So, Cloudflare analyzed passwords people are using to log in to sites they protect and discovered lots of re-use.

Let me put the important words in uppercase.

So, CLOUDFLARE ANALYZED PASSWORDS PEOPLE ARE USING to LOG IN to sites THEY PROTECT and DISCOVERED lots of re-use.

[Edit with H/T: https://benjojo.co.uk/u/benjojo/h/cR4dJWj3KZltPv3rqX]

https://blog.cloudflare.com/password-reuse-rampant-half-user-logins-compromised/

#cloudflare #password #cybersecurity

benjojo

2025-03-17 14:09:15

It feels quite uncomfortable that cloudflare is somewhat openly admitting to analysing login credentials that are going through the reverse proxy, and providing aggregated stats on it (without explicit consent of the user it appears?)

Based on Cloudflare's observed traffic between September - November 2024, 41% of successful logins across websites protected by Cloudflare involve compromised passwords.

Don't get me wrong the results are actually pretty interesting, but I just cannot think of a ethical way of doing this, and it feels kind of jarring that they just "did that"

https://blog.cloudflare.com/password-reuse-rampant-half-user-logins-compromised/

The developer in me hates what #CloudFlare's anti-bot checks are turning the web into. As a blind person, I'm occasionally frustrated at having to obtain an accessibility cookie to bypass the CAPTCHA. My inclusive design/accessibility professional side hates that those cookies have to be obtained in a way that doesn't fully respect privacy.

But simply as a human, what I find most objectional of all is CloudFlare's "Checking if the site connection is secure" messaging. That sounds like a good thing; how nice that this site is looking out for my protection as a humble web user! When in fact, my activity and circumstances are being checked against an arbitrary set of requirements and baseline-level metrics, to determine if I have the right to go where I want to go. It has nothing to do with security, and everything to do with information lockdown.

Of course, CloudFlare's lawyers probably signed off on this copy as being just close enough to the truth. They are checking that the site connection is secure... against bad actors. Which they may very well find to be you if they can't prove your human nature beyond reasonable doubt, so watch out.

@Tomasz Dunia #yunohost ✅, #WriteFreely ✅, ale szkodnikom z ⚠️ #cloudflare ⚠️ mówimy zdecydowanie ❌.

Poważne traktowanie decentralizacji i prywatności w internecie po prostu się wyklucza z tym co robi ta firma.
Chyba, że chcecie innym fundować doświadczenia takie o jakich piszę np tutaj:
https://soc.citizen4.eu/display/94d43991-1064-4bab-8b18-301784141881
https://soc.citizen4.eu/display/94d43991-3964-5178-f97d-36d177583887
Jeżeli ktoś chce wyczerpująco poznać wszystkie argumenty dlaczego cloudflare NIE to najlepsze miejsce jest tu: https://framagit.org/dCF/deCloudflare/-/blob/master/readme/pl.md
#StopCloudflare

MiKlo:~/citizen4.eu$💙💛

2023-05-02 20:56:25

@kravietz 🦇 @didleth 🇵🇱 🌈 🇺🇦 🇪🇺 ⚡ @Michał "rysiek" Woźniak · 🇺🇦
Dorzućmy do tego (oczywiście... 😞 ) media. Te takie niby tradycyjne. I nawet te niezależne, które od bigtechów mogłby się zupełnie obejść, czyli te bez reklam, finansowane oddolnie. Ale k*wa nie. Nawet one nie potrafią się obejść. Nawet takie #okopress potrafiło mnie kopnąć w dupę, kiedy pewnego dnia ja, ich zalogowany i płacący co miesiąc kasę czytelnik, zostałem powitany ekranem #captcha od #cloudflare . Dla okopress byłem znany (i chyba pożądany?), dla korpo, które sobie wybrali na #gatekeeper 'a już nie - bo wchodzę z trefnego ip. No więc od tego roku to cloudflare już nie za moje pieniądze...

@MB @Radek Czajka @Kierunkowy74 @szczur @wikiyu dlaczego torpedować ? Raczej wziąć ten rozwój "pod opiekę". Różnymi metodami. Np przez przywiązanie do swojej technologii (to przypadek #cloudflare i #wildebeest ). Albo robienie niby zwykłych ale wielkich instancji jako możliwego elementu dużych krypto-biznesów: https://mastodon.social/@atomicpoet/109550858784792605 . Albo (co się jeszcze nie stało ale ... https://mastodon.social/@noellopez/109919257718114101 ) po prostu rozszerzenie jakiejś dużej korpo-platformy o activitypub. Jeżeli taka platforma z dziesiątkami/setkami milionów kont się podłączy do federacji to w krótkim czasie może się przedstawiać ,że w zasadzie federacja = ich korpo .

