Recent searches
Search options
I'm kinda annoyed at #lemmyworld tbh. More often than not I get random errors when I want to check it out. I think I'll just move to lemm.ee. I wish we could just move our accounts like on Mastodon. It's a hassle resubscribing to everything. #lemmy
@sklc There are some account migration tools, however they require to enter you credentials, so you'd need to decide if you trust them or maybe review the code yourself.
https://github.com/CMahaff/lasim
https://github.com/wescode/lemmy_migrate
@superlime Oh nice, it actually works on MacOS now. Last time I tried that one it wouldn't run at all. Thanks for the heads up!
If you’re concerned about username & password being shared, you should certainly avoid both #Fosstodon & #LemmyWorld. They are both centralized in #Cloudflare so your acct creds are exposed to Cloudflare Inc. every time you login, along with all your traffic.
@bojkotiMalbona I'd love to understand how that's the case? We don't use Cloudflare's certificates (which is basically MiTM). So they can't content inspect any traffic that traverses their infra.
CF is basically a DNS provider for us, and we turn on the anti-DDoS stuff if/when we need it. We don't even proxy through their service when we're not under attack.
Please get your facts straight before spreading FUD. 
@bojkotiMalbona try it yourself, ping fosstodon.org. It resolves to 54.38.247.97, which isn't Cloudflare.
CF IP ranges - https://www.cloudflare.com/en-gb/ips/
@kev I’ve detected a bit of intellectual dishonesty here. #Fosstodon used the standard default #Cloudflare configs as early as March & for months thereafter, certainly at least as late as May 29th confirmed by someone’s complaint specifically about the block screen.The timeline shows complaints about CF are littered around before & after that point. If you expand some of the threads in that timeline, it’s clear the default CF configs persisted despite Fosstodon staff being told that the default configs were resulting in users being forced to run non-free software & that the configs needed to change. That change never happened because I know I saw the block screen whenever I tried to directly visit fosstodon.
Fosstodon finally made a recent move from CF proxy to CF NS. I am not checking every day to see what fosstodon does next.
Under the current config, you can spontaneously switch on the CF reverse proxy at any moment with immediate effect without even telling users all their traffic will be seen by Cloudflare (including passwords). It’s in fact the only way that the reverse proxy can work. If you don’t use the MitM certs, CF cannot process the requests for you during an attack.
So the compromise is still in place. The only difference is that now it’s spontaneous instead of continuously ongoing. And most likely you’ve probably not fixed the CF configs, so when you flip that switch users will get a captcha that pushes #nonfreesoftware. The goal should be to get off CF entirely including nameservers.
@bojkotiMalbona didn’t read your full comment as I’m short time. We turned off the proxy about 2 months ago I think.
No dishonesty here, we never hid the fact we used Cloudflare, proxy or anything else. But you think what you like. 
𝚜𝚎𝚕𝚎𝚊 
The thing is, that you dont need to use their certificates in order to be MiTM'ed.
The only thing that is needed is any certificate with a private key uploaded to their platform.
Unless you do pure TCP tunneling, but CF does not support that (I think)
What do you mean by MiTM in this context?
If Alice connects to hogehoge.net and hogehoge.net uses Cloudflare for DDoS protection, how would Mallory eavesdrop or tamper with Alice’s connection?
@selea we've never uploaded our private key to their platform. That was my point - they don't have any way in to the certificate chain.
Having said that, when the proxy is in place, obviously the MiTM is too. :(