Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
techhub.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A hub primarily for passionate technologists, but everyone is welcome

Administered by:

Server stats:

5.3K
active users

techhub.social: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.6

#clownflare

1 post1 participant0 posts today
Replied in thread
Public
Kevin Karhan :verified:

@DoctorBrodsky @woe2you @miah given #Quad9 bowed before the #Contentmafia and censored #DNS requests, I'll continue to recommend using #OpenNIC's Servers instead

94.103.153.176 & 2a02:990:219:1:ba:1337:cafe:3 as well as
144.76.103.143 & 2a01:4f8:192:43a5::2

  • If you only add a single #IPv4 address, no #IPv6 resolution will take place over said provider or worse even no IPv6 connectivity at all...

I merely retain quad9 on said list for archival purposes. I Yeeted #CloudFlare aka. #ClownFlare since they are a #RogueISP!

List of useful things. Contribute to greyhat-academy/lists.d development by creating an account on GitHub.
GitHublists.d/dns.servers.list.tsv at a4a7ccf70d8504ebbffd7e5fbcd5630294860434 · greyhat-academy/lists.dList of useful things. Contribute to greyhat-academy/lists.d development by creating an account on GitHub.
Public *
Taffer 🇨🇦 :godot:

Wow, GitLab's setup of Clownflare's "Are you a human?" widget is blocking Firefox on my work Mac today, nice work.

Really not happy with CloudFlare deciding what browser I can use for things. I'm really not a robot.

As is tradition, Chrome (well, Vivaldi in my case) works. 🤖 It did get challenged *twice* though, which seems like overkill.

#cloudflare#clownflare#gitlab
Replied in thread
Public
Kevin Karhan :verified:

@sylv_a personally, I'd recommend #XMPP+#OMEMO (and #PGP/MIME - encrypted #eMail) for real #E2EE with #SelfCustody of Keys as well as actual #decentralization.

Cuz I noone's gonna risk jailtime for (non-paying!) users - it at all…

In fact I'd call U.S. MIL/INTEL as "criminally incompetent" if they didn't manage to plant multiple people inside @signalapp / #Signal or any other single-vendor / single-provider messenger.

Personally, solutions like Signal & #Threema have a stench like #CryptoAG / #MINERVA / #Rubikon and #ANØM / #OperationIronside / #OperationTrøjanShield.

By contrast: #OpenStandards like XMPP+OMEMO & PGP/MIME are independently verifyable and not dependent on on a single individual/organization for maintenance/survival/implementation/development.

Personally I'd still recommend @monocles / #monocles with #monoclesChat & #gajim...

Twitterthaddeus e. grugq on Twitter“I’m gonna tell you a secret about “logless VPNs” — they don’t exist. Noone is going to risk jail for your $5/mo https://t.co/Q2aOQJkG4g”
Replied in thread
Public
Kevin Karhan :verified:

@dee @agturcz Still, using #ClownFlare, which is a #RogueISP is a serious risk and it's up to @signalapp to actually not do that!

Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)@max@gruene.social To [quote you directly](https://gruene.social/@max/113872018769294131): > "[...] easy to use solutions that are at the same time private and secure. [...]" - The fact that @signalapp@mastodon.world requires #PII like a #PhoneNumber which more often than not *cannot be legally acquired anonymously* makes it not #private. It is easier, faster, cheaper and overall simpler to get someone setup with #XMPP + #OMEMO espechally if they don't have a #PhoneNumber and/or #ID to acquire a #SIM. And if you go and say, *"Just buy a [insert country here] [e]SIM!"* and expect #TechIlliterates without a #CreditCard, #PayPal or other means of #OnlinePayment to fiddle around with some #eSIM if not having to get some #eSIMcard because they can only afford to maintain one SIM and can't spend triple-digits on a new devices then you *completely missed the point*! - I can much faster and easier get TechIlliterates setup show them around - either in a @cryptoparty@mastodon.earth / @cryptoparty@chaos.social / #CryptoParty - style #classroom / #seminar or 1:1 tutoring than I can *legally acquire and activate a new SIM in #Germany* [since 07/2017]... It's not that I expect anyone to get #TechLiterate within minutes, but similar to setting up a cordless DECT phone it's something one has to do once in 5 years and just have them put the password in a safe spot to retain... - - - Point is that #Signal #WontFix their setup and that was evidently clear even before @Mer__edith@mastodon.world succeeded #MoxieMarlinspike: Their entire operation has a *distinct #CryptoAG stench* as it's an #unsustainable #VCmoneyBurning party! - #CloudAct and the #NOBUS [hegemony](https://en.wikipedia.org/wiki/NOBUS#Criticism) ain't something that just got executed now (neither was #GDPR & #BDSG!)... A counterexample on how this could've been done are #Tor, #eMail and other *truly #OpenSource* as in #MultiVendor & #MultiProvider standards. - *NOTHING* compells Signal to [demand PII](https://en.wikipedia.org/wiki/Signal_(software)), run a #Shitcoin #Scam [aka.](https://en.wikipedia.org/wiki/Signal_(software)#In-app_payments) #MobileCoin that even seasoned #TechLiterates and #CryptoBros [can't setup properly](https://www.youtube.com/watch?v=0DSGq9FQKU4), and in fact Signal using [phone numbers makes it trivial to discriminate against users and easier for them to identify them](https://en.wikipedia.org/wiki/Signal_(software)#Controversial_use)! - If [my reasoning](https://infosec.space/@kkarhan/113869305765533809) didn't resonate with you, then try helping i.e. undocumented migrants aka. *"#SansPapier|s"* to get setup with it without violating laws and/or ToS and/or needing an imported SIM which I'm shure most folks don't have on hand! Whereas it's trivial to get people setup on [one of many XMPP servers I've personally tested](https://github.com/greyhat-academy/lists.d/blob/main/xmpp.servers.list.tsv)! - Not to mention clients like @monocles@monocles.social / #monoclesChat and @gajim@fosstodon.org / #gajim are way more user-friendly and unlike Signal can also work perfectly fine over #Tor, including #OnionServices as endpoints. AFAIK Signal doesn't even have an #OnionService / [```.onion```](https://en.wikipedia.org/wiki/.onion) for their Website, much less any #API enpoints to use it with! - Them relying on #ClownFlare is just something that makes them even *more #sus* as there is *[no legitimate reason](https://en.wikipedia.org/wiki/Cloudflare#Controversies)* to use a #RogueISP like that. - - - You're free to also provide evidence and supporting data to your arguments, rather then *neighsaying* against *proven to be more secure and reliable [by virtue of decentralization]* options like XMPP+OMEMO and/or #PGP/MIME. - What gets my blood boiling is the constant #disinfo by [Signal](https://mstdn.social/@rysiek/113868777937162686) [Fanboys](https://mstdn.social/@rysiek/113869169340313254) like @rysiek@mstdn.social who sell it like #DigitalSnakeoil akin to #AntivirusSoftware, because it's at best *"#TechPopulism"* and at worst [will mislead "TechIlliterates"](https://infosec.space/@agturcz@circumstances.run/113868748895262202) with a [false sense of security](https://infosec.space/@kkarhan/113868987217053362), which in turn puts more users at risk. The *proper fix* is to actually *assess the situation* and acknowledge the *risks and limitations* as well as the very nature of communications, which means *upgrading later* is exponentially more painful, thus getting people *properly setup once* is way easier. - Just because *WE* [ or rather @rysiek@mstdn.social in this case ] rather *privilegued enough* to not be *hatecrimed in their current location* doesn't mean this is the case for everyone. And having places like Signal rely on a *"#CDN"* is just another *red flag* to me because questions like [this one](https://circumstances.run/@agturcz/113866980398547492) just don't arise with [monocles.chat](http://monocles.chat) as people can just exercise proper #SelfCustody and just use Tor! Speaking of #monocles: That business is at least #sustainable because it's funded by users [(€2 p.m.)](https://store.monocles.eu/produkt/monocles-starter-account/) which they can [pay anonymously](https://monocles.eu/more/#payment-section)
#xmpp#omemo
Replied in thread
Public
Kevin Karhan :verified:

@max
To quote you directly:

"[...] easy to use solutions that are at the same time private and secure. [...]"

