- cross-posted to:
- privacy@lemmy.dbzer0.com
- cross-posted to:
- privacy@lemmy.dbzer0.com
cross-posted from: https://lemmy.ca/post/37638868 !privacy@lemmy.dbzer0.com
This affects Signal too
An issue with Cloudflare allows an attacker to find which Cloudflare data center a messaging app used to cache an image, meaning an attacker can obtain the approximate location of Signal, Discord, Twitter/X, and likely other chat app users. In some cases an attacker only needs to send an image across the app, with the target not clicking it, to obtain their location.
https://gist.github.com/hackermondev/45a3cdfa52246f1d1201c1e8cdef6117?ref=404media.co
Signal, an open-source encrypted messaging service, is widely used by journalists and activists for its privacy features. Internally, the app utilizes two CDNs for serving content: cdn.signal.org (powered by CloudFront) for profile avatars and cdn2.signal.org (powered by Cloudflare) for message attachments.
I support this because most all cloudflare websites require browser fingerprinting otherwise they will not serve you the page. The moment I enable the jShelter addon, I am cut off from a significant portion of the internet
CF is DNS you could be using it a lot and never know
I have a pihole serving DNS for my local network that is configured to use unfiltered Quad9 for upstream.
ok, you are certainly not a common user.