Phineas
commented
7 years ago @markofu This domain was & still is using the proxy service.
Closed markofu closed 7 years ago
Phineas
commented
7 years ago @markofu This domain was & still is using the proxy service.
Phineas
commented
7 years ago Never mind, received the email - removing the domain. Thank you!
markofu
commented
7 years ago Thanks @Phineas 👍
tonyztan
commented
7 years ago @Phineas @pirate Have we changed the policy? Why is a website currently using the proxy being removed? Thanks.
Phineas
commented
7 years ago @tonyztan They got an email specifically from Cloudflare saying their domain wasn't affected, I was forwarded it.
tonyztan
commented
7 years ago @Phineas Would this be a similar situation to #154 and #153, where there is "no evidence of compromised data", meaning "no leaked data found in several search engine caches", but also no positive evidence that definitely no data was leaked from the site at any point?
Phineas
commented
7 years ago @tonyztan Cloudflare specifically said in the email that their site was not affected in any way and their site was not on an affected proxy
tonyztan
commented
7 years ago @Phineas I see. Thanks!
tonyztan
commented
7 years ago @Phineas @coderobe Sorry to bring this up again, but would the comment from pull #210 have anything to do with this? As in, "we're not trusting cloudflare's 'you were not affected' emails", and "Anything that routes through Cloudflare could have possibly leaked data via third partys that caused the leak to occur."
coderobe
commented
7 years ago I don't know why this PR was merged. It should not have been IMO.
abalabahaha
commented
7 years ago The way Phineas worded his comment sounded like Cloudflare had responded personally to a support email, but the email subject in the screenshot he posted looks like the misleading blanket email Cloudflare sent...
coderobe
commented
7 years ago That's what it sounds like, yeah. CC @Phineas
pirate
commented
7 years ago @Phineas or @markofu can one of you forward me the Cloudflare email to LoLcloudflare@sweeting.me? If it was the blanket "your data wasn't found in caches" email, then I'd like to revert this PR asap, there's a lot of questioning going around the League of Legends forums and it would be nice to clear it up. It would also be great to link to an official LoL Cloudbleed response blog post, although afaik they haven't published one yet.
markofu
commented
7 years ago @pirate Hey, which questions are you referring to?
I work in Security at Riot (google me, if you want proof more proof, let me know). Regarding official word, we officially posted on LoL Subreddit last Friday evening. We may still post to the Forums but I'm doubtful on that. We have answered players' questions and concerns via the Subreddit and through our Player Support system.
We have had several calls with Cloudflare and I've forwarded you on a private email to us (at Riot).
If you still want to revert the PR, that's your call and I defer to your judgement on it.
Remove: account.leagueoflegends.com -> confirmation sent via email.