I made a post here about the danger of Cloudflare and the nightmare about how it functions:

https://sh.itjust.works/post/20529148

Cloudflare is a MITM can see everything going on and every request I’m making plus all the data I’m sending.

So explain to me why Trocador is using it? Are they a honeypot? They pride themself soooo much on anonymity, NoJS, Onion support, deletion of records, No KYC, No logs unless fully necessary, but yet, they allow Cloudflare to record every single piece of data about my interactions on trocador, all the requests, both POST and GET, all the addresses and amounts im inputting, quotes im making, and of course, associate my browser fingerprint and IP with all that yummy data that the NSA would be really happy to collect ;) ! How curious indeed…

It’s a known fact that Cloudflare works the way I described. So why would Trocador willingly give over everything I’m inputting into the site over to Cloudflare? Please, someone explain this to me.

And it’s not just trocador. soooo many Monero and privacy oriented sites are using Cloudflare MITM. Today I’m picking on Trocador but later I’ll pick on more as I remember/come across them.

Here is a relevant paragraph I wrote:

I’m sick to my stomach of all these orgs and companies and people talking about privacy, and then they constantly do all these kinds of things thst prove that they don’t actually care about privacy or anonymity or anything in between. They are Vipers and Snakes trying to make a quick dollar on a buzzword. It’s become sadly trite.

I’m fully ready to somehow(?) be wrong about all this and eat my words.

You are viewing a single thread.
View all comments View context
2 points
*

thanks for this info. it would’ve been nice if they’d made a blogpost about this and put it on the front page or something, not just a response in a matrix room.

that way people can help and make suggestions. I really dont think a cloudflare mitm is necessary for DDOS protection. A DDOS protection service with reverse proxy would be fine, there’s likely many companies that have this kind of service that dont require MITM like CF, or they could probably self-host one.

permalink
report
parent
reply
3 points

A “basic reverse proxy” does nothing to help against a large ddos. The only real thing you can do is absorb the traffic and this is not feasible for most operators to host themselves.

permalink
report
parent
reply
1 point
*

sorry, I worded it wrong. ill edit it. I meant to say there are plenty of solutions for DDOS protection with a reverse proxy. Probably in such a way that doesn’t require a MITM.

permalink
report
parent
reply
4 points
*

There are 0 solutions in a reverse proxy if it is not capable of absorbing the amount of traffic required to maintain service while under a ddos attack. How exactly does a reverse proxy do anything to protect from a ddos?

Edit: I see perhaps I misinterpreted this. Sure, there are other ddos protection services but if you are under attack RIGHT NOW and your critical services are down are you going to shop around for alternatives that aren’t Cloudflare or are you just going to go straight to the thing you know will do exactly what you need with a proven track record of doing it?

Going to CF is entirely understandable and they said that once the dust settles they will be looking at alternatives for the future that is not CF.

I’m far from a CF shill. I believe they do more longer term harm than their short term “good” has done. From an ops perspective though this action was very reasonable.

permalink
report
parent
reply

Monero

!monero@monero.town

Create post

This is the lemmy community of Monero (XMR), a secure, private, untraceable currency that is open-source and freely available to all.

GitHub

StackExchange

Twitter

Wallets

Desktop (CLI, GUI)

Desktop (Feather)

Mac & Linux (Cake Wallet)

Web (MyMonero)

Android (Monerujo)

Android (MyMonero)

Android (Cake Wallet) / (Monero.com)

Android (Stack Wallet)

iOS (MyMonero)

iOS (Cake Wallet) / (Monero.com)

iOS (Stack Wallet)

iOS (Edge Wallet)

Instance tags for discoverability:

Monero, XMR, crypto, cryptocurrency

Community stats

  • 273

    Monthly active users

  • 893

    Posts

  • 5.2K

    Comments

Community moderators