Why is it so easy to get tier 1 backbone networks to censor the internet now? All you have to do is email them with some made up bullshit and they'll cut off half the world's access to any website you want.
Why is it so easy to get tier 1 backbone networks to censor the internet now?
the fart porn stays
What exactly do isps see of your computer usage on a network?
>https
www.domain.com
>http
everything
Like everything you type? Or what's sent out interacting with the webpage? Because it seems like you could skirt all manner of ISP snooping by talking in code or in strings that have to be constructed by the computer rather than the network.
The HTTP protocol governs internet traffic. HTTPS is HTTP over SSL/TLS, which are protocols (TLS is basically the newer version of SSL) that provide encryption, in this case the encryption is for data-in-transit over HTTP, hence it's called HTTPS.
And yes, theoretically you could use in code or in strings... but that would be redundant, since SSL/TLS already does it all for you. If you want to provide authenticity you should use GPG, a cryptographic tool.
To be clear, if you access a site over HTTP, then yes, all of your traffic is unencrypted, meaning anyone reading your data packets, be that an ISP or a man in the middle sniffing your traffic, can see everything. If it's HTTPS, then they can only see the domain name, e.g. LULZ.com, but there are workarounds for this, too; namely, DNS over TLS or DNS over HTTPS.
NTA, but what about certificate authorities?
If Google is signing a site's SSL certificate, can they see anything from the page I'm visiting that's encrypted with said certificate?
Or is it a "one-time" thing that they use for all the pages they serve to all their users?
It's a signed cert. It's the same as signing someones public key, you can't decrypt stuff with it you're just saying "yeah this guy is who he says he is"
You're just abstracting the layer of trust back 1 to a more "secure" source. It's much more likely that someguy.xyz's website gets MITMed than google, so it's more likely you'll get a false cert from them than from a trusted internet authority
And when are these certificates issued? Once every N days? Per user? Per page load?
Depends, seems LULZ's is ~yearly
So the CAs don't even know who's visiting the website. They just issue the certificate to the site and see nothing about their users afterwards. Correct?
The CA has a trusted key that only they control
A website generates a certificate, the CA signs that cert and gives it there "yep, this belongs to this website" stamp, and then moves on.
They can't see the data between you and that website because they don't control the websites private key.
In the case of cloudflare it's a bit different because they heavily encourage you to MITM yourself with their servers, so don't trust cloudflare signed certs with your credit card if you don't trust cloudflare.
Otherwise, no, the CA can't see what you do on the website or what websites you visit, they only exit to author certificates for trust and verification.
Yeah well they're retarded so hopefully more people go with certbot and letsencrypt
Thank you.
Isn't this what I said? Or am I misunderstanding you?
How so?
>Thank you.
Welcome.
>Isn't this what I said? Or am I misunderstanding you?
It is but on LULZ you can only say "no" and never agree
>How so?
I mentioned cloudflare, they try to get you to pass everything through their servers which they control the keys for so they can intercept traffic.
For most websites, this never happens, but lazy and retarded webmasters might put all their trust into cloudflare and MITM themselves.
But Cloudflare is MITMing through their anti-DDOS services and whatnot, not by being a CA, no?
Would it be possible to do a MITM attack by being a CA (like Anon here
said, if I'm understanding correctly)?
>But Cloudflare is MITMing through their anti-DDOS services and whatnot, not by being a CA, no?
Yes, but when you see a website using them for certs they're probably also using them for the faux DDOS bullshit.
>Would it be possible to do a MITM attack by being a CA
I mean you could issue YOURSELF a cert that says you're actually the owner of that website, but then you're found out and lose any trust as a CA
So sure, but only once, and then you're probably put of lifelong computer timeout by the feds (unless you work for them)
Got it, thank you very much.
>letsencrypt
Already reissues certs every 90 days.
>Correct?
Incorrect - every CAs sees NOTHING about who's visiting the website. The CA issues the cert. This is the end of their responsibility.
https://www.darkreading.com/dr-tech/google-proposes-reducing-tls-cert-lifespan-to-90-days
>Google did not provide a specific timeline in its roadmap, but based on how the changes have unfolded in the past, the new validity period will likely take effect by the end of 2024, which gives organizations time to gain visibility and control over their keys and certificates.
>can they see anything from the page I'm visiting that's encrypted with said certificate?
No. But they could MITM that website and read the traffic.
>there are workarounds for this, too; namely, DNS over TLS or DNS over HTTPS.
They can read the SNIs to get the domain name too.
https://www.cloudflare.com/en-gb/learning/ssl/what-is-encrypted-sni/
They can see what protocols you were using and how much data was transmitted as well. Generic Netflix logs that they are required to store for at least nine months per federal law. Most isps store that data for at least seven years, some store it indefinitely.
Would the amount of data be more of a redflag or your protocols?
An excessive amount of data would cause them to investigate. Oh I meant Netflow not Netflix stupid phone. Look into netflow to get an idea.
This assumes you're using dns over plaintext. I'm fairly certain that most browsers have dns over https/tls enabled by default.
>what is SNI
Shit i'm Not Interested in
Surely Not Ignorant
Encrypted Client Hello
>send all of your DNS queries to cloudflare
No, I don't think I will
Placebo. The ISP can see the IP address you connected to regardless, and this can be put in a reverse DNS lookup to recover the domain name.
