I noticed a library that has ethernet ports, which I must say is quite impressive. So many libraries strictly expect people to use wifi which has downsides:
- many (most?) wifi NICs have no FOSS drivers (ethernet is actually the only way I can get my FOSS laptop online)
- ethernet is faster and consumes less energy
- wifi radiation harms bees and other insects according to ~72 studies (update: separate discussion thread here which shows the research is heavily contested)
- apparently due to risk of surrounding households consuming bandwidth, 2FA is used (which is inadvertently exclusive at some libraries)
- enabling wifi on your device exposes you to snooping by other people’s iPhones and Androids according to research at University of Hamburg. Every iPhone in range of your device is collecting data about you and sending it to Apple (e.g. SSIDs your device previously connected to). From what I recall about this study, it does not happen at the network level, so ethernet devices attached to the same network would not be snooped on (and certainly SSID searches would not be in play).
- (edit) users at risk to AP spoofing (thanks @NoneYa@lemm.ee for pointing this out)
I don’t know when (if ever) I encountered a library with ethernet. Is this a dying practice and I found an old library, or a trending practice by well informed forward-thinking libraries?
BTW, the library that excludes some people from wifi by imposing mobile phone 2FA is not the same library that has ethernet ports, unfortunately. If you can’t use the wifi of the SMS 2FA library then your only option is to use their Windows PCs.
I really hope they are on their security game with this because this is ripe for abuse and disaster if not done properly.
WiFi pineapples can be made so much more easily under something like this. Where anyone can just plug in a router to an Ethernet port and set up WiFi, tricking people into thinking that the library is officially offering WiFi. Which it technically is since it would still be on their network, but could be hosting all sorts of malicious crap from the router connection.
Just one of the things that crossed my mind reading this.
The security pitfalls are far more vast on WiFi, in fact by your own suggestion: anyone in range of the library can setup their own spoofed AP. You can even be several blocks away and point a directional yagi antenna at a library or cafe to do this. It would be foolish to try this from inside the library because not only would you be in plain visible sight but the malicious traffic would be visible to the library’s admins (which in the case at hand is outsourced to Cisco). It would also be trivial for admins to detect when a new device is connected for longer than the library’s open hours.
You would have to evade the surveillance cams, ensure no trace of your identity on the router (which you would have to buy using cash), plant it using gloves so no fingerprints, and do something creative to hide it because the ports are in plain sight at waist level. If you opt to store the snooped data on the router which you then must return to fetch, that’s an insane risk that just would not justify the gains. And what do you think would be a gain that’s not possible over wifi? Even if the ethernet LAN differs from the wifi LAN, they would be configured with the same security anyway.
If someone wants to plant a malicious device in the library, wifi still makes more sense. E.g. an attacker can carve out a smartphone sized hole out of the center of a book and plant a device in a book that reaches wifi. Or if they want to power the device, there are still more options to hide it anywhere there is power, vs. trying to hide a device that must plug into an exposed ethernet port in an open room. Thus:
- the attack surface of wifi is bigger than the attack surface of ethernet
- the attack surface of ethernet is a subset of the wifi attack surface
A Venn diagram of this would be a circle wholly inside another circle. If someone thinks otherwise, please give a viable attack scenario.
As a library user, how do I know I’m not connecting to a spoofed AP? Users are trivially safer plugging into the wall.
(BTW, if you appreciate security, you might be interested to know that your instance [lemm.ee] is a Cloudflare site; thus a US gatekeeping tech giant sees all your traffic on that instance in-the-clear. You might want to change instances. You’re welcome!)
UPDATE
They really are (excessively) on their security game – it turns out the ethernet ports are just a decoy to distract hackers from resources that actually function. Though in seriousness, we can only say they are on their security game if we scrap availability as a security objective (as non-wifi users are stuffed in this situation).
Every lemmy traffic is public. NSA can just create their own instance and save everything. Why is it matter if one instance is behind cloudflare? The can also see your posts.
There are other services for private communication, lemmy was never advertised as one.
Every lemmy traffic is public.
Certainly not. Your unhashed password is not public. Your DMs are only normally visible to intended parties + their admins. Your IP address is only public when you interact in a generative way. Your login times and the links you visit are also non-public unless you generate content in response. Lemmy votes are also not public (unlike kbin).
NSA can just create their own instance and save everything.
No they can’t. Anyone can create an instance but that instance cannot inherently encroach on non-public data of other instances. But if the NSA is in your threat model for some reason, the NSA /can/ easily get what they want from Cloudflare and it need not even be a tailored ops scenario.
There are other services for private communication, lemmy was never advertised as one.
Disclosure is only the tip of the iceberg. Cloudflare is also a gatekeeper. When a lemm.ee user writes a post, there are several groups of people who are excluded from viewing it. Cloudflare controls which browsers people can use. CF users feed a business model that a privacy abuser profits from. There are countless problems with Cloudflare beyond the reckless disclosure problem.
Certainly not. Your unhashed password is not public. Your DMs are only normally visible to intended parties + their admins.
Can cloudflare see this? I don’t know how it is important? I can see the SSL cert of lemm.ee is not from cloudflare, so they can’t see https traffic.
No they can’t. Anyone can create an instance but that instance cannot inherently encroach on non-public data of other instances.
Do you know irl, personally who is the admin of sopuli.xyz? How can you be sure that they are not run by NSA or other countries’ agents? How can other instances know this and block them?
When a lemm.ee user writes a post, there are several groups of people who are excluded from viewing it.
Who? You only communicate with your instance, and the instances communicate between each other. Which instance cannot reach lemm.ee because of cloudflare? Please show one example. You can see my reply so you are definitely not one of them.
Can cloudflare see this? I don’t know how it is important?
