Open spirillen opened 6 months ago
This website is provided via Cloudflare and Vercel, at which point we have no control over the privacy practices of our visitors (please let me know if I'm misinterpreting your point).
The false certificate simulates a secure connection, but the connection is NOT secure.
misskey-hub.net is certificated by Let's Encrypt E1 which is certificated by ISRG Root X2. I think it's not a false certificate. For modern devices, ISRG Root X2 or ISRG Root X1 (which signs ISRG Root X2) is pre-installed but may not installed for older devices (OSes).
Could you provide more information about why do you think misskey-hub is using false certificate and why do you think it's possible to MITM attack?
This website is provided via Cloudflare (MITM) and Vercel, at which point we have no control over the privacy practices of our visitors (please let me know if I'm misinterpreting your point).
You are on the right path my young padawan :) , I'm looking for public available documentation, that I either can open locally from a secure and safe source or a secured public server.
Right now I can't access misskey.io
as well as it is insecure and CENSORS be browser
It is of course not up to me, whether you would like to have any admins to be able to access the documentation you have spent a lot of hours building, as of right now, they are all blocked by CrimeFlare.
misskey-hub.net is certificated by Let's Encrypt E1 which is certificated by ISRG Root X2.
We agree that CrimeFlare as the MITM agent have decrypted and then tapped all information and then "encrypted" it with a E1 which is certificated by ISRG Root X2
simulated key, as they do NOT hold your private key??
then connection is then untrustworthy to any as it is not signed by your private key.
For modern devices, ISRG Root X2 or ISRG Root X1
Have nothing to do with the case. You connection have been violated by decryption by Crimeflare.
Could you provide more information about why do you think misskey-hub is using false certificate and why do you think it's possible to MITM attack?
Have you ever understood what crimeflare is?? or how they are generating there income by giving away "free" services?? Do you know what CloudFlare is and operates there MITM-Proxy?
Remeber when you can't see the price, it is because it is in your back.
So Please read up on CrimeFlare before asking your next question regarding this privacy invasive microbe that is listening to more than 80% of the entire internet traffic to collect every data about YOU as they are the single larges MITM-proxy
CloudFlare is a HUGE threat against hour privacy and democracy, take it serious, they are acting in the dark, selling you lies about secure connection, while they DO decrypt all traffic to collect your PII data.
https://web.archive.org/web/20201128114348/https://www.cloudflare.com/insights/
https://kb.mypdns.org/articles/MTX-A-73/CloudFlare
Anyone who know where to obtain free public versions of misskey-hub.net
&& misskey.io
to build a API tool to delete well known spammers and other suspended account
https://forum.misskey.io/d/15-more-federation-moderation-and-security-features
also MITM infected by cloudflare :warning: You are free to think Cloudflare is unreliable, but I think that is not what misskey-dev people think. I do know that Cloudflare contributes significantly to this site, at least for DDoS protection. I also know that not a few services use Cloudflare.
If you would like to view the documentation on this site but hate being blocked by Cloudflare, you should be able to just fork/clone this repository and build it yourself following the license of this repository; AGPL-3.0 license.
To @u1-liquid, @Npepperlinux and @Sayamame-beans
You should really read up on what cloudflare is, but you are probably also in denial of what google and amazon is and how they are operating to track you down and strip you for ever last PII data.
Just sad, that people who indicates they are about privacy, no nothing about this topic.
š” Summary
Domain is unavailable (MITM) Unencrypted/decrypted by third party and it is encoring who have non-free access to the contents of your domain.
š„° Expected Behavior
END to END encrypted connection as implied, it should be encrypted by certificate and not eardropping by MITM, that fingerprint and PII registration.
š¤¬ Actual Behavior
The false certificate simulates a secure connection, but the connection is NOT secure.
The MITM censoring fingerprinting secured browsers/Connection from accessing the domain
The MITM Are decrypting the connection (MITM), collect PII data whitout warning or any other kind of information about this to the visitor.
š Steps to Reproduce
https://misskey-hub.net/
š» Environment
(For developer) Do you want to address this bug yourself?