My username is a wordplay on the Linux command filesystem check: fsck.

  • 1 Post
  • 142 Comments
Joined 9 months ago
cake
Cake day: February 24th, 2024

help-circle







  • Since you’re going to childishly talk about me and infer something that is entirely false, I’m going to step in here.

    First, you claim it’s “a convenient shorthand”, except “middleman” is far shorter than “man-in-the-middle”. So that argument is entirely false.

    Next, “nothing that I wrote misrepresents the situation”? You literally linked the Wikipedia article for “Man in the middle attack”, but conveniently left out the word “attack” both when referring to it and in the link itself which redirected to the actual Wiki page https://en.wikipedia.org/wiki/Man-in-the-middle_attack.

    You are clearly intentionally misrepresenting the subject in order to frame things to suit your narrative. That’s not just a claim out of nowhere, I provided evidence to support this.

    And get out of here with your pathetic “like most of my colleagues” pretentious attitude.




  • You’re conflating MitM, which is specifically defined as an attack, with the concept of a middleman. You acknowledge that it’s not an attack, even:

    It just means it’s not a man-in-the-middle attack.

    The other things you’re describing are also framed specifically in a way that makes Cloudflare seem like some sort of bad actor out of the norm.

    You say users have no choice in using Cloudflare. Yeah, the party that runs the service/website/whatever decides what services they use to serve their content. Nothing special there. If you are against Amazon then users have no choice but to use them when the other side chooses to use their services, or any other service provider which includes the ones you like. Similarly, users would have to resolve DNS records to determine what services they are connecting to.

    You also don’t have to use Cloudflare’s proxy. You can just use them for DNS record management. You can use different SSL settings that allow an unencrypted connection between Cloudflare and the server, or you can enforce strict SSL policies where it is encrypted end-to-end.

    You’re going to have to prove any of your claims, or else I am just going to assume you’re talking out of your ass. Particularly because you’re clearly misunderstanding what a MitM is, or you’re intentionally misusing it.

    -edited formatting-



  • It bugs me when people say Cloudflare is a MitM, because that is a disingenuous representation the situation. Mainly that a MitM is done without either party’s knowledge or consent. It even describes that in the very first sentence of the wiki page you linked. A better description would be a “middleman”, but that’s not scary so people don’t call it that. It’s just a proxy and you opt into it.

    If you are signing up for Cloudflare to use their proxy services then you are opting into having a middleman, which then means it cannot be a MitM because both sides of the connection are aware of this layer. They are not trying to hide the fact there is a Cloudflare connection layer to either side. If Cloudflare is a MitM then any networking layer for any hosting service would be considered a MitM as well.

    The arguments that Cloudflare is ripe for abuse and the scale of their systems are separate arguments that should also be applied to many other providers but that is never mentioned when people bring this up. It just seems like the MitM claim is just a tactic to leverage fear in an attempt to add weight to arguments that should be perfectly valid on their own.