upvote

points

by linkregister5 hours ago |
comments
upvoteby fph5 hours ago|
next
[-]
Within the realm of possibility? Let's be honest, if you are a top NSA executive and you couldn't find a way to get your hands on Cloudflare's private keys (bribing or threatening the right person), you are not getting your Christmas bonus.
reply
upvoteby nly4 hours ago|
parent|
next
[-]
It is of course inconceivable that the NSA do not have the private keys for dozens of browser trusted certificate authorities

That nonetheless doesn't help them unless they are doing active MITM. In order to do that they'd have to have at least some physical presence at Cloudflare or on the path to Cloudflare.

reply
upvoteby RealityVoid4 hours ago|
parent|
[-]
My understanding is that they tapped communication nodes before. I would be surprised if they can't tap the pipes to cloudflare.
reply
upvoteby fragmede48 minutes ago|
parent|
[-]
I mean, it is the CIA, but if you encrypt it before it leaves the box, and you're decent good with the key material, how are they going to get at it? Tapping the fiber then gets them encrypted flows, which isn't nothing, but, well, it would be surprising if they had access to the clear text.
reply
upvoteby linkregister4 hours ago|
parent|
prev|
next
[-]
Is this information derived from Enemy of the State starring Will Smith and Gene Hackman? It was a great movie and the first DVD I ever bought.
reply
upvoteby philipallstar2 hours ago|
parent|
prev|
[-]
Do people in government get bonuses linked to performance?
reply
upvoteby sph1 hours ago|
parent|
[-]
Government agencies get budgets linked to performance.
reply
upvoteby philipallstar48 minutes ago|
parent|
[-]
Well - do they? In my experience they get budgets for spending their current budget.
reply
upvoteby sph5 hours ago|
prev|
next
[-]
> Unlike other companies in the leaked NSA slides that participated in PRISM, Cloudflare would face a near-total loss of customers

People didn’t care when they learned about PRISM, why would they care now when it’s a known fact? The sane stance would be to assume Cloudflare is in cahoots with NSA.

reply
upvoteby linkregister5 hours ago|
parent|
[-]
All the companies involved in PRISM made public statements saying they ceased participation. Google undertook a costly initiative to add encrypted connections over their datacenter circuits. The NSA leaks were a forcing function that led to a massive uptake of encryption. Up until that point it was common for websites to support only HTTP.

The NSA leaks dominated news cycles for the entirety of 2013.

reply
upvoteby netdevphoenix3 hours ago|
parent|
next
[-]
> All the companies involved in PRISM made public statements saying they ceased participation. Google undertook a costly initiative to add encrypted connections over their datacenter circuits

This is as helpful as Whatsapp's so called E2E encryption comms (that just happens to not be applicable by default in certain situations).

reply
upvoteby lukewarm7075 hours ago|
parent|
prev|
[-]
my llm api traffic terminates tcp at cloudflare in lovely plain text :/

it does give better peering. reduces latency a bit for me.

reply
upvoteby my-next-account4 hours ago|
parent|
[-]
I had no idea that this was a thing. How can you figure out where SSL turns into plain text on its route to the destination?
reply
upvoteby lukewarm7071 hours ago|
parent|
[-]
in this case it's my design to use cloudflare.

but you can also see from curl or traceroute, that the endpoint you talked to was a cloudflare ip and your ssl ended there. after that you can't see inside cloudflare.

reply
upvoteby netdevphoenix3 hours ago|
prev|
[-]
> Cloudflare would face a near-total loss of customer

I think more people than you would expect would be happy to accept that as the price for protection against malicious actors

reply