they will also be happy to borrow our power. -
Embed this notice
Udon (udon@social.076.ne.jp)'s status on Wednesday, 07-Dec-2022 12:54:34 JST
Udon
@lilianabreeder @digdeeper @ryo
https://2019.www.torproject.org/projects/torbrowser/design/
> SPDY and HTTP/2
> Design Goal: SPDY and HTTP/2 connections MUST be isolated to the URL bar domain. Furthermore, all associated means that could be used for cross-domain user tracking (alt-svc headers come to mind) MUST adhere to this design principle as well.
> Implementation status: SPDY and HTTP/2 are currently disabled by setting the Firefox preferences network.http.spdy.enabled, network.http.spdy.enabled.v2, network.http.spdy.enabled.v3, network.http.spdy.enabled.v3-1, network.http.spdy.enabled.http2, network.http.spdy.enabled.http2draft, network.http.altsvc.enabled, and network.http.altsvc.oe to false.
But, I still don't get how it is related to Cloudflare (directly). -
Embed this notice
Depraved_Cunny (lilianabreeder@varishangout.net)'s status on Wednesday, 07-Dec-2022 21:13:29 JST
Depraved_Cunny
@udon @digdeeper @ryo well, that problem is, some of these are connecting to glowflare.
long story short.
the centralization problem are tremendous when they can fingerprint (pinky promise we won't do bad things tehee~) you during startup, cdn, destination service and dns.
i guess I should do a disclaimer that if you trust cuckflare (don't) its fine.寮 likes this. -
Embed this notice
Depraved_Cunny (lilianabreeder@varishangout.net)'s status on Wednesday, 07-Dec-2022 21:13:30 JST
Depraved_Cunny
@udon @digdeeper @ryo tor browser connects with isolation to a few websites during startup
(for example securedrop and mozilla)
this settings enabled allows these connections to establish to alternative authoritative servers, with speed.寮 repeated this. -
Embed this notice
Udon (udon@social.076.ne.jp)'s status on Wednesday, 07-Dec-2022 21:37:52 JST
Udon
@lilianabreeder @digdeeper @ryo
Are those the same connections in about:networking? In general I can see moz telemetries and in post 11.1 I can see securedrop telemetries. -
Embed this notice
Udon (udon@social.076.ne.jp)'s status on Wednesday, 07-Dec-2022 21:39:54 JST
Udon
@lilianabreeder @digdeeper @ryo
No, I don't, but I want to know how they work technically or configured to use CF's onion service. -
Embed this notice
Udon (udon@social.076.ne.jp)'s status on Wednesday, 07-Dec-2022 22:14:38 JST
Udon
@lilianabreeder @digdeeper @ryo
I just now tested, request header is still 1.1.
Btw, that securedrop thing can be disabled with "about:rulesets". No idea for the firefox.settings.mozilla thing. -
Embed this notice
Depraved_Cunny (lilianabreeder@varishangout.net)'s status on Wednesday, 07-Dec-2022 22:14:39 JST
Depraved_Cunny
@udon @digdeeper @ryo correct :slap:
as far I remember they use an HTTP/2 tcp through alt-svc request to 1.1.1.1.
since onions are http it shouldn't be hard to setup yourself.
https://blog.cuckflare.com/welcome-hidden-resolver/ -
Embed this notice
Depraved_Cunny (lilianabreeder@varishangout.net)'s status on Wednesday, 07-Dec-2022 22:26:57 JST
Depraved_Cunny
@udon @digdeeper @ryo i went to this rabbit-hole.
you would need to compile from source to take them out.
enough about spyware and security for today.
i want le :cunny2:寮 likes this. -
Embed this notice
Udon (udon@social.076.ne.jp)'s status on Wednesday, 07-Dec-2022 22:28:38 JST
Udon
@lilianabreeder @digdeeper @ryo
Same... I gave up TBB when I couldn't remove those things with Spyware Watchdog's guide, since 11.5 (*typo in previous post, 11.5, not 11.1)寮 likes this.
-
Embed this notice
All GNU social JP content and data are available under the