Which git repo is used to host the article doesn’t matter. That project is mirrored on ½ dozen other repos. Did you follow the links of the citations? The article is well cited but sometimes the links go stale (or become cloudflared). If you had trouble reaching the cited sources plz let me know & I’ll get the author to fix it. Or you can file a bug report in the issues tab.

The bug is most likely in the scenario of a default Cloudflare config. Cloudflare pushes a captcha to all apps other than the Tor Browser that come over Tor (in the default config). This would of course cause the #Lemmy javascript to go apeshit.

Better or worse depends on who you ask.

I boycott Cloudflare and I avoid it. Some CF hosts are configured to whitelist Tor so we don’t encounter a block screen or captcha. For me that is actually worse because I could inadvertently interact with a CF website without knowing about the CF MitM. I want to be blocked by Cloudflare because it helps me avoid those sites.

The CF onion (IIUC) cuts out the exit node which is good. But CF is still a MitM so for me that’s useless.

Some users might not care that CF has a view on all their packets - they just don’t want to be blocked. So for them the onion is a bonus.

W.r.t CSAM, CF is pro-CSAM. When a CF customer was hosting CSAM, a whistleblower informed Cloudflare. Instead of taking action against the CSAM host, CF doxxed the ID of the whistleblower to the CSAM host admin, who then published the ID details so the users would retaliate against the whistleblower. (more details)

There is no way to “disable” cloudflare if an instance has chosen to use it. It will sit between you and the server for all traffic.

Some people use CF DNS and keep the CF proxy disabled by default. They set it to only switch on the CF proxy if the load reaches an unmanageable level. This keeps the mitm off most of the time. But users who are wise to CF will still avoid the site because it still carries the risk of a spontaneous & unpredictable mitm.

wow… that is terrible. You should not have had to go on a dig for such a simple limitation. All this fancy javascript and it failed to do a simple field length check.

Ah, well if the front page is 80kb that might explain it. So apparently there’s just some really heavy text especially if each subsequent page is anywhere near 80kb.

thanks for the tip. Yes I can see that there is an attempt to load images but there is a little prohibited icon. So I’m not sure what that really means. If images are disabled in the browser settings, then I think there should not even be an attempt to fetch them. I wonder if javascript is bypassing the config and fetching the image, but then the browser is simply blocking them from display.

If the message is edited for typos/grammatical errors, then there’s really no need for a notification as the message displays the posted time in italics (e.g., ✏ 9 hours ago).

I’m not sure why the relevance of the posted time in this scenario, but indeed I agree simply that typos need not generate an update notice, in principle.

If the message is so reworked as to say something else, “Bob” (your example) should do the right thing and post a new, separate reply to “Alice” in the same thread, donchathink?

This requires Bob to care whether Alice gets the update. Bob might care more about the aesthetics, readability, and the risk that misinfo could be taken out of context if not corrected in the very same msg where the misinfo occurred. If I discover something I posted contained some misinfo, my top concern is propagation of the misinfo. If I post a reply below it saying “actually, i was wrong, … etc”, there are readers who would stop reading just short of the correction msg. Someone could also screenshot the misinfo & either deliberately or accidentally omit Bob’s correction. So it’s only sensible to correct misinfo directly where it occurred.

I get what you’re saying though, that there should be some real integrity toward post/reply history, like diff maybe.

It would be interesting to see exactly what Mastodon does… whether it has an algorithm that tries to separate typos/grammer from more substantive edits. I don’t frequently get notices on Mastodon when someone updates a status that mentions me, so I somewhat suspect it’s only for significant edits.

(update) one simple approach would be to detect when a strikethrough is added. Though it wouldn’t catch all cases.

So let me get this straight… Bob does something no one else does

Straight away you don’t have it straight. Edits happen. The mere possibility of edits in fact encourages authors to produce ½-baked drafts in the 1st place knowing that they can always edit.

edit messages on somewhere no one else goes, adding significant content to something no one sees

Not sure what drives this logic. If no one goes there, the post/comment is unlikely to happen in the 1st place. And with no interaction in the thread, refinements are even less likely. If you don’t have at least two people participating in a thread, there are no notifications to speak of.

and then Bob wants to spam the world about the update with notification?

Bob wants to take no action at all and let a smart system handle notifications as needed. So your attempt to “get this straight” got everything crooked. Furthermore, your proposed solution is moreso aligned with Bob pushing “spam”, as Bob’s new & separate msg forces a notification as the platform has no way of distinguishing an update from a new msg. Thus it would be treated like a new msg and a notice would be sent.

