Updates, security

[johny...@sigaint.org]

While updates are signed, so even if they come over the wire in cleartext,
the fact that they often are sent in the clear (even from debian.net)
allows a snooper to know what packages your scanning for metadata or
installing. It reveals a lot about the state of your system.

Updating over Tor or a VPN helps a bit. Updating to debian's hidden
service is even more ideal, no https in between with
state-actor/CA-forgeable certificates possible, etc..

However, Qubes updates aren't available via Tor.

I do notice, however, that the qubes repository will allow changing the
"http" to "https" in the qubes entry /etc/apt/sources.list.d/. (You'd
have to install "apt-transport-https" too.)

Do the Qubes folks have a problem with this? It'd put extra load on the
servers, so I thought I'd ask.

I might suggest it would make a good default, if the load wouldn't be
unacceptable.

Cheers,

-d

[entr0py]

johny...@sigaint.org:

> While updates are signed, so even if they come over the wire in cleartext,
> the fact that they often are sent in the clear (even from debian.net)
> allows a snooper to know what packages your scanning for metadata or
> installing. It reveals a lot about the state of your system.
>
> Updating over Tor or a VPN helps a bit. Updating to debian's hidden
> service is even more ideal, no https in between with
> state-actor/CA-forgeable certificates possible, etc..
>
> However, Qubes updates aren't available via Tor.
>

WIP: https://forums.whonix.org/t/onionizing-qubes-whonix-repositories/3265

[Unman]

This has been under discussion in qubes-issues for some time.
apt-transport-https is installed by default, so you can change that if
you want.

There was a proposal to make debian updates use https by default. It
wasnt accepted. Debian security updates aren't available by https so
that part will always come plain.
You can change the rest to use https.
The benefits of doing this are almost entirely illusory. It's pretty
trivial to identify packages being transferred under https, so a
competent snooper wouldn't be hampered.

I assume you mean that Qubes updates aren't available as an onion
service. I offered to set this up some time back but it wasnt thought a
priority. There used to be such a service but it's long out of date
now.

unman

[Andrew David Wong]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Indeed, it is already possible to download all updates (dom0 + templates)
over Tor, but there are no onion services yet for most parts. Nonetheless,
the main benefits of downloading updates over Tor still hold:

1. Network attackers can't target you with malicious updates or
selectively block you from receiving certain updates. Instead, they're
forced to either block everyone or serve everyone with the same malicious
update in the hope that you're among those affected. This makes it much
more likely that someone will spot the attack.

2. Downloading all updates through Tor preserves your privacy, since it
prevents your ISP and package repositories from tracking which packages
you install.

> I offered to set this up some time back but it wasnt thought a
> priority.

Since one of the core tenets of Qubes is that we distrust the
infrastructure, (i.e., we focus on securing the endpoints before securing
the middle), it makes sense that this would be a lower priority.
Nonetheless, I think it would be fantastic to have this.

> There used to be such a service but it's long out of date
> now.

We had an onion service (back then a "hidden service") mirror of the
website, but I don't think we ever had an onion service package repo
(at least, not that I'm aware of).

- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJYVe/jAAoJENtN07w5UDAwVGsP/R+bwiXp01nhuVE6TDHE1Rdc
bWd074Lw6V87qiDf2LpAOTZ1BKPqAtWNr7zRuWIjfQwbhl1iCiOlFTPWohEULkDf
HvmWUzsOlMokiVPKnydzEVJ+ehMJ/uXdm6s6jbqbCE7Zo6ivdybyMdExNk9igKIJ
lfgvIM5kBUxnHuecS74S0/VZn5f9XOe/IITX2RyWAB478ze7S8SCMIKfnb3wOAey
knOOtSN22vooB3fKZ2y+T6R1mS6beP5TLsqHA7f63r983llP8ttduM8hZBu98g75
+pP7btNgC1DBUJYQcAmZnW7VXlk33atlZanl+3i3Kf6QBY9XXAqrVQ01htrKFmKc
Ac58JFK5JSw6johyZuxoyuHYA/Uaq7SoG//qV6jt28Db6fwUNIdLQ1A6buUjj17G
zJlnk2ihQAotPPVYICqO440gjwfGtkF2ourBqJA1CPheBozDvyyqjNJZNBueuePj
RN30f3X0Zx/HJIcje+SWglm7Vc4TpG4G/pKM+4xD1ODUE0ozZEj1HQJzCdrOfqWl
2A3wDOHpIPuXomEK++l5XZ7vviOCx9cmWdHR3Y5K3bKYqodA/YJVA0dZWe8vEoXf
mLjQfSBeB5ZAGsnPvX6R/Z6blHMvAl6dTUhhkoc5jwf2An/BXFdcOdVZxCbgf9cX
1Tz3X5KDxR7My05U8JWT
=PAw/
-----END PGP SIGNATURE-----

[Tai...@gmx.com]

How come you guys use cloudflare?

