Recent searches
Search options
@malanalysis it makes sense since they function as a global reverse proxy and do MItM decryption of traffic for optimization purposes. But them calling it in such a way is creepy, and also now the cybersecurity community needs to rekon with something we technically knew was going on before but didn't consciously consider a threat, until now.
@0xF21D wrote: "[...] something we technically knew was going on before but didn't consciously consider a threat, until now."
I've been warning for CDN's like Cloudflare and Fastly (and cloud providers in general) for a long time.
Here's a recent toot (in Dutch, the "translate" button should do the job): https://infosec.exchange/@ErikvanStraten/114042082778156313.
If you trust Google to translate it (guaranteed NOT error-free, it *may* work in other browsers than Chrome): https://infosec-exchange.translate.goog/@ErikvanStraten/114042082778156313?_x_tr_sl=nl&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp
P.S. Fastly knows your https://infosec.exchange login credentials.
If your adblock is good enough you always see the captchas, so you always know when a thing is cloud flair.
Also, who's not doing single use email addresses? Every site is a sea of spammy notification/cart abandonment/special offer/watch list/privacy policy update/m&a mail... And thats before they get pwned or sell your details.
Who wants all that in one mail box?
I already get a bitcoin scam call every 2 weeks because i enabled sms 2fa one place and scammers got hold of the number. At this point they know i know and they know i know that, but the guys on the phone have a call/hour quota and they gotta pay rent i guess...
@EndlessMason : thanks for responding!
You wrote:
"
Every site is a sea of spammy notification/cart abandonment/special offer/watch list/privacy policy update/m&a mail... And thats before they get pwned or sell your details.
"
Yes, and before that you wrote:
"
Also, who's not doing single use email addresses?
"
Most people. The amount of worries I have for people like you and me are negligible compared to the people who are *not* like you and me.
We should not need to fix people, we need to fix the internet.
@ErikvanStraten @0xF21D @malanalysis
This is not an exclusive-or choice.
In fact, if there were a hypothetical technology that allowed the user to use a certificate for authentication, and manage it in a key ring and sync it safely between browsers, you'd still need your human user to opt in to use it, to demand sites provide it and to be knowledgeable enough to keep the cert secret.
They'd also need to know to not fax their cert to bad guys.
@EndlessMason that sounds more like you might be signing up to the wrong places?
I'm not using single-use emails and I receive perhaps 3 spam mails a year.
But I also refuse to give my mail address to sites that are "suspicious enough"
@nightoo
Sure, this site looks sketchy, but this is the platform the vendor decided to use, so either I put an email/phone into frobubook.io or snakgrabbr.io or I miss out on the band/concert/festival/event/flight/hotel/utility/job etc or I end up waiting in the cold in the "walkups" line for 90 minutes.
Everybody and their dog want an email address, and they'll look at you like you have two heads if you tell them you don't have one.
Worse, they'll have no way to record that you said "no", so they'll just casually ask you that every time you stop by to do whatever it is that they're for... Now imagine you're taking medication either that causes or treats irritability, and the chemist asks you that every fucking god damn time
Oh, and you have to give your email to create an account on the site that prints custom "Fuck you I don't have an email address" t-shirts too.
@EndlessMason hm maybe the problem is more pronounced wherever you're living then, or maybe I just got lucky.
The situations you're describing are certainly familiar enough, yet I haven't had any trouble thanks to those sites so far
@EndlessMason @ErikvanStraten @0xF21D @malanalysis Cory Doctorow @pluralistic argued that hiding your email address from spambots is futile anyway so he doesn't worry when he publishes it regularly: https://www.theguardian.com/technology/2010/dec/21/keeping-email-address-secret-spambots
He needs a good spam filter technique though. Afaik he is still using the same email address.
@pluralistic @skaphle @ErikvanStraten @0xF21D @malanalysis The article makes some great points.
I know it's more of a side effect, but having rotated through lots of corporate managed laptops... mailto: links always grind that under spec'ed piece of crap to a halt while outlook tires its best to claw its way into memory and [at][dot]'ing addresses means outlook doesn't have a mialto: link to handle
@skaphle @EndlessMason @ErikvanStraten @0xF21D @malanalysis @pluralistic
A good promo for #Thunderbird , it’s a very good email client. I use it as well (not that my use is any recommendation whatsoever next to Cory’s :)
@RaymondPierreL3 We welcome any and all recommendations! They are all good, and thanks for using us (and telling your fediverse friends.) 
