this post was submitted on 21 Jan 2025
127 points (98.5% liked)

Technology

72988 readers
2784 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
127
Cloudflare Issue Can Leak Chat App Users' Broad Location (www.404media.co)
submitted 6 months ago* (last edited 6 months ago) by otter@lemmy.ca to c/technology@lemmy.world
15 comments fedilink hide all child comments
 

cross-posted from: https://lemmy.ca/post/37638868 !privacy@lemmy.dbzer0.com

This affects Signal too

An issue with Cloudflare allows an attacker to find which Cloudflare data center a messaging app used to cache an image, meaning an attacker can obtain the approximate location of Signal, Discord, Twitter/X, and likely other chat app users. In some cases an attacker only needs to send an image across the app, with the target not clicking it, to obtain their location.

https://gist.github.com/hackermondev/45a3cdfa52246f1d1201c1e8cdef6117?ref=404media.co

Signal, an open-source encrypted messaging service, is widely used by journalists and activists for its privacy features. Internally, the app utilizes two CDNs for serving content: cdn.signal.org (powered by CloudFront) for profile avatars and cdn2.signal.org (powered by Cloudflare) for message attachments.

all 23 comments
sorted by: hot top controversial new old
[–] boaratio@lemmy.world 8 points 6 months ago (2 children)

I don't want to be a contrairian, but your cellphone carrier does this non stop. Cloudflare is not a good company, but this is the least of your problems.

[–] Rogue@feddit.uk 4 points 6 months ago

You have entirely misunderstood this exploit.

[–] ByteOnBikes@slrpnk.net 2 points 6 months ago (1 children)

How so? Asking out of curiosity.

[–] boaratio@lemmy.world 7 points 6 months ago (2 children)

I'm not trying to wear a tinfoil hat, but Snowden clearly revealed that the government is easily able to purchase cellphone location data based on GPS and tower data more easily than they can go through the FISA courts.

[–] Danitos@reddthat.com 3 points 6 months ago

Your cellphone provider very likely already sells this data.

I know mine does, because I attended a webinar of a buying company where they explicitly mentioned this.

[–] ByteOnBikes@slrpnk.net 2 points 5 months ago* (last edited 5 months ago)

Ah, thought you meant though metadata. Like a end user snooping through some obscure meta data method (even after cleaning) let's you triangulate something.

[–] nandeEbisu@lemmy.world 7 points 6 months ago

oh no, now they nkow I'm in the US North East, assuming I'm not using a VPN...

[–] hal_5700X@sh.itjust.works 6 points 6 months ago

Another reason why Cloudflare sucks.

[–] melroy@kbin.melroy.org 2 points 6 months ago (2 children)

Another reason to not use Cloudflare. Not that long ago they also "lost the log records" (this incident happened on November 14, 2024). I strongly believe the internet can become better without Cloudflare, especially now basically the whole world is depending on it.

[–] sunzu2@thebrainbin.org 6 points 6 months ago (1 children)

It is impossible to use most of corpo internet if you block cloudflare. Shit is wild.

Not sure who is down voting you lol

I wish people would respond with a rebuttal so we can move convo forward.

[–] melroy@kbin.melroy.org 2 points 5 months ago

I also have no idea why is down voting me lol. But you are 100% right. Could you imagine in the year 2000 that everything needs to behind Cloudflare in 2025 in order to have a functional internet? This shit is indeed wild.

[–] melroy@kbin.melroy.org 2 points 5 months ago

Sorry to see so many people still down vote me. What is wrong with you? The internet has become a joke. Moving all to cloudflare will only make the problem worse.

[–] sunzu2@thebrainbin.org 0 points 6 months ago

You don't need a VPN mate...

It ain't a solution but surely would help here