They have a dangerous monopoly on internet services and discriminate
against people using VPN's and the like, by insisting that you enable
javascript and perform a captcha even for simply viewing a website and
by subverting them a hostile actor would effectively own most of the
internet.

They also have a curious policy in regards to protecting terrorist
websites, I do not think that that is done out of some want for total
freedom of speech as that reasoning wouldn't mesh with the other
decisions they make.

Pre-emptive q/a:
"it is okay because we have gpg key verified downloads"
Which is fine, until someone changes the signature files and the key id
that users should fetch.
"web of trust key signing protects you"
Which again, is fine, until the key server you use runs cloudflare as
well, or you're stuck at the catch-22 of verification with trusting
trust and besides most users don't check that anyway.
"without cloudflare someone could just get a corrupt CA to issue a fake
cert so hey it doesn't matter"
And that would be detected with certificate patrol.
"but....you ask for a change that may only provide minor protection!"
Security isn't about 100%, it is about layering until you are not the
path of least resistance - 99.9%

-
https://en.wikipedia.org/wiki/Cloudflare#Criticism_.26_Controversies
If that hacker didn't use the exploit for a super petty reason we
probably would have never known.
-

Other associated problems:
* The qubes-os.org site certificates are only 2048bit, not good enough.
* The mailing list uses google groups, instead of better self-hosting
that doesn't give google whatever it is they're getting from it.

[Andrew David Wong]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 2016-12-17 18:33, Tai...@gmx.com wrote:
> How come you guys use cloudflare?

The main reasons are:

1. A core tenet of the Qubes philosophy is "Distrust the
infrastructure," where "the infrastructure" refers to things like
hosting providers, CDNs, DNS services, package repositories, email
servers, PGP keyservers, etc. (This includes Cloudflare, of course.)
We focus on securing the endpoints instead of attempting to secure
"the middle" (i.e., the infrastructure), since one of our goals is
for users to have to entrust their security to as few entities as
possible (ideally, only themselves).

Users can never fully control all the infrastructure they rely
upon, and they can never fully trust all the entities who do control
it. Therefore, we believe the best solution is not to attempt to
make the infrastructure trustworthy, but instead to concentrate on
solutions that obviate the need to do so. We believe that many
attempts to make the infrastructure appear trustworthy actually
provide only the illusion of security and are ultimately a
disservice to real users. Since we don't want to encourage or
endorse this, we make our distrust of the infrastructure explicit.

2. It's free (as in beer). We'd have to spend either time or money to
implement a solution ourselves or pay someone to do so, and we can't
spare either one right now.

3. It has low admin/overhead requirements, which is very important,
given how little time we have to spare.

> They have a dangerous monopoly on internet services and
> discriminate against people using VPN's and the like, by insisting
> that you enable javascript and perform a captcha even for simply
> viewing a website and by subverting them a hostile actor would
> effectively own most of the internet.

I'm not sure about VPNs, but we explicitly whitelist Tor exit nodes in
Cloudflare, so there should be minimal (if any) CAPTCHAs if you browse
our website over Tor (which is much better for strong privacy than
using a VPN).

As for enabling Javascript, this shouldn't be much of a problem for
Qubes users, since they can simply use a DispVM, or have a dedicated
VM for untrusted browsing.

In general, though, I agree that Cloudflare has some undesirable
qualities. If you're aware of a similar solution that doesn't suffer
from these drawbacks (and that satisfies the three requirements listed
above), then by all means, please let us know.

> They also have a curious policy in regards to protecting terrorist
> websites, I do not think that that is done out of some want for
> total freedom of speech as that reasoning wouldn't mesh with the
> other decisions they make.

I don't know anything about this, but if it's true, it's certainly
troubling. Again, if you're aware of a similar solution that doesn't
have such problems (and that satisfies the three requirements listed
above), then by all means, please let us know.

> Pre-emptive q/a: "it is okay because we have gpg key verified
> downloads" Which is fine, until someone changes the signature
> files and the key id that users should fetch.