You have to decide for yourself what’s important and who to trust. What you should consider though is that by choosing a Cloudflare instance, you needlessly overshare; you extend trust when you don’t need to which is a bad default policy. And you are trusting a massive singular tech giant who also has visibility on ~20-25% of all other web traffic in the world.
I can see the SSL cert of lemm.ee is not from cloudflare, so they can’t see https traffic.
It’s impossible for end users to know whether Cloudflare has a TLS private key. It’s also very rare for Cloudflare not to have the key because it would defeat the purposes admins use Cloudflare for. If Cloudflare cannot see the traffic, it cannot respond to requests and the full load must be redirected to the source host (thus DoS protection and performance benefits are effectively gone). The rarely used option for a web admin to not share their key with Cloudflare is only available to premium customers, which keeps the option rare.
Do you know irl, personally who is the admin of sopuli.xyz? How can you be sure that they are not run by NSA or other countries’ agents?
I cannot know, but it’s far easier to trust one entity than many entities. With lemm.ee you have a diffusion of responsibility problem (i.e. finger-pointing) if shit hits the fan… lemm.ee claims CF abused your data and CF claims lemm.ee did.
Who?
People whose ISPs use CGNAT, VPN users, the Tor community, libraries and situations of shared IP addresses in general.
You only communicate with your instance,
Not always. Sometimes I need to visit the original source. You cannot rely on 3rd party instances to keep a mirrored copy. Many instances are tight on space and when external content ages beyond a year they do a cleanup. There are also many visibility shenanigans with blocking where you realize you’re not seeing the whole conversation and need to visit original hosts to piece it together.
Which instance cannot reach lemm.ee because of cloudflare?
Any Tor instance would be inherently unable to reach lemm.ee, though I don’t know of any Tor instances myself (have not looked).
Ok so cloudflare can see my password hash and my pms, everything else is the same as you, I can live with that if it helps the instance admin manage his free work. I never planned to send a message on Lemmy.
People whose ISPs use CGNAT,
Afaik CGNAT shouldn’t be a problem by itself. Here where I live half the country is behind a CGNAT, and internet works well for common folks. Here you have to call the ISP if you want your own IP.
Not always. Sometimes I need to visit the original source.
I know images are not synced to your instance, but image upload severely limited on lemm.ee, max 500kB, for profile pictures and banners. I also see a lot other instances have similar rules, and encourage everyone to host the images somewhere else. I can see sometimes some instances are blocked by Ublock, so some profile pictures are missing. I haven’t met with your long thread problem yet, but I will take a look
Any Tor instance would be inherently unable to reach
Federation is not supported on Tor: https://join-lemmy.org/docs/administration/tor_hidden_service.html so you cannot tell an instance which is not working because of this.
Just to clarify, I’m also not a big fan of cloudflare, but I think there are more important problems with the internet nowadays, than how a very public service is hosted.
Ok so cloudflare can see my password hash
No, not the hash. The hash is only marginally sensitive. CF sees your /unhashed/ password (that is, your password before hashing).
everything else is the same as you,
Not at all. Cloudflare /only/ sees my public content, nothing that I listed as non-public. Of course that can change if Sopuli would suddently decide to use cf.
I can live with that if it helps the instance admin manage his free work.
Several instance admins have managed to offer their gratis service /without/ the Cloudflare compromise. So you’ve made a needless compromise in support of a harmful actor.
Afaik CGNAT shouldn’t be a problem by itself.
CGNAT users hit the blockade unpredictably. Cloudflare is anti-bot (that also includes beneficial bots). So if someone is perceived as running a bot on your network CF will either blackball the IP address or the whole range. You could then receive that blackballed IP address.
I know images are not synced to your instance,
There are many reasons why accessing the original post is useful. Images is indeed one of the problems with CF.
Federation is not supported on Tor:
In the free world of FOSS, we are not limited to what is “supported” because people can grab the code and support themselves. There is in fact a fedi client that shakes free of the server and directly accesses servers needed to assemble a thread. This tool was designed to resist fedi politics. It would naturally be blocked when accessing CFd servers over Tor. CF is just another case where a philosophically dubious configuration by a reckless profit-driven corp causes unforeseen collateral damage to human beings and broke the decentralization of the fedi with a purpose-defeating outcome. The fedi was designed for decentralization but obviously a gross oversight that a majority of fedi users are centralized on CF.
Lemmy votes are effectively public. They are sent to all federating instances. Unless this was changed? See https://lemmy.world/post/1033769
I recall reading in a kbin bug (which reported that votes are public and should not be) that Lemmy votes are not. So I could have been misinformed… i did not look into it.
How do you tell if something is a Cloudflare site? (I really don’t know)
There are several ways:
- You can hit F12 in either Firefox or Chrome, look at the headers for a “CF-ray” field. (or a simple CLI way:
curl -I "$URL" | grep -i cf-ray) - this page will check for you. (there is a clearnet version of that link but i don’t recall); caveat: if a non-CF host has CF hosts on the same domain, this checker treats all hosts on the domain as CFd.
- You can do a whois lookup to see if the IP belongs to Cloudflare.
- If you do a DNS query, that will often give clues (though AFAIK you cannot distinguish users of CF’s DNS service from those of their proxy service)
- There are some browser add-ons here which will tag Cloudflare sites so you can avoid them. The BMCA plugin will auto-redirect visits to CF sites to the archive.org mirror. Note those plugins can be tricky to install.
Note that your instance (lemmy.dbzer0.com) is free from Cloudflare.
Very useful information, thanks!
I’m in a minority here as a non-tech person, so I always appreciate the help.
- You can hit F12 in either Firefox or Chrome, look at the headers for a “CF-ray” field. (or a simple CLI way:
