Darth Tiktaalik likes this.
reshared this
stux⚡, Coach Pāṇini ®, mvario, Florian Schmidt, Dgar, Em and Darth Tiktaalik reshared this.
like this
stefani banerian, Hypolite Petovan, Darth Tiktaalik and 猫猫 like this.
reshared this
DoomsdaysCW, stux⚡, Roni Laukkarinen, nullagent, Darth Tiktaalik, Simon 🌞, 猫猫 and Em reshared this.
Darth Tiktaalik likes this.
reshared this
Darth Tiktaalik reshared this.
When I was in my twenties, I was repeatedly denied a medically necessary hysterectomy because I might “meet a man who wants kids”.
I was left completely disabled, forced to undergo six surgeries, multiple blood & iron transfusions to preserve a diseased uterus for a HYPOTHETICAL child.
This happened in Canada, where we tend to be more Liberal than our neighbours to the South.
I was cishet and white, so faced less barriers to care than marginalized people do.
I still wasn’t permitted to make a decision about my own body.
Wasn’t trusted to know my own mind
I had zero quality of life. There was no way I could have been a mother even if I HAD wanted to (which I didn’t).
Yet a hypothetical future husband’s needs and desires were repeatedly put before my own.
I was told I would feel differently once I was “in love”. That my dream man would leave me
Basically imagine every misogynistic and patriarchal nonsense you’ve ever been told… I heard it all.
I watched my twenties slip away from a hospital bed, confused and disheartened by the fact that I couldn’t convince any doctors to let me make the choice that was best for my life & body
I eventually did get the hysterectomy, but only because I was literally bleeding to death.
What could have been a planned & controlled operation was done as an emergency and left me with tons of complications.
Autonomy doesn’t exist for uterus owners. And we’re losing more each day
I tell this story because I feel sick over what’s happening to Adriana Smith in Georgia.
She was a black nurse who tried to seek medical care. She was dismissed and it cost her life.
Now because of an abortion ban her body is being kept alive for a 9 week old fetus.
Her family had no say in the matter. She’s been turned into an incubator by the State. Had “care” forced upon her despite the fact that she couldn’t access proper care when she was alive.
The same day I found out about Adriana, I discovered that police in the UK are being given guidance on how to search a woman’s home & devices for any reference to abortion after a pregnancy loss.
Choice is an illusion. So is autonomy. And it shouldn’t be.
I don’t know where we go from here, but I do know that if I faced a battle to obtain a hysterectomy, more marginalized people living in less Liberal areas have it far far worse.
We need to tell our stories. I’ve told this story before, and I’m going to keep telling it until none of us suffer this way.
For the Adriana’s who can’t tell their story. For those we’ve lost and will lose. For the next generation.
We need to keep fighting for true autonomy. We need to support each other.
We need to make it clear that we do not agree with patriarchal fascist means of controlling our reproductive organs and by extension, our lives.
When we share stories, we help others know they aren’t alone. We educate people on how far we are from equality. We change hearts and minds
#patriarchy #misogyny #fuckthepatriarchy #fascism #roevwade #abortion #womenshealth #disability #ableism #misogynoir #womenshealth
Hypolite Petovan likes this.
reshared this
Darth Tiktaalik, Noujoum, Alex@rtnVFRmedia Suffolk UK, No Gods , no Masters! RESIST, n8chz 🩎, DoomsdaysCW, Woozle Hypertwin, GailWaldby@bsky.social and Florian Schmidt reshared this.
What’s worse, Adriana tried to get medical care for her headaches. She knew something was wrong. Despite being a nurse, she was dismissed.
When I had my hysterectomy complication, I was sent home 3 times from ER. Gaslit & told I was fine
I survived based on luck because I had a man to fight for me:
disabledginger.com/p/my-most-d…
#adrianasmith #misogyny #ableism #disability #patriarchy #eugenics #healthcare #obgyn
My Most Dangerous ER Experience and How My Advocate Saved My Life
A story of medical gaslighting, negligence and neglect that very nearly cost me my life - and how my accidental advocate (untrained and unprepared) saved me.Broadwaybabyto (The Disabled Ginger)
Thank you for sharing - I'm multiply marginalized and was denied basic needs to keep housing or have food assistance simply because I have never been a baby factory
I'm sexually inactive at age 41, never been active aka "a virgin" and I don't want children even having met a "man I love" dearly - I still don't fucking want kids
Here in the US I can't get govt aid because I have no minors in my care, I have a dependant but she's 72 yrs old
I was given a D&C to remove uterine fibroids, which were embedded and so of course the procedure didn’t work. It took over 10 years of pain, pointless procedures, and of bleeding so heavy that I could barely leave my house, until I could get a hysterectomy - and then only because I had found a surgeon who wanted to give me a hysterectomy so he could practice a new medical procedure on me.
