[-] spottyPotty@alien.top 1 points 11 months ago

Ssh with ed25519 pubkey access and password login disabled works fine for me. I have access from my phone via termux and any other terminal software.

As far as your changing ip goes, you could have a cron job that periodically checks your current IP and notifies you of changes over telegram or other method.

[-] spottyPotty@alien.top 1 points 11 months ago

I was thinking of creating a power management module myself that would have had a raspberry pi receiving periodic battery level readings and controlling a relay accordingly but the battery on the laptop was already messed up.

I don't know whether it's possible to recondition a messed up battery by managing the charge cycles.

[-] spottyPotty@alien.top 1 points 11 months ago

Because it's "everyone's MITM" it would make it a perfect spot for state actors to tap into in order to surveil pretty much everything without anyone being able to notice.

Yep, that's my main point

[-] spottyPotty@alien.top 1 points 11 months ago

You trust your employer, don't you friend citizen?

This is exactly the original point I was trying to make regarding cloudflare.

The point that i take from this tongue-in-cheek sentence of yours is that no, we should absolutely not trust our employer with our unencrypted traffic.

But then on the other hand there are loads of people on here saying that, yes, of course we should trust cloudflare with having access to all of the data flowing through it.

[-] spottyPotty@alien.top 1 points 11 months ago

Maybe it's my fault for posting this in selfhosted. My question was of a more generic nature about security and privacy in general. You're right, r/privacy might be a better sub for this conversation.

In my case my reverse proxy (nginx) runs on the same machine as my backend. In fact nginx also serves all static data with the backend only serving api requests.

[-] spottyPotty@alien.top 1 points 11 months ago

To clarify, I did not mean MITM attack. It actually wouldn't make sense to say that cloudflare is a man in the middle attack, since it is a company and not an action.

I didn't include the word "attack" anywhere.

MITM is commonly used together with attack, so your misunderstanding is understandable. However the acronym just stands for Man In The Middle, which is why it is followed by "attack" in such situations.

[-] spottyPotty@alien.top 1 points 11 months ago

nginx can be configured to throttle connections and fail2ban to refuse them to mitigate this

[-] spottyPotty@alien.top 2 points 11 months ago

The question was a more general one, and not specific to my personal data needs.

The existence of such a ubiquitous centralised service that actually IS a MITM, whether they are malicious or not, seems curious to me.

As they say, if the product is free, then you are the product. If people accept, but recognise, a loss of privacy when using free services from Google and meta, for example, knowing that the data they provide is used for personalised ads, then how come CF's free tier isn't viewed with the same level of scrutiny?

[-] spottyPotty@alien.top 1 points 11 months ago

Isn't this also what many companies do to monitor web-traffic from their network?

[-] spottyPotty@alien.top 1 points 1 year ago

Good point. Who's to say that LetsEncrypt doesn't keep a copy of my private keys?

[-] spottyPotty@alien.top 1 points 1 year ago

When I visit one of the sites I manage, that goes through CF (my personal ones don't), I see that the certificate that the browser sees is one provided by CF and not the one that I create using LetsEncrypt.

[-] spottyPotty@alien.top 1 points 1 year ago

Thanks for the links

2

Regardless of whether or not you provide your own SSL certificates, cloudflare still uses their own between their servers and client browsers. So any SSL encrypted traffic is unencrypted at their end before being re-encrypted with your certificate. How can such an entity be trusted?

view more: next ›

spottyPotty

joined 1 year ago