Also, in this context, this wouldn’t be a bug, but rather a feature request

One man’s bug is another man’s feature. Luckily bugs and feature requests are handled in the same venue so it’s a red herring.

a feature that no one is asking for

Certainly not true anymore.

and doesn’t make the software better

One man’s bug is another man’s feature.

except to those that doesn’t follow social norms yet still demands to get into others’ inboxes.

You’ve misunderstood where the demand is coming from. It’s not the author; it’s the recipient. Someone posted a useful reply to Alice, Alice read it, marked it as read, & then Bob made a useful update. Alice did not receive the notice of the update. This “demand” comes from the recipient (Alice), not Bob the author. The update was for the recipient’s benefit not the author’s. It’s purely incidental that Alice discovered that an update happened because #Lemmy was not smart enough to notify me of the update (unlike Mastodon which is quite a bit more mature).

Instead, the appropriate behaviour is to not allow Bob to make edits after sometime (which many softwares have such feature for)

That’d be fair enough, but it would not have helped in this case where the edit happened the same day.

and/or make edit logs visible (also a common feature)

You’re imposing too much manual labor on humans. Machines are here to work for us not the other way around.

such that people who doesn’t follow expected norms

The norms adapt to the software. When the software does an extra service for people, they abandon norms that attempt to compensate for a feature poor system. And rightly so.

Heh… the funny irony here is that you actually missed my update to the OP, which says:

“For comparison, note that Mastodon (at least some versions) notify you upon edits of msgs that you were previously notified on.”

That’s of course a different scenario since crossposts don’t update (which could be a separate interesting discussion). But funny nonetheless because you missed an update while saying that tools should not be improved in favor of social / cultural change. I guess you should have thought to read the OP and compare it for changes (the social solution) :)

that’s kind of how things have been since pretty much early 2000s if not earlier.

We can dispense any sort of “conventional wisdom” in the course of moving forward with improvements.

Very specifically the comment that inspired my post was someone posting misinformation, then going back and adding a s̶t̶r̶i̶k̶e̶t̶h̶r̶o̶u̶g̶h̶ and highlighting their correction in red text. No correction would be more readable than that. The problem with your proposal is that misinformation is left there persistently misinforming. That can then be taken out of context (e.g. someone screensnaps the misinfo & uses it against the author). There’s also the problem that readers often do not read a whole thread top to bottom. This is proven by the number of votes (up or down), which appear in high numbers on high comments and drop dramatically after ~3 or so replies. You might argue that the post can be deleted, but that then creates a problem of responses not having context. And it creates confusion as people wonder “didn’t person X say Y?”

Are you sure it’s not just hiding the images but still loading them for layout purposes?

No, in fact this is my concern. It’s hard to know considering javascript is in the mix.

Is this mobile Firefox or desktop Firefox?

I should have been more clear-- it’s actually Tor Browser on the desktop. I said firefox to simplify, but then it occurred to me it could be relevant. Although I think the tor overhead is negligible.

I meant to say if you vote on the /comment/ you are replying to… which is apparently captured in a github bug report already.

Im glad we agree. Because its the entire point. You are nitpicking where it suits you and thats not really honest conversation.Tor browser isnt the only way to access tor

TLS is useful very specifically in the case of banking via Tor Browser, which is the most likely configuration the normal general public would use given the advice to access their bank over Tor.

There are entire swaths of the world, billions of people, where phones are basically the only gateways to the inter.

I do not recommend using a smartphone for banking. You’re asking for a huge attack surface & it’s reckless. People will do it anyway but to suggest that people should avoid Tor for banking on the basis that you’re assuming they are using a phone is terrible advice based on a poor assumption. Use Tor Browser from a PC for banking. That is the best advice for normies.

The point is, again, that Tor and specifically exit nodes are more hostile than normal ISP relays.

And again, those hostile nodes get less info than ISPs. They have to work harder to reach the level of exposure that your ISP has both technical and legal privilege to exploit.

Saying selling metatdata that is unencrypted is the same level of malicious as a nation state going after you (life and death) or having your identity or bank account stolen is clearly pretty naive.

Wow did you ever get twisted. You forgot that I excluded targeting by nation states from the threat model as you should. If someone has that in their threat model, they will know some guy in a forum saying “don’t use Tor for banking” is not on the same page, not aligned with their scenario, and not advising them. You don’t have to worry about Snowden blindly taking advice from you.

It’s naive to assume your ISP is not collecting data on you and using it against you. It’s sensible to realize the risk of a honeypot tapping your bank account and getting away with it and regulation E protections failing is unlikely enough to be negligible.

