@scottjenson using a #RogueISP like #ClownFlare is a problem, because they are just bad.

• Might just go with Russian "#DDoSguard" instead of #CloudFlare...

@percepticon or rather for being a known "#RogueISP" who acts as "#BulletproofHoster" catering to #Cybercrime specifically by flat-out ignoring any #AbuseReports and refusing to cancel customers that abuse their infrastructure for facilitating #CrimeAsAService (#CaaS)...

@varbin @f4grx @nixCraft @torproject Well, you can dynamically block them based off packet rate & amount of requests and rate-limit them as well as limit them in terms of transfer rate.

• Also #DDoS-Protection is something any decent #datacenter & #hoster offers (don't use value-removing middlemen like #CloudFlare as they are a #RogueISP who ain't even goox at their job!)

Not to mention you rarely see DDoS attacks from residential IPs and ISPs are quick to disconnect offending hosts upon reporting them, so worst-case one blocks a /24 for 24 hours.

• This doesn't even account for the fact that #Skiddie-Tools like #LOIC are easily dstinguishable and filter for.

Again: if this is a real problem, any decent datacenter / hoster / upstream will gladly pick up the phone or reply to your support request via mail.

• After all, they too don't like it when someone hammers their infrastructure, so they have a vested interest in #Blackholing bad traffic at the #IX level.

#DECIX even officially recommends that as a means to handle large-scale DDoS attacks and keep everyone else online.

• To me a "#Layer7" solution like #Anubis comes way too late as it already incurs billable traffic at many hosters and datacenters and we don't want to cough up money because of someone else trying to #blackmail us (which is the #1 reason for DDoS'ers to do so!)…

@Jarek I mean, I have entire #ASN|s on my blocklist due to being #RogueISP|s that refuse to handle #AbuseReports at all (or only upon LEA subopenas for CSAM & terrorism as in armed masked SWAT units kick in their doors and hold staff at gunpoint)…
https://github.com/greyhat-academy/lists.d/blob/main/drop.asn.block.list.tsv

@Linux #ClownFlare is literally a #ValueRemoving #RentSeeker that #MITM's traffic to capture #Logins in #PlainText & also acts as #RogueISP hosting everything from #CSAM to #Cybercrime and #Terrorism.

• There is no legitimate reason to use #CloudFlare for anything!

@DoctorBrodsky @woe2you @miah given #Quad9 bowed before the #Contentmafia and censored #DNS requests, I'll continue to recommend using #OpenNIC's Servers instead

94.103.153.176 & 2a02:990:219:1:ba:1337:cafe:3 as well as
144.76.103.143 & 2a01:4f8:192:43a5::2

• If you only add a single #IPv4 address, no #IPv6 resolution will take place over said provider or worse even no IPv6 connectivity at all...

I merely retain quad9 on said list for archival purposes. I Yeeted #CloudFlare aka. #ClownFlare since they are a #RogueISP!

@sirber @miah @Blort and #ClownFlare is a #RogueISP!

https://infosec.space/@kkarhan/114201410030390264

@freeagent @VTDARKSIM @miah

#Quad9 self-censored their #DNS and #ClownFlare is a #RogueISP!

https://infosec.space/@kkarhan/114201410030390264

@cR0w @troyhunt @dangoodin @benjojo @Viss @matthew_d_green

Seriously, #ClownFlare are at best a #ValueRemoving #MITM and more often than not a #RogueISP who's business model is a #RacketeeringScheme that should not exist to begin with.

• There is no legitimate reason to use #Cloudflare!

@kajer #CloudFlare is a #RogueISP and their "business" is at best #ValueRemoving #rentseeking but mire iften than not just a digital #RacketeeringScheme!

@0xF21D #ClownFlare is a #RogueISP and their #MITM-based approach eould've always allowed that.

• Why is ANYONE here surprised of that?

Seriously!

@Viss #CloudFlare is a #RogueISP known to offer Services in #Russia and to #CyberCriminals...

#ClownFlare is also a #ValueRemoving #rentseeker who's core product / service is essentially a #Racketeering Scheme and should not exist as any competent hoster offers #DDoS protection free of charge...

@cr #ClownFlare on it's own is a shure way to identify #CyberCriminals and criminally incompetent people.

• No legitimate business uses that #RogueISP!

#CloudFlare

@pgiulan #CloudFlare is a #RogueISP and needs to be disconnected & shutdown for good!