The D&C procedure is also sometimes used for abortions. I’ve been crossing my fingers that I don’t get harassed about it by someone with an agenda looking at my chart. It was a useless surgery that I didn’t want.
I have a friend who's suffered similar treatment here in relatively liberal New Zealand. Even being told by one surgeon that the surgery they needed was "against God".
Even after a hysterectomy they still have diseased reproductive tissues that apparently "can't" be safely removed. They are very nearly 50 years old.
I don't need to have a uterus of my own to know that all of this is horrific madness and cruelty, and must me resisted with every effort. Thank you for speaking up.
Sensitive content
There are so many of these stories. I'm sorry it happened to you.
I have a family member who has two kids, and sought a hysterectomy for health reasons. She was denied because, "what if her whole family dies in an accident, and she later wants more kids with a new partner."
WTAF.
i hate that "you might meet a man who wants children"
Yes...so?...
Don't I get any say in the children department?
Thanks for telling it and sorry to hear it.
Yeah it’s such BS how many people gotta feel A Way about someone who can’t/won’t be having kids and impose on that person.
Like it’s fine for the person who can’t have kids to feel A Way about it, but that’s a matter for them, everyone else sit down, and if you’re a medical provider be a professional, f your feelings, do your friggin’ job and PROVIDE HEALTHCARE.
Same with Adriana's story

My story is too long for this thread.
All I can say is, we have to fight for the women coming behind us. They do not deserve to be treated as if they are not witnesses to their own ill health.
When a woman arrives in the ER?
SHE DOESN’T WANT TO BE THERE.
Treat. Her.
This must be heard all over the world, shouted out loudly, silencing al the paytriarchy macinery, weapons and vehicles. Or else, we're heading straight back into the middle ages, when everyone - but male 'leaders' and machos - suffered being alive.
Let's get this straightened out.
#fuckthepatriarchy
I talk about this all over your posts so I’m sure you have seen this and probably responded to me and I just forgot because brain fog sucks.
In NH USA we finally got a house bill through that would ban physicians for discriminating against us based on our age as long as we are adults, our marital status, the number of kids we have, and their perceptions of what we should be doing with our fertility.
We have women with lupus who can’t get sterilized even though getting pregnant would harm them. One women testified that an accidental pregnancy with her lupus caused kidney failure. The pregnancy didn’t even make it to term because of the lupus, her body attacked it like it does. So she just ended up with kidney failure and lots of medical bills.
Women of child bearing age are denied malaria medication when they need to travel because that medication would be really bad for them if they got pregnant. The men they are traveling with can have malaria medication, but not “ripe and fertile” women.
The most upsetting testimony came from women who were married to men who had vasectomies because these women and their husbands already knew they didn’t want kids, and these women still couldn’t get healthcare or sterilization because “what if something happens to him and you marry someone else who wants babies?”
HOW DISGUSTING that OUR plans for our bodies and lives don’t even matter if we are in a partnership, what if some other man wants to use our body later? How dare we take away that entitlement.
Now that I’ve seen this story I suspect it’s not “what if your husband dies?” it’s “if something happens to you we need your uterus (if this science experiment is successful)!”
Maybe I’m being crazy, but if they can grow a baby in a dead body are they going to try to grow one in my Perimenopausal uterus if I get arrested for homelessness from disability will I be ordered to serve out my time in a breeding camp where I put on life support where they can use my uterus?
this is too familiar. im transmasc. i had to wait until i had stage 3 breast cancer before theyd take me seriously bc i was infantalized as a "confused/anxious young lady, people in their30s rarely get cancer, stop fussing we know you just want ur tits off"
the surgical infection later was a similarly misogynistic xp. i lifted my shirt to show the ER doc the obvious cellulitis in a surgical drain& he went "i have no idea what im looking at here" ok but you should if you graduated med school
my partner and I didn't want kids. I looked into getting my tubes tied. I couldn't because I was too young, might regret it later, my partner might want kids (in spite of us doing this because we both didn't want kids)... even with my partner going in with me, nope. Not possible.
