How come you guys use cloudflare?
They have a dangerous monopoly on internet services and discriminate
against people using VPN's and the like, by insisting that you enable
javascript and perform a captcha even for simply viewing a website and
by subverting them a hostile actor would effectively own most of the
internet.
They also have a curious policy in regards to protecting terrorist
websites, I do not think that that is done out of some want for total
freedom of speech as that reasoning wouldn't mesh with the other
decisions they make.
Pre-emptive q/a:
"it is okay because we have gpg key verified downloads"
Which is fine, until someone changes the signature files and the key id
that users should fetch.
"web of trust key signing protects you"
Which again, is fine, until the key server you use runs cloudflare as
well, or you're stuck at the catch-22 of verification with trusting
trust and besides most users don't check that anyway.
"without cloudflare someone could just get a corrupt CA to issue a fake
cert so hey it doesn't matter"
And that would be detected with certificate patrol.
"but....you ask for a change that may only provide minor protection!"
Security isn't about 100%, it is about layering until you are not the
path of least resistance - 99.9%
-
https://en.wikipedia.org/wiki/Cloudflare#Criticism_.26_Controversies
If that hacker didn't use the exploit for a super petty reason we
probably would have never known.
-
Other associated problems:
* The qubes-os.org site certificates are only 2048bit, not good enough.
* The mailing list uses google groups, instead of better self-hosting
that doesn't give google whatever it is they're getting from it.
--
You received this message because you are subscribed to the Google Groups
"qubes-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-devel/baf81cfd-f174-eb8a-f067-65d5485ec43c%40gmx.com.
For more options, visit https://groups.google.com/d/optout.