This is why users are explicitly instructed to verify key fingerprints
using out-of-band (i.e., multiple) channels:

https://www.qubes-os.org/doc/verifying-signatures/

> "web of trust key signing protects you" Which again, is fine,
> until the key server you use runs cloudflare as well,

We don't really rely on WoT so much as verifying key fingerprints, but
isn't the point of WoT that it doesn't have to assume trustworthy
keyservers?

> or you're stuck at the catch-22 of verification with trusting
> trust and besides most users don't check that anyway.

Are you referring to the classic "Reflections on Trusting Trust"
paper? It's not clear to me what you have in mind here.

> "without cloudflare someone could just get a corrupt CA to issue a
> fake cert so hey it doesn't matter" And that would be detected
> with certificate patrol.

There are still a lot of infrastructure-related problems (i.e., attack
vectors) that this doesn't rule out, like an attacker gaining access
to the server itself.

> "but....you ask for a change that may only provide minor
> protection!" Security isn't about 100%, it is about layering until
> you are not the path of least resistance - 99.9%

True, but it's also about the cost-benefit analysis, and in our case,
the costs of implementing and maintaining a solution ourselves are too
high right now.

> https://en.wikipedia.org/wiki/Cloudflare#Criticism_.26_Controversies
> If that hacker didn't use the exploit for a super petty reason we
> probably would have never known.

I can't tell which incident this is referring to, but, in general, I
think the principle of distrusting the infrastructure applies here.

> Other associated problems: * The qubes-os.org site certificates
> are only 2048bit, not good enough.

My impression is that many reputable cryptographers would disagree
with that assessment, but, at any rate, it would seem that the
principle of distrusting the infrastructure again applies here.

> * The mailing list uses google groups, instead of better
> self-hosting that doesn't give google whatever it is they're
> getting from it.

The same three reasons I gave above for why we use Cloudflare also
apply to using Google Groups. (This has come up many times over the
year, so you may want to take a look at previous threads in the list
archives.)

P.S. - Please send your message to only one list next time. I'm
replying on both lists so that this message doesn't appear to be
ignored on one of them, but please direct any further replies only to
qubes-users (and, optionally, individual thread participants).

- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJYVggJAAoJENtN07w5UDAwvGYQAIjz/g2nrnqPrnQYojxosFl0
KjngTrgwLlMYgwOjlin2YFuZh0dAtmRepoGg6rTAsSshaaBikRtFq/0nPrwM/gz2
4gqdHozRYSkjxDck1fgk996cRPioB3QaCnBOGsAPFTB16cnKmA+AlFiAyh74UFoh
wuNFHAO0dNl+MhSB1zV6O+MA+SH7VItomD9LoZc7ICFtnAeGKUTPweSFx1Whhft3
L+56jHyxLKV/lSFmPADFXzpJi+sl6WKD/H64grhK7Ie7hj+0558vZaKPDew2VVE2
ilP7vqXkZEX5k/6CpXlIMzxVexFyazapCilvNZKVdYdk0RDE1qDDXXqU6m11Mu3f
Qf6xYlJHS8ZrY7Kf9eXYrlHNKV5abmMjpG5OPwfRNcLRcUrBSVcMhzq/jKuXVKFW
wVXvH2qmCykOtmxEat9Wpg9UOSzlgYCzplmxER4OoRRdfgGEHgOLNPoIxduAIJt3
xK0Wv7jS1PwqvCuOZy77sTePeWuhfGhkzAXdH/kpjWpDehypV14Ab1Awj727rYec
B5GP2X2BBQt8lsJhKEB9sQDVw68JD4OrbAOhUq5fagWTxhWWbB/q15a+xiiNZJnP
Ll8NS7LoyT7yC/coYAh779lcx5/vrj9rpQd8vnnP8nwVkb2IE+eCYBR/wiLV5lJ7
l9ymHOlFcKzPzRnk/5as
=nJSV
-----END PGP SIGNATURE-----

[Tai...@gmx.com]

Ah thank you for your reply, I suppose it makes sense.
I will donate a sufficient sum for replacement system hardware costs
when I have employment again.

Sending to both lists was a late night accident, my apologies.


https://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf
NIST says that 2048 is good until 2030, I always like to be ahead of the
curve and assume that certain entities have access to better decrypto
tech than the general public.


