Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://activism.openworlds.info/users/aktivismoEstasMiaLuo/statuses/110909204224424529">Activist (aktivismoestasmialuo@activism.openworlds.info)'s status on Friday, 18-Aug-2023 16:39:53 JST</a><a href="https://activism.openworlds.info/@aktivismoEstasMiaLuo" title="aktivismoestasmialuo@activism.openworlds.info"><img src="https://gnusocial.jp/avatar/12196-48-20221007072941.webp" width="48" height="48" alt="Activist" style="position: absolute; left: 0; top: 0;">Activist</a><div><a href="https://activism.openworlds.info/@aktivismoEstasMiaLuo/110909187189143667" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/135029" title="mcspadden@mastodon.social">McSpadden</a></li><li><a href="https://gnusocial.jp/user/159918" title="dev_m@mastodon.social">dev_m</a></li><li><a href="https://gnusocial.jp/user/160949" title="oceane@peculiar.florist">Océane</a></li><li><a href="https://gnusocial.jp/user/161058" title="emurphy@c.im">E. Murphy, the name you know</a></li></ul></div></section><article><p><a href="https://c.im/@emurphy">@emurphy</a> <a href="https://peculiar.florist/@oceane">@oceane</a> <a href="https://mastodon.social/@pixelfed">@pixelfed</a> <a href="https://mastodon.social/@dev_m">@dev_m</a> <a href="https://mastodon.social/@mcspadden">@mcspadden</a> So when someone logs into <a href="https://activism.openworlds.info/tags/Pixelfed" rel="tag">#Pixelfed</a>, <a href="https://activism.openworlds.info/tags/Cloudflare" rel="tag">#Cloudflare</a> sees their username, password &amp; all traffic on that site. CF holds the keys so that’s where the tunnel ends. CF users (e.g. Pixelfed) do not warn users of this. So suppose a user is sloppy &amp; reuses the same pw on many websites. CF sees the pw &amp; from that would even be able to compromise that user on non-CF sites.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/1959998#notice-3851004">In conversation</a><time datetime="2023-08-18T16:39:53+09:00" title="Friday, 18-Aug-2023 16:39:53 JST">about a year ago</time> <span>from <span><a href="https://activism.openworlds.info/@aktivismoEstasMiaLuo/110909204224424529" rel="external" title="Sent from activism.openworlds.info via ActivityPub">activism.openworlds.info</a></span></span><a href="https://activism.openworlds.info/@aktivismoEstasMiaLuo/110909204224424529">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Activist (aktivismoestasmialuo@activism.openworlds.info)'s status on Friday, 18-Aug-2023 16:39:53 JSTActivist
in reply to
@emurphy @oceane @pixelfed @dev_m @mcspadden So when someone logs into #Pixelfed, #Cloudflare sees their username, password & all traffic on that site. CF holds the keys so that’s where the tunnel ends. CF users (e.g. Pixelfed) do not warn users of this. So suppose a user is sloppy & reuses the same pw on many websites. CF sees the pw & from that would even be able to compromise that user on non-CF sites.
In conversationabout a year ago from activism.openworlds.infopermalink

Public

Embed Notice

HTML Code

Corresponding Notice