you are viewing a single comment's thread.

view the rest of the comments →

[–]raven9 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (12 children)

Why am I not seeing this? My android app is still connecting to cloudfare servers in the United States at ip addresses; - 104.31.88.85 - 104.31.89.85

[–]magnora7[S] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (11 children)

What aren't you seeing?

[–]raven9 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (10 children)

Not seeing connection to servers outside the US. Also I notice the app is making secondary, insecure connections (not https) to those same two ip addresses. So

  • 104.31.88.85:443
  • 104.31.89.85:443
  • 104.31.88.85:80
  • 104.31.89.85:80

Also these two fastly.net servers

  • 151.101.204.193:443
  • 151.101.56.193:443

[–]magnora7[S] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (9 children)

Yes it connects to cloudflare first before connecting to the swiss server, so this is expected behavior. It's a middle layer that can be disabled at any time

[–]raven9 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (8 children)

But you do realise that means the Swiss server is not providing any added privacy for saidit users because in that respect cloudflare is a man in the middle enabling surveillance of all traffic to and from the saidit servers.

[–]magnora7[S] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (7 children)

It provides tons of extra privacy to be hosted in switzerland. But yes cloudflare does have access to all IPs going through it. That's true for 90% of websites.

[–]raven9 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (6 children)

"It provides tons of extra privacy to be hosted in switzerland."

How?

  1. My device establishes an encrypted https connection to the cloudflare server.
  2. When cloudflare receives that data, their end of that https protocol connection decrypts the data.
  3. Cloudflare now has the plaintext. They know what was sent, who sent it, the ip address it came from and probably a lot more than that.
  4. Cloudfare server now creates an https connection to the saidit server. Data is re-encrypted and sent to saidit server.

Privacy might only exist by direct connection to saidit servers but of course the intel agencies would use DDOS weapons to attack that setup to force you to choose the "protection" their cloud computing system offers.

[–]magnora7[S] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (5 children)

It protects us legally, not technologically. Either way, we'd be using a DDOS service

[–]raven9 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (4 children)

Ddos == distributed denial of service. It is a coordinated attack using thousands of compromised network devices that is used to take down internet servers by overwhelming them with bogus traffic. For example, millions of attempts per second to log in with random false credentials.

[–]magnora7[S] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (3 children)

Yes. We've had several DDOS attacks, and that's why we need to cloudflare to defend against them.