Yes I was referencing that famous paper, by trusting trust I mean that
every verification system has to start from somewhere; such as a user
buying a regular store laptop and then installing qubes on it - it is
"turtles all the way down" - there is no real way to verify as there is
no previously existing chain or "root" of trust, the best they can do is
rely on a windows based authentication program and the windows
cryptosystem which in certain countries is probably already directly
compromised so in 99% of situations there is the catch-22 verification
problem.

I was referring to the *chan defacement hack.

Theoretically all the computers in their life which they could
potentially do a checksum and gpg key comparison with could be
compromised as well, it isn't very difficult to imagine a determined
adversary also cracking the computers of everyone that somebody knows (I
know plenty of "tech" world people but none of them have decent
security) or messing around with .iso delivery for an entire area.

We also have to assume that most users are not going to bother to even
so much as verify a hash, so I believe that a secure server and https is
essential.
I did not understand the importance of verifying hashes until I had been
using linux for a few years (granted I was a young teenager but still)
and I know many "experienced" sysadmins that don't do it at all.


I still do not believe a single entity controlling so much of the
internet is a good thing for many reasons.

[Tai...@gmx.com]

https://www.eff.org/deeplinks/2017/01/finally-revealed-cloudflare-has-been-fighting-nsls-years

[Andrew David Wong]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 01/11/17 11:04, Tai...@gmx.com wrote:
> https://www.eff.org/deeplinks/2017/01/finally-revealed-cloudflare-has-been-fighting-nsls-years
>

Three main reasons:

1. We distrust the infrastructure anyway.
2. It's low-overhead (in terms of the time and work required for
administrative tasks).
3. It's free (as in beer).

- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJYdpazAAoJENtN07w5UDAwtzUP+wYdIX9LrCMcFdqTs/iXc9D8
djoaQGLiZGDN4rNTRc5lQBCCF0HdemetPfVIWwrDr8d8s+QenO3v27tc539WOA2e
jHmGGJvmufrRaHuAwStgka87nolrVnbKRlRk+acc8wzoU45LMT+uMHo+JLCQCop/
QnU5XTBjBwKXaC/7kFa6N6TRM+ZQAEbiBytMhlESAkscYcu5LespOdKy/EQvPrWy
4ybEB8IgFmEqAKA15XP55djG+9OCJU1ey7QNv6q+9VrVXrV0tzcG+X7p8sy4PWaZ
w9YM16IcXho+uLevZlFqUGNVIsrcBjAyCSIYlORYYA2RiP9+MaOp3po8bj+fB2Qn
nBv2zMeS9tcwTjukm9aVr42JkCJOGu5j++O7cLNIBvzVx9dk9nUJLdIEFI2gtR1/
rsfNaFRYyIc/ftlYOxzOkigVcgi06Z8VuUYyWtazewGgi+SEp39IwxCqicuul+Om
nxCxS9X/uLKzx/nZXMwNk/gEZUE+fexIFEJDaoahufGm0uAtVuNaCI3XwsAw/GwG
dO4+v9XyUTztlkP8N+KLzSd9/GQbShNfDvx0IVDm452UVda9D5EUj55mH8E5qvcT
fRGhfuEtEYoKX6bpUtcxaKp2yhXb8g93r+e4+/6J3/Jcn3dDOzZpY8BDK8ZtiKLm
SQIPLFU5mIw4XNQg5sKL
=SHSH
-----END PGP SIGNATURE-----

[Alex]

In my understanding of the article, cloudflare is trying to challenge
the secrecy around broad investigations (by challenging national
security letters), not the other way around, so I can't see what you are
lamenting, Taiidan... Would you care to explain?


--

Alex

[Andrew David Wong]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 2017-01-11 12:34, Andrew David Wong wrote:
> On 01/11/17 11:04, Tai...@gmx.com wrote:
>> https://www.eff.org/deeplinks/2017/01/finally-revealed-cloudflare-has-been-fighting-nsls-years
>
> Three main reasons:
>
> 1. We distrust the infrastructure anyway.
> 2. It's low-overhead (in terms of the time and work required for
> administrative tasks).
> 3. It's free (as in beer).
>

On 2017-01-11 12:37, Alex wrote:
> In my understanding of the article, cloudflare is trying to challenge
> the secrecy around broad investigations (by challenging national
> security letters), not the other way around, so I can't see what you are
> lamenting, Taiidan... Would you care to explain?
>

I mistakenly thought that this was a new thread posing the question in
the subject line and providing a link to that article as a justification
for the question. After viewing the whole thread on Google Groups, I
realize that I've already answered the initial question. (I knew it
seemed familiar!)

