Post AyjDd0u4YFdVcIe7pg by migratory@jorts.horse
(DIR) More posts by migratory@jorts.horse
(DIR) Post #Aydca3CUt01LmJBki8 by pojntfx@mastodon.social
2025-09-25T20:45:54Z
22 likes, 33 repeats
Whenever you see someone recommend Cloudflare or something else that decrypts and re-encrypts TLS for something, esp. for something related to open social media or media storage etc., reply with this picture from the Snowden leaks
(DIR) Post #AydlNJURuTJY7daR8q by Zergling_man@sacred.harpy.faith
2025-09-27T18:52:56.372349Z
1 likes, 1 repeats
@pojntfx You put your fucking legal name and face, AND location, on the internet publicly.Opinion discarded, nigger.
(DIR) Post #AyeRPEO631W6x2DDrU by DemonSixOne@poa.st
2025-09-28T02:44:23.345941Z
0 likes, 0 repeats
@pojntfx It might seem weird to the people that are consumed with end to end encrypt all the things or that are technically incompetent government drones, but the picture there is more or less the diagram of any network that has load scaling, redundancy or various other traffic shaping at the edge. All long before google was even an idea.
(DIR) Post #AyfXxZXsgRuVIeVVUu by justjanne@mastodon.decentralised.chat
2025-09-28T14:10:56Z
4 likes, 6 repeats
@pojntfx that's why this sticker exists :)SVG: https://github.com/justjanne/stickers/blob/main/designs/ssl%20added%20and%20removed%20here.svg
(DIR) Post #Ayj8VDwdgFVlybJSs4 by voltrina@social.freedombits.org
2025-09-30T09:06:04.569705Z
0 likes, 0 repeats
@pojntfx the only good WAF is a self hosted one you have full control ofnot some company that's capable of decrypting all your TLS traffic in transit
(DIR) Post #AyjDcywpp0epYHvIrQ by migratory@jorts.horse
2025-09-27T18:39:10Z
0 likes, 0 repeats
@pojntfx is there a prediction market on "cloudflare is the feds" so I can retire someday
(DIR) Post #AyjDd04JegEh1mQnA0 by pojntfx@mastodon.social
2025-09-27T20:57:09Z
0 likes, 0 repeats
@migratory Look at the people they just funded. They are also in the US, so the CLOUD act applies to them. Doesn't matter if they are feds or not, the feds have pretty much unlimited power over them.
(DIR) Post #AyjDd0u4YFdVcIe7pg by migratory@jorts.horse
2025-09-27T21:22:10Z
1 likes, 0 repeats
@pojntfx you don't have to convince me lmao, it would be a wild strategic blunder for the feds to not be inside CF
(DIR) Post #AyjDd1UaMUqLRXjHkG by gianmarcogg03@mastodon.uno
2025-09-28T12:33:27Z
0 likes, 0 repeats
@migratory @pojntfx they already were from the very beginning: https://xn--gckvb8fzb.com/thoughts-on-cloudflare/.
(DIR) Post #AyjDd2GnTFPLr4HmtM by jae@darkdork.dev
2025-09-30T10:03:27.725112Z
0 likes, 0 repeats
@gianmarcogg03 @migratory @pojntfx great to see marius still writing. and he's right about cloudflare actors. the chinese have perfected abusing cloudflare in mysterious ways.
(DIR) Post #AyqaxPcE2X9b6ViJLE by phil@fed.bajsicki.com
2025-09-28T18:51:05.521Z
0 likes, 0 repeats
@pojntfx@mastodon.social Doesn't this mean that every single business that's using CloudFlare is likely in breach of GDPR? Am I misreading something?
(DIR) Post #AyqaxQf69L2uLi47SS by wolf480pl@mstdn.io
2025-10-03T23:27:51Z
0 likes, 0 repeats
@phil @pojntfx why?If you pay another company to process your customers' data, and they promise in a legally binding contract that they will not look at the data, and will only do the processing that you requested, why would you be in breach of GDPR?
(DIR) Post #AyrgEXfq1ha1wqLp2W by phil@fed.bajsicki.com
2025-10-04T11:56:36.405Z
0 likes, 0 repeats
@wolf480pl@mstdn.io @pojntfx@mastodon.social Article 13 and 14. Passing data off to a third party requires that the data subject be explicitly notified about where the data is going, for what purpose, what the legal basis for the processing is, how long it's stored, how it's protected, etc.Also it's a transfer outside of the EU, which necessitates additional scrutiny and reporting (Transfer Impact Assessment).Article 7 requires that requests for consent must be presented in a way that's clearly different from other matters - this means that putting your GDPR language in a ToS or Privacy Policy where it's not likely to be read isn't sufficient.CloudFlare and its customers, if they don't notify affected individuals, are very clearly in breach of GDPR, if Cloudflare really is tapping into their customers traffic. However, even if CF isn't tapping into their customer's traffic, they're still in breach of GDPR. As a US company, Cloudflare is subject to FISA 702 and the CLOUD Act, which give the US government power to secretly request access to data about any CF customer.Not to mention, being part of the Data Privacy Framework doesn't absolve US companies from ensuring compliance with GDPR. DPF only means that transfers to certain companies don't require a transfer impact assessment - it doesn't reduce any other obligations.
(DIR) Post #AyrgEZFg9vqMqI7xXk by wolf480pl@mstdn.io
2025-10-04T12:01:43Z
0 likes, 0 repeats
@phil @pojntfx hmm ok but those are the same concerns you'd have with hosting your website on AWS, correct?
(DIR) Post #AysWBJEeRmwrupPkJ6 by phil@fed.bajsicki.com
2025-10-04T21:41:42.398Z
0 likes, 0 repeats
@wolf480pl@mstdn.io @pojntfx@mastodon.social Yeah, of course. That's why I don't use US-based services if I can avoid it. The American government has been very clear that it's hostile to both their own citizens, and even more hostile to foreigners.
(DIR) Post #AysWBKKiMjOPJvG6Oe by wolf480pl@mstdn.io
2025-10-04T21:43:48Z
0 likes, 0 repeats
@phil @pojntfx Right.But many EU-based companies host their websites on AWS and show the consent poups, and some of these popups even have a "reject" button right next to the "accept" button, so I think it's possible to be compliant?Another way is to, likenot collect personal data