@AAKL @theregister @ssharwood #CloudFlare are #ValueRemovibg #Rentseekers at best and a #RogueISP at most!

• I listerally blicj their entire #ASN for #ITsec reasons alone!

@me because #CludFlare is a #RogueISP!

@fluepke I literally cancel companies for using #ClownFlare to this day!

• Cuz #CloudFlare is a #RogueISP…

@dee @agturcz Still, using #ClownFlare, which is a #RogueISP is a serious risk and it's up to @signalapp to actually not do that!

• This whole issue doesn't apply to any #XMPP+#OMEMO client or service I know of...

@max
To quote you directly:

"[...] easy to use solutions that are at the same time private and secure. [...]"

• The fact that @signalapp requires #PII like a #PhoneNumber which more often than not cannot be legally acquired anonymously makes it not #private.

It is easier, faster, cheaper and overall simpler to get someone setup with #XMPP + #OMEMO espechally if they don't have a #PhoneNumber and/or #ID to acquire a #SIM.

And if you go and say, "Just buy a [insert country here] [e]SIM!" and expect #TechIlliterates without a #CreditCard, #PayPal or other means of #OnlinePayment to fiddle around with some #eSIM if not having to get some #eSIMcard because they can only afford to maintain one SIM and can't spend triple-digits on a new devices then you completely missed the point!

• I can much faster and easier get TechIlliterates setup show them around - either in a @cryptoparty@mastodon.earth / @cryptoparty@chaos.social / #CryptoParty - style #classroom / #seminar or 1:1 tutoring than I can legally acquire and activate a new SIM in #Germany [since 07/2017]...

It's not that I expect anyone to get #TechLiterate within minutes, but similar to setting up a cordless DECT phone it's something one has to do once in 5 years and just have them put the password in a safe spot to retain...

Point is that #Signal #WontFix their setup and that was evidently clear even before @Mer__edith succeeded #MoxieMarlinspike: Their entire operation has a distinct #CryptoAG stench as it's an #unsustainable #VCmoneyBurning party!

• #CloudAct and the #NOBUS hegemony ain't something that just got executed now (neither was #GDPR & #BDSG!)...

A counterexample on how this could've been done are #Tor, #eMail and other truly #OpenSource as in #MultiVendor & #MultiProvider standards.

• NOTHING compells Signal to demand PII, run a #Shitcoin #Scam aka. #MobileCoin that even seasoned #TechLiterates and #CryptoBros can't setup properly, and in fact Signal using phone numbers makes it trivial to discriminate against users and easier for them to identify them!

• If my reasoning didn't resonate with you, then try helping i.e. undocumented migrants aka. "#SansPapier|s" to get setup with it without violating laws and/or ToS and/or needing an imported SIM which I'm shure most folks don't have on hand!

Whereas it's trivial to get people setup on one of many XMPP servers I've personally tested!

• Not to mention clients like @monocles / #monoclesChat and @gajim / #gajim are way more user-friendly and unlike Signal can also work perfectly fine over #Tor, including #OnionServices as endpoints.

AFAIK Signal doesn't even have an #OnionService / .onion for their Website, much less any #API enpoints to use it with!

• Them relying on #ClownFlare is just something that makes them even more #sus as there is no legitimate reason to use a #RogueISP like that.

You're free to also provide evidence and supporting data to your arguments, rather then neighsaying against proven to be more secure and reliable [by virtue of decentralization] options like XMPP+OMEMO and/or #PGP/MIME.

• What gets my blood boiling is the constant #disinfo by Signal Fanboys like @rysiek who sell it like #DigitalSnakeoil akin to #AntivirusSoftware, because it's at best "#TechPopulism" and at worst will mislead "TechIlliterates" with a false sense of security, which in turn puts more users at risk.

The proper fix is to actually assess the situation and acknowledge the risks and limitations as well as the very nature of communications, which means upgrading later is exponentially more painful, thus getting people properly setup once is way easier.

• Just because WE [ or rather @rysiek in this case ] rather privilegued enough to not be hatecrimed in their current location doesn't mean this is the case for everyone. And having places like Signal rely on a "#CDN" is just another red flag to me because questions like this one just don't arise with monocles.chat as people can just exercise proper #SelfCustody and just use Tor!

Speaking of #monocles: That business is at least #sustainable because it's funded by users (€2 p.m.) which they can pay anonymously