This is what happens when people reply to threads without quoting any
part of the existing thread to provide context. :)

I second Alex's question. The article is clearly pro-Cloudflare from the
very first sentence.

- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJYdxUYAAoJENtN07w5UDAwT5IP/3j5VjBj7Txh9bC9z4gOT1bk
x+DzdFWPH6OAXiaUQs5BDiA/TayjN8GmJgcYi1247MV4xaoNkUqAdOa3Bv+fxprr
wZREP6UII3LiLlP8TMPsIZNhc/W+AGSUGinG4qtYlz/TJnn2zJnoTmiz1f3wsUVh
LDT4ncPIUFiVaVLhn5eFnl7nOrDh14O3CRxlu3cpYjTG6bBXBAChCLEE6EACTJgH
Ocl1fyGOCtlPILC7OEKPoJ1Cuo6RxhVilhv9rqkM8gh8uG4cRZAsKAaWb8C/qrJ1
WamA85zEApjI2xonPjkBOCfPnOpDNs21B4uG/hdRq4tPtU+69Xt0a6SCOqPdijDZ
An62pOlCApLEvCl26ImS0xdmKaYXZ1y0UPS2y+wJ/tMBRZxKNAKlpwYat93t3nIK
UOW763sA+CVpDIxTaBTGGL7Miz7wz0fGN4TAtGNyOVNnfdwSNnKQcYxwWY9rltsj
VWvQumHfWE1zLZ2HzknbP3CVSeIuqSrve4rifj62L3+gkKaoqxA7ndN/sSOOX6iO
TOZZYuWb8YE1rGoV/vznFEftc74mDe0obmF4JSraLEXGRyuZ7dnQjxetZ3BvKnQN
bKDgRObC78ro0O9ibslZh9rn5w9wxf8T8EQ65JvQdQxyRK4qLC+bk53tPcDz77M1
LJ+su7Fq2RLrcqY4/lVK
=0uH4
-----END PGP SIGNATURE-----

[Tai...@gmx.com]

I thought I would share this because it proves that they're fighting a
NSL and thus had one put in to action on them in the first place.

I realize that you enjoy the "free" services from them and that you lack
the money to use anything else, but it is just something to think about
regarding what happens when a handful of companies control almost the
entire internet and the bigger picture - what happens if a change of
management leads to them dropping the challenge? what companies simply
comply and we never hear about it?

A theoretical condition of doing business in country X (say china) would
be messing around with certain pages to provide bad advice and
contaminated software to people, you don't have to get the elite
security specialist types who take extraordinary precautions you simply
have to get the average joe who doesn't know anyone in real life who can
provide a real root of trust (even I don't)

The cloudflare captcha is clearly designed to fingerprint the user
(which works even with a generic DVM due to machine specs) or else it
wouldn't need javascript, it is obvious that they have a market interest
in tracking people even those who use VPN's.

I bet half the users on this mailing list have never considered the cost
of "free" so my goal is to get people thinking about it.

[Andrew David Wong]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 2017-01-11 23:24, Tai...@gmx.com wrote:
> On 01/12/2017 12:33 AM, Andrew David Wong wrote:
> On 2017-01-11 12:34, Andrew David Wong wrote:
>>>> On 01/11/17 11:04, Tai...@gmx.com wrote:
>>>>> https://www.eff.org/deeplinks/2017/01/finally-revealed-cloudflare-has-been-fighting-nsls-years
>>>>>
>>>> Three main reasons:
>>>>
>>>> 1. We distrust the infrastructure anyway.
>>>> 2. It's low-overhead (in terms of the time and work required for
>>>> administrative tasks).
>>>> 3. It's free (as in beer).
>>>>
> On 2017-01-11 12:37, Alex wrote:
>>>> In my understanding of the article, cloudflare is trying to challenge
>>>> the secrecy around broad investigations (by challenging national
>>>> security letters), not the other way around, so I can't see what you are
>>>> lamenting, Taiidan... Would you care to explain?
>>>>
> I mistakenly thought that this was a new thread posing the question in
> the subject line and providing a link to that article as a justification
> for the question. After viewing the whole thread on Google Groups, I
> realize that I've already answered the initial question. (I knew it
> seemed familiar!)
>
> This is what happens when people reply to threads without quoting any
> part of the existing thread to provide context. :)
>
> I second Alex's question. The article is clearly pro-Cloudflare from the
> very first sentence.
>

