27
2nd Cloudflare hack reveals the dangers of them seeing ALL passwords (monero.town)
submitted 7 months ago by SummerBreeze@monero.town to c/monero@monero.town
4 comments fedilink hide all child comments

Cloudflare just revealed on their blog that back in November a sophisticated hacker, likely a nation state, got access to some of their servers. This comes after a security firm identified a different vulnerability months earlier. This shows the true dangers of them overseeing all traffic and all cryptocurrency on all centralized exchanges. It's critically important you understand this:

https://simplifiedprivacy.com/cloudflarehack/

Tor Browser Onion: http://privacypkybrxebcjicfhgwsb3coatqechwnc5xow4udxwa6jemylmyd.onion/cloudflarehack/

I question that GetMonero.org is on Cloudflare. We should strongly reconsider this as we're downloading XMR wallet binaries from an organization not friendly to privacy. And the PGP public key to verify it is on the same Cloudflare website.

I do not have much say in this community as I’m new, but I ask you to bring it to the attention of those who do.

you are viewing a single comment's thread
view the rest of the comments
[-] blake@monero.town 6 points 7 months ago* (last edited 7 months ago)

Yeah tbh fuck cloudflare, fully compromised

cloudflare to host top level US government web services .gov https://cloudflare.net/news/news-details/2023/Cloudflare-Wins-CISA-Contract-for-Registry-and-Authoritative-Domain-Name-System-DNS-Services/default.aspx

however I understand why many people use it. it's the biggest of the ddos protection services, and with ddos mitigation, the beefier the better. i've seen plenty of smaller, ethical, cypherpunk ddos services but when the big ddos comes they can't help too much.

with something like monero - it's an obvious target for censorship, even temporarily - imagine a financial crash, or nation state revolution where people want to get their money out. perfect time for monero adoption, but getmonero.org is down to ddos. therefore being with cloudflare is the best protection. however if sed flight to monero goes against the interests of the USA and they threaten to pull their $8million contract from cloudflare, things might change very quickly (one of many ways in which corporations are controlled)

i guess it's still up for debate - obviously monero is a force of decentralisation so cloudflare is antithetical. but what is the alternative?

[-] SummerBreeze@monero.town 2 points 7 months ago

I'd recommend Bunny, they accept anonymous Bitcoin, and maybe we can pitch to them to start with Monero if they'll take us on as customers. Also if the person is willing to pay the EU VAT tax, then you get GDPR for customer data.

https://bunny.net/network/ddos-protection/

this post was submitted on 02 Feb 2024
27 points (84.6% liked)

Monero

1581 readers
20 users here now

This is the lemmy community of Monero (XMR), a secure, private, untraceable currency that is open-source and freely available to all.

GitHub

StackExchange

Twitter

Wallets

Desktop (CLI, GUI)

Desktop (Feather)

Mac & Linux (Cake Wallet)

Web (MyMonero)

Android (Monerujo)

Android (MyMonero)

Android (Cake Wallet) / (Monero.com)

Android (Stack Wallet)

iOS (MyMonero)

iOS (Cake Wallet) / (Monero.com)

iOS (Stack Wallet)

iOS (Edge Wallet)

Instance tags for discoverability:

Monero, XMR, crypto, cryptocurrency

founded 1 year ago
MODERATORS
admin@monero.town