>enabled by default.
no. it's still a option because people have all kinds of different dns solutions, including dnscrypt. if you use dnscrypt then you have no use for dns over https/tls etc.
with ech + doh, they only see the ip addy you connect to. If the site uses cloudflare that means nothing. alas this doesn't help josh very much.
do you think cloudflare gives a dedicated ip, with rdns access even, to every free customer? there arent enough ipv4 addresses in existence for that
the glowies can crack TLS so basically everything
>source: they just can, okay?
Its both, you zoom zooms
If they have a specific target that pissed them off, they can get the information easily
its just that the US has a ~250 million internet users, so only the snide retards that do shit blatantly or insist they're untouchable get sledgehammered
oh yes okay you just need to be target and they will solve quantum encryption, its like in ze movies
>muh zoomers
Argument invalidated
>The government is actually competent and not bloated bureaucracy that clumsily smashes the victim of the week
https://www.eff.org/pages/tor-and-https
they're still up?
They never really went down lmao only certain networks blocked access to their site and depending on your isp you could access it, or not.
they should still be up on tor, the only place that matters
the .st and .net domains are working fine.
and what's the site called?
>kiwifarms
fuck off this isn't technology
t. liz dong gone
Yeah it is, it's about internet censorship and not even on edge providers. Digital freedom is important, fool.
>Why is it so easy to get tier 1 backbone networks to censor the internet now?
In fairness, I think you actually have to be a turbokike with connections to get arbitrary internet censoring. I don't think YOU could email anyone to have my site taken down.
I couldn't care less about the silly site but I do find a clique of eunuchs having enough power to censor websites unilaterally very concerning
It's only easy if your dad is CIA and also the CFO of Cloudflare.
deep and overflowing baby-making sex with candice lynn
Honestly government should be happy that a group like kiwi farms is hyper fixated on pointless ecelebs.
If they actually tried digging stuff up that mattered it'd look bad for them.
Where's EFF and their right to freedom?
nobody cares about your transphobic forum
get off LULZ
O_O bot.
> LULZ
back to discord
Pretty sad that people so shitty as Kiwifarms exist.
They take these legal protections of free speech that were instituted to for people to voice meaningful political opinions or to educate the public about suppressed facts, and abuse these rights to harass people, thus turning public opinion against free speech because what Kiwifarms are doing is not in any way morally defensible.
It is morally defensible, except maybe the endless lolcow threads about people who make odd choices but are ultimately harmless
>You can't use free speech because it's actually not free and they'll take it away if they don't like it
Sounds like the so-called arbiters of these "rights" are the ones that need to give a moral defense
>pointing out that a former mp candidate and political commentator is a degenerate sex freak is no longer a political opinion
maybe you should just admit that you want to censor people you disagree with.
Well said.
I think that no one would care about Kiwi Farms if they didn't go harassing or doxing people.
Conversely, a lot more people would rush to its defense if it were just a website with unpopular opinions.
no, some "people" would still try to get Kiwi Farms shut down even if all it was doing was exposing the crimes of groomers
most people don't care about harassment happening, as long as it is only their enemies getting harassed
can you link some dox?
Why is dox bin up then?
why is twitter /tiktok up?
1000x more dox has been posted here than kiwifarms.
It's almost like no one whose opinion matters agrees with certain peoples' desire to host a stalking and doxing forum.
>monthly kiwifarts sob thread
Good. Fuck kiwifarms.
Why don't we start doing it to random places just for fun? If it's that easy.
Suggestions for where to start?
Resetera
It's not that easy and if you are not a member of the discord tranny circle-jerk your complaints will be simply ignored.
>Unserious computer experiment becomes backbone for world economy.
>Everyone acts like it's all railroad companies and not sex starved retards with bits of glass
it's been 30 years. it's time we made up our minds on what their roles are
>~~*Why*~~
oh no are isps bullying your bullying forum? oh no *cries*
how many bullies do there have to be on a site before it becomes a bullying site?
do you think there are no bullies on LULZ, or on facebook?
who gets to decide who are the bullies and who are the good guys?
your drivel is not fooling anyone
Nice argument. I am now convinced freedom is retarded. I have also started taking HRT. Thank you for your wisdom anon.
you can cry but you'll still die
The biggest bully gets to decide! And the one who can shill the most!
here's tldr from last stream
https://dox.abv.bg/download?id=213a6c6a44
if all those internet providers were common carriers would't this only apply to the US? so if a tier 1 carrier operates outside of the US they can still reject your traffic
>ITT retards learn basic internet infrastructure
>the battleground for internet censorship in 2023 is a tranny fart fetish video
That's it. I'm done. Shut it the fuck down. Humanity doesn't deserve it.
its pretty funny can you imagine it being submitted into evidence forcing a boomer judge to watch tranny fart fetish porn
Step back plebs, we're going to classically condition a judge to take a deep sniff every time they think about censorship. This isn't for the faint of heart or weak of nose, we're doing god's work in service of the people.
Where does Unbound fit into all of this?
Niger op is about the cable that carries your shitpost. unbound and all the retarded thread is irrelevant.
Willing to bet its a DNS level block. Anyone who isn't underage (i.e. not OP) will remember just how well that worked for blocking Piratebay.
No, they're forcing downstream AS's to not route traffic to the super bad man AS hosting kiwifarms. He use to run his own AS, but he couldn't peer, so he's using some Polish provider.
>kiwinagger thread
all fields
why does .st have no https when you first connect?
So has anyone tried this with other small websites?
you know who this really makes mad?
people who obsess about DSP
internet sleuths
people who start banal drama and maintain it because they are addicted to it
you suck go away
fuck off
eat dick
this is not some pragmatic thing you're complaining about