Conversation

Notices

Ain Tohvri (tekkie@mstdn.social)'s status on Wednesday, 14-Jun-2023 10:02:00 UTC Ain Tohvri

Even on a very small static website #Cloudflare makes a difference. #Security #InfoSec
In conversation Wednesday, 14-Jun-2023 10:02:00 UTC from mstdn.social permalink
Attachments
1. Security Firewall mitigated events during March ▲(55%) since February 110 FIREWALL MITIGATED EVENTS TOP 3 COUNTRIES Russia: 99 Germany: 3 United States: 3
  https://media.mstdn.social/media_attachments/files/110/190/897/604/916/112/original/cc5872793a7d75a6.png
- Michał "rysiek" Woźniak · 🇺🇦 (rysiek@mstdn.social)'s status on Wednesday, 14-Jun-2023 10:01:42 UTC Michał "rysiek" Woźniak · 🇺🇦
  in reply to
  - digitalRightsNinja
  @tekkie @digitalRightsNinja I mean, Wikipedia does not block Tor. If you use Tor you don't get to *edit* Wikipedia anonymously, but you *can* read it and you *can* register / log-in and edit then.
  CloudFlare is exploiting and supercharging the "oooooh scaary darkweeeeb 👻" narrative for profit, and to push more people into their centralized service. They already handle ~20% of all web traffic globally.
  https://w3techs.com/technologies/details/cn-cloudflare
  I would argue CloudFlare centralization is a bigger threat than Tor.
  In conversation Wednesday, 14-Jun-2023 10:01:42 UTC permalink
  Attachments
  1. Untitled attachment
- Michał "rysiek" Woźniak · 🇺🇦 (rysiek@mstdn.social)'s status on Wednesday, 14-Jun-2023 10:01:43 UTC Michał "rysiek" Woźniak · 🇺🇦
  in reply to
  - digitalRightsNinja
  @tekkie @digitalRightsNinja scoring by whom, for what purpose?
  Why do I care if a Tor node is "red" in that sense if my site is static and there's not much to abuse? What kind of "events" did CloudFlare "mitigate" for you on a static site that would not be mitigated by the fact that the site is static?
  After doing some serious web hosting work, I really doubt that blocking Tor makes a difference, unless we're talking dynamic websites that allow anonymous interactions.
  
  In conversation Wednesday, 14-Jun-2023 10:01:43 UTC permalink
  
  admin de gnusocial.net repeated this.
- Ain Tohvri (tekkie@mstdn.social)'s status on Wednesday, 14-Jun-2023 10:01:50 UTC Ain Tohvri
  in reply to
  - Michał "rysiek" Woźniak · 🇺🇦
  - digitalRightsNinja
  @digitalRightsNinja @rysiek unfortunately Tor nodes are traditionally blocked because there's a lot malicious action originating from them. The entire ranges for those Tor nodes are often completely red when it comes to abuse scoring.
  
  In conversation Wednesday, 14-Jun-2023 10:01:50 UTC permalink
- digitalrightsninja@fedi.at's status on Wednesday, 14-Jun-2023 10:01:59 UTC digitalRightsNinja
  in reply to
  - Michał "rysiek" Woźniak · 🇺🇦
  @rysiek
  Indeed. For example, #Cloudflare considers Tor users like myself to be malicious. So my legit access to the above mentioned website would have blocked me and incremented that count that users sadly believe are true positives for malicious attempts.
  @tekkie
  
  In conversation Wednesday, 14-Jun-2023 10:01:59 UTC permalink
- Michał "rysiek" Woźniak · 🇺🇦 (rysiek@mstdn.social)'s status on Wednesday, 14-Jun-2023 10:02:00 UTC Michał "rysiek" Woźniak · 🇺🇦
  in reply to
  
  @tekkie yeah, a bunch of people will avoid it. Plus, there is no info what #CloudFlare considers an "event" and why it needed "mitigation". And if it's a small site, presumably going static would be feasible, which would remove a gigantic amount of attack surface, without putting a spying gatekeeper between the site and its visitors.
  
  In conversation Wednesday, 14-Jun-2023 10:02:00 UTC permalink

Public

Notices

Feeds