My partner went to THE SAME DOCTOR for a vasectomy. Got it pretty quick. Nothing about his wife, possible future mindset, or anything.
Same end result, but seriously. The hell.
I'm now wondering if any men had to pretend to be a husband so a woman with a medical need like yours could get the necessary treatment?
And yet everyone's pointing at Saudi where husbands have to give permission for so many aspects of a woman's life as if that's some backwards foreign thing and not common across so many "civilised" countries
There’s an awful article in The Washington Post today about how young men see the Tate Brothers as role models who have ‘easy answers’.
I’m not linking to it because I don’t want to give it any traffic.
The tone of the piece is about how hard men have it right now. How they get mixed messages and don’t know whether they should be ‘alpha’ or not.
Let me be perfectly clear, they don’t have it hard. This is accountability. That’s all. Men are finally being told they have to be responsible for their actions. That they can’t get away with misogyny, assault, rape and abuse. That we are fighting back.
If that’s ‘confusing’ for them, that’s their problem.
The Tate brothers don’t have the answers. They’re just propagating the same misogynistic and fascism adjacent narrative that many men have heard for years.
That Trump and Musk are only too happy to support.
That women are less than. That men can and should dominate us. That ‘being a man’ involves subjugating women.
It doesn’t. It shouldn’t. Call it out. Support women. Believe victims.
Say Gisele Pelicot’s name today. Let’s change the narrative.
#misogyny #mercigisele #patriarchy #fuckthepatriarchy #uspoli #fascism
Darth Tiktaalik reshared this.
They target trans folk because they think cishet folk will look away. They're counting on you not defending those who aren't like you.
They target Black and Brown folk because they think white folk will look away. They're counting on us not defending those who aren't like us.
reshared this
Darth Tiktaalik and Lysdexic reshared this.
I'm considering migrating from Fosstodon and I'd appreciate recommendations of alternate Mastodon instances with these features:
- medium/large
- main theme among my tech interests but allow general discussions
- ElasticSearch (full-text search)
- at least 2 admins/mods
- regularly updated stock Mastodon, no forks
Darth Tiktaalik reshared this.
Do we need to do this to ourselves?
In theory Bluesky is decentralized but in practice it isn’t. The AT Protocol supports decentralization but in practice, the network that most users participate in is run by a single company.
So unlike Mastodon, if that one company’s servers go down, the entire BlueSky service is down for all users.
techcrunch.com/2025/04/24/wait…
Wait, how did a decentralized service like Bluesky go down? | TechCrunch
It turns out that decentralized social networks can go down, too. On Thursday evening, the decentralized social network Bluesky experienced a significantSarah Perez (TechCrunch)
reshared this
Klaudia (aka jinxx), Rokosun, Darth Tiktaalik and Darth Tiktaalik reshared this.
That's not what happened. The storage nodes (the PDS, that are actually decentralized) run by BlueSky PBC were down because of a DDOS. People that are running their own PDS were not impacted. The front-end (called the "AppView" in ATProto lingua) was also not impacted.
The exact same thing could happen if a Mastodon host is down because of a DDOS.
Ooof 😟 this morning i got the server bills and currently im still a massive €470+ short..
Upcoming week I'm gonna dedicate go clean up servers, merge some to cut costs
Unofrt active users has gone down but the cost do keep return and even increase every month
Please, if you can and want, help me out with these bills
paypal.me/stuxOS
patreon.com/mstdn
ko-fi.com/mstdn
bunq.me/stuxhost
stux.me/donate
liberapay.com/mstdn
Boosts would also be a help❤️
stux.me:~$ Support By Donation
Most if not all the work I do (online) I give away for free! Personally I dislike advertisements so I won't apply those either.stux (stux.me:~$)
reshared this
dansup, Dgar, DoomsdaysCW, Lenz Grimmer, Alex@rtnVFRmedia Suffolk UK, Lilly Hunter, BrianKrebs, SpaceLifeForm, Em and Darth Tiktaalik reshared this.
@hamkaas Oh yes, for sure 😉
Gotta pay all bills first each month and we save what we can miss, if any to set aside for rings and a wedding (but thats more distant, first the question )
May I ask are the bills in line with the previous ones, or/and can you see peaks that can be read as being due to outside/AI scrabbing?
