you are viewing a single comment's thread.

view the rest of the comments →

[–]raven9 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (8 children)

But you do realise that means the Swiss server is not providing any added privacy for saidit users because in that respect cloudflare is a man in the middle enabling surveillance of all traffic to and from the saidit servers.

[–]magnora7[S] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (7 children)

It provides tons of extra privacy to be hosted in switzerland. But yes cloudflare does have access to all IPs going through it. That's true for 90% of websites.

[–]raven9 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (6 children)

"It provides tons of extra privacy to be hosted in switzerland."

How?

  1. My device establishes an encrypted https connection to the cloudflare server.
  2. When cloudflare receives that data, their end of that https protocol connection decrypts the data.
  3. Cloudflare now has the plaintext. They know what was sent, who sent it, the ip address it came from and probably a lot more than that.
  4. Cloudfare server now creates an https connection to the saidit server. Data is re-encrypted and sent to saidit server.

Privacy might only exist by direct connection to saidit servers but of course the intel agencies would use DDOS weapons to attack that setup to force you to choose the "protection" their cloud computing system offers.

[–]magnora7[S] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (5 children)

It protects us legally, not technologically. Either way, we'd be using a DDOS service

[–]raven9 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (4 children)

Ddos == distributed denial of service. It is a coordinated attack using thousands of compromised network devices that is used to take down internet servers by overwhelming them with bogus traffic. For example, millions of attempts per second to log in with random false credentials.

[–]magnora7[S] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (3 children)

Yes. We've had several DDOS attacks, and that's why we need to cloudflare to defend against them.

[–]raven9 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (2 children)

I know but do you see what I am saying? I think this is an important issue.

As I'm sure you are aware, I think many of us who have posted on reddit on the controversial political subs and the conspiracy subs and the 911 subs and others, attract the attention of those government agents who try to discredit and belittle our posts, but I think it goes a lot further than that. I think they can then monitor our traffic by intercepting it on those cloud servers. They then can easily link that to devices and real world identity and I have had them make veiled threats and subtle references to things that only someone who knows me personally would know about.

Of course they would claim that is paranoid delusion but when we already know the lengths they go with surveillance and how they coerce us all into using devices that are location trackers etc, it would be verging on ridiculous to imagine that they would not use what is already existing technology to do a lot of other surveillance related intrusions like those I described.

[–]magnora7[S] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (1 child)

Yes I see what you are saying. The options though, are to 1) be open to DDOS attacks, which would certainly cripple the website once people realize it's open. or 2) Have a DDOS service that can view our through-traffic and the site remains up

so it's kind of lose/lose and the less bad option is to have our through traffic be available to cloudflare. There are so many more ways to link this though, like the IP backbone itself is known to be observed. So it's not like they don't have access to this anyway.

So I think all things considered we've done what's best for the site. I appreciate the concern though.

[–]raven9 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

There is another option, that is to use encryption that is resistant to the man in the middle such as public key encryption. So prior to registering a username and password, a temporary key pair is generated by the users client. The private key is held by the user, the public key is encrypted with saidit's public key and sent to saidit. That means only saidit can decrypt that to retrieve the users public key. The user’s public key is then used to encrypt and send the user a shared encryption key that is used by both sides to encrypt the rest of the traffic after that, which includes the users account registration.

The point of all that, only saidit can link username to ip address and only saidit can know username and password and real world identity, therefore protecting users from the kind of intimidation tactics in retaliation for criticising government. We already seen how the FBI issued search warrants for everyone who responded to a guy on 8chan who commited a murder. How long before they set up some shit like that to incriminate us? We are already on that slippery slope its just a matter of time in my opinion.