@josias Regardless of what pressures #TorProject to treat #Cloudflare unlike an adversary, the Tor-using public should certainly consider Cloudflare an adversary. And we can't turn to #EFF because Bruce Schneier is on that board as well, and the two projects both downplay Cloudflare's impact on those who superficially embrace the same principles at a high level.
@josias Bruce Schneier is (or was) on the Tor Project board, and I've found him to be a sellout in other situations, so I wouldn't be surprized if he has a hand in Tor Project not treating #Cloudflare as an adversary to their mission.
@josias We can only guess. It's almost as if some backroom deal was struck between Tor Project & CF. We know that Tor Project has contempt for those who use browsers other than Tor Browser over Tor, & that CF sites tend not to CAPTCHA Tor Browser but all other browsers are attacked when used over Tor. So it looks like a quid pro quo. But I must say that's just purely my speculation.
just like #TorProject censors people in IRC who criticize #TorBrowser in #tor, there are also ops in #tor-offtopic who censor those who disclose the fact that Tor Project is silently removing information that's critical of #Cloudflare from their website.
@FreePietje These companies support the #WarOnCash as members of the #BetterThanCashAlliance: #Unilever, #CocaCola, #Visa, #Mastercard, #Gap, #HandM, & #GatesFoundation. #Boycott them. https://www.betterthancash.org/about/members /cc @Br0m3x
@FreePietje These companies support the #WarOnCash as members of the #BetterThanCashAlliance: #Unilever, #CocaCola, #Visa, #Mastercard, #Gap, #HandM, & #GatesFoundation. #Boycott them. https://www.betterthancash.org/about/members /cc @Br0m3x
@ilyess It's the other way around. Your threat model depends on the threats. By inviting a new threat (by introducing cryptocurrency), you must expand your threat model. If you don't, your threat model simply suffers from being unfit for purpose. The phone number also makes Signal less secure because that's a needless vector for key recovery.
@ilyess I do not have a mobile phone & I function quite fine. I'm not interested in accts on Facebook, Twitter, Signal, and MS LinkedIn so it causes me no issues. Mandatory GSM registration is reason *not* to have a mobile phone subscription, not the contrary. The only number I give businesses is a voicemail-only number. Using #Signal to marginalize ppl w/out a mobile# is not okay.
it's interesting to see that #Japanese is the most common language used on #Mastodon: https://git.nogafam.es/deCloudflare/deCloudflare/issues/70
@ilyess @sergeant The mobile phone number requirement makes #Signal less secure than #Wire, #Jami, #Briar, & #Snikket. It creates a large & unpredictable attack surface in addition to expanding threat agents from the cryptocurrency. The worst part is it pushes an ultamatim on people: get mobile phone svc (huge can of worms) or be excluded.
@sergeant @ilyess #Signal is not a good recommendation either: https://github.com/privacytoolsIO/privacytools.io/issues/779 And #DuckDuckGo is also quite lousy: http://techrights.org/2021/03/15/duckduckgo-in-2021/
@ilyess @sergeant When Protonmail sends you a notice that you have a msg waiting, there's apparently no way of knowing if the msg that's waiting is actually just an announcement from Protonmail themselves. So you could be forced through hoops like Protonmail's #CAPTCHA only to find spam waiting. CAPTCHA has ruined #Protonmail as far as I'm concerned. I wouldn't want to lead someone their CAPTCHA trap
Protonmail
@jasper @silmathoron My PM emails are trapped by a CAPTCHA & it's very unlikely that someone is attacking my acct. PM wants users to think they are protecting them but really they are just protecting the bottom line. The problem is, it compromises security because you can't trust the on-the-fly #javascript that comes from hCAPTCHA.