this post was submitted on 05 Aug 2024
80 points (98.8% liked)

Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

54577 readers
176 users here now

⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don't request invites, trade, sell, or self-promote

3. Don't request or link to specific pirated titles, including DMs

4. Don't submit low-quality posts, be entitled, or harass others



Loot, Pillage, & Plunder

📜 c/Piracy Wiki (Community Edition):


💰 Please help cover server costs.

Ko-Fi Liberapay
Ko-fi Liberapay

founded 1 year ago
MODERATORS
top 16 comments
sorted by: hot top controversial new old
[–] Teknikal@eviltoast.org 38 points 3 months ago

Yeah I'm going to Summon Nintendo to explain their plans on how to cook a good Burger.

[–] neshura@bookwormstory.social 31 points 3 months ago (1 children)

I'm sure this is definitely going to go how the regulator thinks it will go. What with Cloudflare being one of the driving factors behind e2e encrypting more and more of the HTTP stack, making it ever harder for ISPs and other 3rd parties to see inside the HTTP traffic.

[–] 01189998819991197253@infosec.pub 3 points 3 months ago* (last edited 3 months ago) (2 children)

While true, to accomplish this, cf becomes a MitM, effectively making seeing encrypted traffic obsolete, as all traffic goes through cf unencrypted, before being re-encapsulated by cf again.

Edit, maybe I wasn't clear. It isn't a MitM attack, but it is a MitM (by design, it must be). In the wrong hands or the wrong management or under the wrong government, it could be the attacker, as it's in the perfect position to do so, but I highly doubt it will be in the current environment.

[–] neshura@bookwormstory.social 6 points 3 months ago (1 children)

I think you have the wrong idea about what I was referencing. I'm not talking about Cloudflare Tunnels but their Encrypted Client Hello. While Cloudflare could intercept the inital ClientHello the rest of the HTTP traffic still is encrypted between Client and Server not between Client and Cloudflare. In that sense they have not turned into more of a MitM than they (or any other DNS Nameserver) were already anyway. So unless governments decide to completely dismantle the trust chain the internet works on they won't be forced to fuck with ECH for anti-piracy either.

But ultimately anything going over a public DNS Server is susceptible to being compromised. We simply trust that the providers don't.

[–] 01189998819991197253@infosec.pub 4 points 3 months ago

Ah. Yes. You are correct. I read the page, and assumed cf as a whole, not only as a DNS.

[–] Natanael@slrpnk.net 5 points 3 months ago

CF has multiple options, you can use them as just a load balancer/firewall while handling your own TLS cert. I think most let them hold the cert so they can get CF caching services though

We have no plans for this, because it’s not our problem - as in, we don’t control anything about what you’re describing.

[–] electricprism@lemmy.ml 16 points 3 months ago

Its funny because it's like asking a business

What are you going to do to piss off customers and fix my issues.

Because the more they piss off customers the less power they keep.

[–] sunzu@kbin.run 11 points 3 months ago

lolwat

corpos and governments really do hate the concept of decentralization.

kill them with a thousand cuts :)

[–] drwankingstein@lemmy.dbzer0.com 11 points 3 months ago

Cloudflare: "I have plans!?"

[–] Netrunner@programming.dev 10 points 3 months ago

Want a spoiler? I bet they're going to circlejerk about more browser privacy invasion.

[–] onlinepersona@programming.dev -2 points 3 months ago (3 children)

Will there someday be an opensource, distributed search engine just because Google stops bringing up piracy in search results? It feels like some pissed of piracy crew might take it upon themselves.

Anti Commercial-AI license

[–] mexicancartel@lemmy.dbzer0.com 3 points 3 months ago (1 children)
[–] Midnight1938@reddthat.com 1 points 3 months ago

Yeaaa, but sometimes i get random results with gibberish description, with urls that lead nowhere

[–] Petter1@lemm.ee 2 points 3 months ago

Well, I search with prowlarr 😁 that is why we have tracker/indexer, no google required.

You can use preDB to check if a release exists and inly your indexers don’t have it. Then, you gotta find more indexers.

[–] Natanael@slrpnk.net 1 points 3 months ago