Chris Trottier

2022-12-21 09:04:05

BIG NEWS: Pawoo.net, the world's 2nd biggest Mastodon instance, has just been acquired.

The entity acquiring them is the Mask Group, a business that also runs mstdn.jp and mastodon.cloud. They are also active in the so-called "Web 3.0" space.

If you haven't heard of pawoo.net, it's because many instances have de-federated from it.

https://finance.yahoo.com/news/mask-network-acquires-pawoo-net-070000858.html

A(z) Yahoo a Yahoo márkacsalád része

^{finance.yahoo.com}

calls them “notes” is because that’s what they are actually called in #ActivityPub - there are also other types, that other platforms use as well, including “article”, although, instances like #qoto have set the character count for notes at 65535 🙂

It’s been covered in this thread already that Quote Posts are simply beyond the control of mastodon devs, Eugen’s edicts, or local mastodon users or admins, because most other platforms support it and there isn’t anything #mastopub can do about it. In Misskey, users can disallow it, but that only affects other local users, so it’s s moot point (except for silo instances).

There are very few Fediverse platforms that aren’t taking advantage of most things that are possible, for example, #Soapbox now has federated events, and introduced custom emoji reactions like Misskey has, and live chat - Misskey’s traditionally led the way with these federating features with #Calckey going even further.

Some platforms however, intentionally incorporate a leaner set of features; #Smithereen is one example, it doesn’t even sccomodate boosts, which harkens back to #Myspace, #VKontakte (aka, “VK” - not sure I spelled that right), and very early #Faceplant days. #Epicyon has anti-silo capabilities baked in.

#Mitra has #Substack style subscriptions at it’s core. Anyone can subscribe remotely from any Fediverse server instance where the user can receive DMs - and in congruence with privacy concerns that are typically expected for Fediverse implementations, it’s based on #Monero (XMR).

Most platforms also support #Markdown, with Cakckey being perhaps supporting the greatest superset IIRC, including #LaTEX, and #Friendica, being much older than msstodon, has continued to evolve over the past decade and still has support for #BBCode too, and direct links for uploading images for those who prefer to.

I didn’t see any mention of Markdown support when I bothered to look at the mastopub roadmap, yet even on that platform, Quote Posts are all throughout the stream and people boost and reply to them as the time - and, as mentioned earlier, anyone can create a post, simply pasting the link from someone else’s post, and then boost that… Voila! Local #Quote_Post.

mastodon was successful in its arrogance of leveraging some pretty graphics and welcoming verbiage into a brand that Eugen weaponized against virtually all other Fediverse platforms, and now, with all of the fine forks like #Hometown and several newcomers, we’ll soon be seeing hardforking as a result of that hostility.

But not just forks, funding and ambitious development as evidenced by existing and emerging platforms like #Cloudflare’s #Wildebeest, Tumbler, and the very unique, #Django based Takahē Fediverse server that I wrote about here:

https://tallship.writeas.com/takahe-a-new-fediverse-paradigm

Average people are already migrating in larger numbers everyday away from the archaic mastodonian resource hog to other, more capable and promising (and friendlier) platforms elsewhere in the Fediverse that have integrated and fully support #masto_migration, and even ones that don’t (yet) haver that feature.

Unlike other dinosaurs and the eponymous mammal for which Eugen chose the namesake of his #TootSuite product, we shouldn’t expect extinction for his platform, but the apathy and indifference levels are rising, as is the enmity in many sectors of the community for what others perceive as a betrayal (or sellout), and that kind of self-inflicted damage is often difficult to mitigate, with waves of disenchantment reverberating get into the future… Just look at what happened to #SourceForge - it still technically exists, but never recovered after the community betrayal it committed years ago.

And finally, there’s a irony so obvious that’s it’s not even plausible to deny… Eugen subverted the very rudimentary principal that the Fediverse network is ideologically predicated upon - #DeSoc… There’s no question that his goals shifted to that if building a silo for himself, at least to some great degree. Very sad.

An interesting thing about condescending others, you find yourself alone and isolated in an otherwise vibrant, busy world.

#tallship #Takahe #ActivityPub #privacy #community_values #FOSS

⛵

.