It is easier, faster, cheaper and overall simpler to get someone setup with #XMPP + #OMEMO espechally if they don't have a #PhoneNumber and/or #ID to acquire a #SIM.

And if you go and say, "Just buy a [insert country here] [e]SIM!" and expect #TechIlliterates without a #CreditCard, #PayPal or other means of #OnlinePayment to fiddle around with some #eSIM if not having to get some #eSIMcard because they can only afford to maintain one SIM and can't spend triple-digits on a new devices then you completely missed the point!

It's not that I expect anyone to get #TechLiterate within minutes, but similar to setting up a cordless DECT phone it's something one has to do once in 5 years and just have them put the password in a safe spot to retain...

Point is that #Signal #WontFix their setup and that was evidently clear even before @Mer__edith succeeded #MoxieMarlinspike: Their entire operation has a distinct #CryptoAG stench as it's an #unsustainable #VCmoneyBurning party!

A counterexample on how this could've been done are #Tor, #eMail and other truly #OpenSource as in #MultiVendor & #MultiProvider standards.

Whereas it's trivial to get people setup on one of many XMPP servers I've personally tested!

AFAIK Signal doesn't even have an #OnionService / .onion for their Website, much less any #API enpoints to use it with!

You're free to also provide evidence and supporting data to your arguments, rather then neighsaying against proven to be more secure and reliable [by virtue of decentralization] options like XMPP+OMEMO and/or #PGP/MIME.

The proper fix is to actually assess the situation and acknowledge the risks and limitations as well as the very nature of communications, which means upgrading later is exponentially more painful, thus getting people properly setup once is way easier.

  • Just because WE [ or rather @rysiek in this case ] rather privilegued enough to not be hatecrimed in their current location doesn't mean this is the case for everyone. And having places like Signal rely on a "#CDN" is just another red flag to me because questions like this one just don't arise with monocles.chat as people can just exercise proper #SelfCustody and just use Tor!

Speaking of #monocles: That business is at least #sustainable because it's funded by users (€2 p.m.) which they can pay anonymously

gruene.socialMax L. (@max@gruene.social)@kkarhan@infosec.space Sorry but no, the correct solution is to push for easy to use solutions that are at the same time private and secure. Hiding privacy and security behind a veil of "you need to know" is discrimination of people that are not able (either mentally, physically or monetary) to gain that knowledge. The correct move here is for @signalapp@mastodon.world and any other service to fix this and for legislators to enact laws enforcing proper security and privacy by design.
Public
Kevin Karhan :verified:

@Ultralativ hat recht:

Die #Enshittification des #Internet|s ist immer extremer werdend.

Ich für meinen Teil nutze deshalb @torproject / #TorBrowser weil der schon das meiste rausfiltert und ich eh keine Seiten besuchen will, die gegen #Tor-Nutzer direkt oder indirekt via #ClownFlare diskriminieren...

  • Irgendwo muss ich auch meine Zeit und geistige Gesundheit schonen...
YouTubeDas Internet: Eine Zumutung.By Ultralativ
Replied in thread
Public *
Kevin Karhan :verified:

@fennix the fact that neither @bsi nor @EUCommission make honoring #RobotsTXT legally mandatory under penalty of fines and forced disconnects is a problem.

#WhatYouAllowIsWhatWillContinue applies here and I kniw some folks intent to literally ban entire ASNs for hosting crawlers because those literally #DDoS sites offline and criminally incompetent, value-removing middlemen like #ClownFlare do jack shit about even when tasked to do so.

YouTubeThe creators of TikTok caused my website to shut downBy MattKC
#sarcasm#vent#AI
Replied in thread
Public
Kevin Karhan :verified:

@khobochka guess why I maintain a #Scraper #blocklist?

List of useful things. Contribute to greyhat-academy/lists.d development by creating an account on GitHub.
GitHublists.d/scrapers.ipv4.block.list.tsv at main · greyhat-academy/lists.dList of useful things. Contribute to greyhat-academy/lists.d development by creating an account on GitHub.
#Cloudflare#hetznered#ByteDance
ExploreLive feeds
About