You still have to deal with getting your funds back and paying for stuff to live in the interim.

If you’re in the US, you have ~2-3 bank accounts on avg, and 20 credit cards (US averages). Not to mention the unlikeliness of an account getting MitM compromised despite TLS in the 1st place. Cyber criminals choose the easier paths, just as 3 letter agencies do: they compromise the endpoint. Attacking the middle of a tunnel is very high effort & when it’s achieved they aren’t going to waste it on some avg joe’s small-time bank acct. At best you might have some low-tech attempts that result in no padlock on the user side. But I’ve never seen that in all my years of exclusively banking over Tor.

Thats a bad assumption.

Not in the slightest. Everyone is subject to mass surveillance & surveillance capitalism.

MOST people arent really concerned with it in the western world.

Most people don’t even have a threat model, or know what it is. But if you ask them how they would like it if their ISP told their debt collector where they bank so the debt collector can go do an unannounced legal money grab, you’ll quickly realize what would be in their threat model if they knew to build one. A lot of Corona Virus economic stimulus checks were grabbed faster than debtors even noticed the money arriving on their account.

And thats not a Trump thing. its existed WAY before trump. Snowden showed that and it was Obama, not trump, that went after whistleblowers harder than any predecessor before them.

You missed the source I gave. Obama banned the practice of ISPs selling customer data without their consent. Trump reversed that. That is wholly 100% on Trump. Biden did not overturn Trump, so if you want, you can put some of the fault on Biden.

W.r.t history, echelon predates Snowden’s revelations and it was exposed to many by Nicky Hagar in the 80s or 90s. But this all a red herring because in the case at hand (banking customers accessing their acct), it’s the particular ISP role of mass surveillance that’s relevant, which Trump enabled. Or course there is plenty of other mass surveillance going on with banking, but all that is orthogonal to whether they use Tor or not. The role of Tor merely mitigates the ISP from tracking where they bank, and prevents banks from tracking where you physically are, both of which are useful protections.

Further trying to make this about “party” sides is a bad idea. Its something all parties

You can’t “both sides” this when it’s verifiable that Obama banned the practice and Trump overturned it. While Obama’s hands are dirty on a lot of things (e.g. Patriot Act continuity), it’s specifically Trump who flipped the switch to ISP overcollection. Citation needed if you don’t accept this.

And there are some areas where straight access TOR is illegal and can get you in trouble.

The general public knows your general advice to use/not use Tor is technical advice not legal advice, and also not specific to their particular jurisdiction.

That’s not a magic bullet for secuirty.

It wasn’t presented as such. Good security comes in layers (“security in depth”). TLS serves users well but it’s not the only tool in the box.

There are so many ways to exploit connections. Look at what happened here on lemmy with vulns leading to takeovers of instances with xss of session cookies.

Tor Browser includes noscript which blocks XSS.

The primary difference is your ISP is not generally actively hostile. They may want to sell metadata but they aren’t actively trying to exploit you.

Selling your metadata is exploiting you. And this exploit happens lawfully under a still-existing Trump policy, so you have zero legal protections. Contrast that with crooks stealing money from your bank account, where, if it’s a US account, you have regulation E legal protections.

If your ISP (or in some cases a nation state is your isp) is actively tracking you, then there are other alternatives that may be better.

Different tools for different threat models. If you are actually targeted by a nation state, Tor alone is insufficient but it’s still in play in conjunction with other tech. But from context, you were giving general advice to the general public telling them not to use Tor for banking, thus targeting is not in the threat model. But mass surveillance IS (i.e. that of your ISP).

But to answer my your question my thesis is tor is not necessarily a privacy panacea.

Tor is an indispensable tool to streetwise users. Of course it is a tool among other tools & techniques.

The threat model an American or European has is much different than someone from Vietnam or turkey or China, which is also much different than someone from the Nordic countries.

Those threat models all have a common denominator: mass surveillance. It is safe to assume mass surveillance is in everyone’s threat model as a baseline. Of course there are a variety of other threats in each individual threat model for which you couldn’t necessarily anticipate.

Also. Those running an exit node can and do sniff traffic.

Sure, but if you stop there with that statement you’re just FUD-scaring people from using the service that does more for their privacy than conventional direct clearnet usage. Every connection that matters uses TLS so the exit node honeypot only sees where the traffic is going, not what’s in the traffic and not where it comes from. IOW, the exit node knows much less than your ISP.

It’s bad practice to login to stuff that’s important (like banking) over tor.

It’s the other way around. You should insist on using Tor for banking. It’s a bad practice to let your ISP track where you do all your banking.

Also, nation states can track you using a variety of techniques from fingerprinting to straight up working together to associate connection streams.

And your thesis is what, that we should make snooping easier for them by not practicing sensible self-defense?

A large number of tor nodes are run by alphabet agencies.

Let them work for it - and let them give the Tor network more bandwidth in the process.

I don’t know if it’s even possible, but it would be cool if I could use the fediverse over TOR just for the sake of supporting TOR.

Here are two #Mastodon onion nodes:

• iejideks5zu2v3zuthaxu5zz6m5o2j7vmbd24wh6dnuiyl7c6rfkcryd.onion
• 7jaxqg6lfcdtosooxhv5drpettiwnt6ytdywfgefppk2ol4dzlddblyd.onion

Your timeline is backwards. The account compromise was July 10; the DoS attack came after that (July 15th). There is also no chatter of any kind about any attacks prior to July 10th.

I’d just like to know what your solution to DDOS and other bad actors is if it’s not cloudflare.

First of all DDoS from Tor is rarely successful because the Tor network itself does not have the bandwidth with so few exit nodes. But if nonetheless you have an attack from Tor you stand up an onion host and forward all Tor traffic from the clearnet site to the onion site. Then regardless of where the attack is coming from, on the clearnet side there are various tar-pitting techniques to use on high-volume suspect traffic. You can also stand up a few VPS servers and load balance them, similar to what Cloudflare does without selling everyone else’s soul to the US tech giant devil.

on something cloudflare already does extremely well.

CF does the job very poorly. The problem is you’re discounting availability to all users as a criteria. You might say #SpamHaus solves the spam problem “very well” if you neglect the fact that no one can any longer run their own home server on a residential IP and that it’s okay for mail to traverse the likes of Google & MS. A good anti-spam tool detects the spam without falsely shit-canning ham. This is why SpamHaus and Cloudflare do a poor job: they marginalize whole communities and treat their ham as spam.

A walled garden means there’s actual barriers to entry. Cloudflare isn’t a barrier to entry unless you’re planning to attack an instance

Yes to your first statement. Your 2nd statement is nonsense. The pic on the OP proves I hit a barrier to entry without “planning an attack”

or are using something like ToR

Tor users are only one legit community that Cloudflare marginalizes. People in impoverished areas have to use cheap ISPs who issue CGNAT IP addresses, which CF is also hostile toward. CF is also bot-hostile, which includes hostility toward beneficial bots as well as non-bots who appear as bots to CF’s crude detection (e.g. text browsers).

If that’s true then why are there reports of the attack bringing them down on July 15th?

centralizes those instances and adds a centralized point of failure.

Single point of failure just scratches the surface. It’s also a single point of access control, and a single point of surveillance.

All your lemmy interactions are mediated by your instance (dbzer0). If you’re having a problem with your notifications, or loading posts, or responding to content that’s a problem with your client and your instance. Full stop.

Full stop-- Not in the slightest. If that were true there would be no reason for web-facing publication by lemmy world to logged-out users. Having local copies of lemmy world content is an interaction convenience (and necessary for some ops) but it does not encapsulate the full UX. The discussion is openly visible to different extents from different platforms and angles. This is purposeful. And it’s important. It’s how you validate that you’re not in a malicious or oppressive bubble. You step outside of your instance to see what others see.

Nothing about decentralization says that all instances are required to allow YOU to access their instance. The opposite really, each instance is entitled to run however they want. The fact that you can still view and interact with posts (via your instance) says that decentralization and federation are actually working.

You’re conflating power with ethics. Sure, fedi nodes have power to pawn users to tech giants & push ads, sell data to Google & Facebook, surreptitiously share all traffic with Cloudflare Inc. without so much as even telling their users that their usernames, passwords, and DMs are visible to CF, etc. The fedi is designed to allow this. That does mean it’s just to do so. Evil nodes can and should be called out, exposed, and outcast, which the fedi is also designed to accommodate.

If you’re concerned about centralization and walled gardens you should be upset about the disproportionate number of users and communities that exist on lemmy.world.

I am. And I pointed this out already in another post in this thread. I deliberately join small instances.

You are true decentralization, those communities should be distributed across the fediverse rather than being at the whims of one instances admins.

Yes, but this only scratches the surface. Putting huge numbers of users behind Cloudflare on a single giant node is the most antithetical action a fedi node can do – and this is what Lemmy World has done.