> I thought I would share this because it proves that they're fighting a
> NSL and thus had one put in to action on them in the first place.
>
> I realize that you enjoy the "free" services from them and that you lack
> the money to use anything else, but it is just something to think about
> regarding what happens when a handful of companies control almost the
> entire internet and the bigger picture - what happens if a change of
> management leads to them dropping the challenge? what companies simply
> comply and we never hear about it?
>
> A theoretical condition of doing business in country X (say china) would
> be messing around with certain pages to provide bad advice and
> contaminated software to people, you don't have to get the elite
> security specialist types who take extraordinary precautions you simply
> have to get the average joe who doesn't know anyone in real life who can
> provide a real root of trust (even I don't)
>

If you're worried about this, you can verify the contents of the whole
website by verifying PGP signatures on git commits and/or tags. In fact,
we've specifically set things up so that you can clone the whole git
repo, verify it, and run a local version of the website on your own
without having to trust Cloudflare (or any other part of the
infrastructure).

Our key fingerprints are scattered around so many places on the internet
that it shouldn't be difficult to verify them to your satisfaction
across multiple channels (different hardware, different connections, etc.).

> The cloudflare captcha is clearly designed to fingerprint the user
> (which works even with a generic DVM due to machine specs) or else it
> wouldn't need javascript, it is obvious that they have a market interest
> in tracking people even those who use VPN's.
>
> I bet half the users on this mailing list have never considered the cost
> of "free" so my goal is to get people thinking about it.
>

I agree that it's worth thinking about.

- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJYdzawAAoJENtN07w5UDAwN8cQAIUvPT0th2aH/a5/EPCcpLV/
B+2ygY0qrTrh1tHII9TuN4d00h69DcUTohHElZi8+4uro5W2spdUBTV8gQt32d3F
2ADR8O/atwYcaJP/GB4MWsuNaTLPiPigvhhbo5sQ1bTrPD69U0B4cHT1X5Fn5nCA
EyE8JJunUvrC/I2RylV9lgMGW0nCARnD7hVIM3cx9uWQ8QnnQgvvohlKDmnUKgyD
cbZWj4CaIgFBkRZm6rONtrYttQBXXb8ubU4UnGlcbUAliXZ/5VIKv9uxLHG6wfZa
i66YqOhYe2i1CNXwusToUD3vggCEEQV1+2F4U2Y6GeQ16rPsH/Wb5ugN7TF3OuQ5
1XpQtmSJVNyZ8SozmtWMV9EIYNuaEc+EVd6KN8uwzTaoEx6ptiPBMzdfYN6S5zrj
ZnvKXVcdkw9IvtvzIL/+5TuSU5eKn3fkQFSDZgFDl+4DZZEUVDgopm6CygSgK3m4
zaCjdDhL81EHs4N2c4bHGaZrCwfUwsVjS6JIObw0A2Xn+dz+6l5yweluY2QTwFZd
WYKTxmKYON89XzK1kh65R9iasoPguTApvMa4cI/nWs4Zc0RibpQElwvWspbg/HUY
xMDrTcSMzUulSfU2RonWaOIekpE5VymNgy1dCS7A64W9b8Fo3ndAwIV8RTboE4M3
JfuQSWLZ5cFz0qb/K4qf
=0UAQ
-----END PGP SIGNATURE-----

[haaber]

There is huge discussion on torproject.org on cloudflare ; additionally
to the annoying (and as I learned thanks to your question yesterday)
user-tracking Captcha I may add that, running a non-exit(!) tor server
at home, my home IP is banned (even with an insecure browser) from a lot
of useful sites, British Airwairs is on example (that I boycott for them
banning me), and many others. Almost all of them are linked to CF if one
looks well the whois entries.
This behaviour of Cloudflare seems clearly politically motivated to me :
there is no danger, no malicous packets, simply nothing that is emerging
from my tor middle relay! The "com" about NSL fighting does not mean
that Cloudflare are with the good side of the force. Not at all. It is
only "com" (communication or comedy?) Bernhard

[Tai...@gmx.com]

https://arstechnica.com/security/2017/02/serious-cloudflare-bug-exposed-a-potpourri-of-secret-customer-data/
Wow.

It wouldn't have been such a big problem if cloudflare didn't have
monopoly status.