Also hoping you get the bills covered. That's an important thing you're doing.
If you are going to ask for money every month, have you considered flipping the script?
Turn the server into a subscription-only system, but make it so that each paying subscriber gets to invite N people (where 3 <= N <= 10)?
I'll share this github issue again: github.com/mastodon/mastodon/i…
It needs more discussion and, preferably, support.
Have option to setup paid accounts in admin menu · Issue #34289 · mastodon/mastodon
Pitch Costs for running an instance are around $1 / active user / month, yet currently the best we have to financing this is running out of your own pocket or pleading every month to receive enough...GitHub
The server bills are paid ❤️ thank you so incredible much for your support
This takes away my biggest worry for this month I'm gonna do my best to cut down costs but without it impacting any service!
Without your help i would not be able to affort to run all our services ❤️ thank you!
Florian Schmidt reshared this.
Congrats on raising so much money so quickly. A clear sign people appreciate what you do, stux⚡
👏
If many give a small donation, he will hit his target.
reshared this
nullagent, Aral Balkan and Darth Tiktaalik reshared this.
reshared this
Darth Tiktaalik reshared this.
reshared this
Easydor, Isaac Ji Kuo, GailWaldby@bsky.social, stux⚡, Florian Schmidt, Cory Doctorow, Space Catitude 🚀, Coach Pāṇini ®, Lenz Grimmer, Jonathan Beverley and Darth Tiktaalik reshared this.
That's exactly what happened with Canada.
Asked clearly what we could do, no answer, no fucking clue, it was just for show.
Negotiating in Good Faith with a person who has a line of authority to make a deal is the foundation of negotiations. I'm not spitballing, I did this for a living.
Japan HAD to walk away. No one else should waste their time.
JonChevreau reshared this.

Your donation means hope to us in these difficult times.
Please don't ignore us.🙏
gofund.me/b485f196
Donate to Help Sehwel Family with their Medical treatment, organized by Mariam Shwel
Hello everybody, We are Munther Sahweel, we are here to ask you urgent as… Mariam Shwel needs your support for Help Sehwel Family with their Medical treatmentgofundme.com
Darth Tiktaalik reshared this.
Gawd.. Do I wish I was wrong about #Trump
I remember people telling me not to call him a fascist or dictator
Where are they now?
Darth Tiktaalik likes this.
reshared this
Grant 🇺🇦ArmUkraine🇺🇦, SpaceLifeForm, Darth Tiktaalik, Lesley Carhart and Isaac Ji Kuo reshared this.
they duped you.
I too was warned not to use the correct true fact, he is a fascist.
they were never in denial.
they were either incredibly stupid, or more likely, actively rooting for him to be fascist.
Darth Tiktaalik likes this.
reshared this
Darth Tiktaalik reshared this.
Darth Tiktaalik likes this.
reshared this
Darth Tiktaalik reshared this.
reshared this
Gordon J Holtslander, DoomsdaysCW, Calisti 🏳️🌈🦇, Cory Doctorow, No Gods , no Masters! RESIST, BrianKrebs, Claudius, Em and Darth Tiktaalik reshared this.
Black Maga Discovers Racism
youtube.com/watch?v=qcJv5d9iwZ…
FAFO season continues in the familiar streets of Black Maga. It was all fun and games waving the Maga hat and complaining about the plight of Black Conservatives before Trump was elected. It was all good just a week ago. But now..chickens have come home to roost and Leopards are eating faces. Racism you say? Not Maga!This Black Conservative TikToker now has put away her Black Maga hat to solicit help for her son who, as she calls it is dealing with 'racial injustice.' The kind they call us victims and snowflakes for pointing out.
#TrumpSupporters #maga #blackMaga #reeseWaters #fafo #LeopardsAteMyFace #racism
Black Maga Discovers Racism
FAFO season continues in the familiar streets of Black Maga. It was all fun and games waving the Maga hat and complaining about the plight of Black Conservat...YouTube
like this
Digit Siljrath and Brian Small like this.
reshared this
rulideg and Danilo Siqueira reshared this.
It is appearing very likely that #RationalWiki will be dissolved this year due to lack of legal representation (no pro bono lawyers came forward and we do not have funds to hire a lawyer). Meritless #defamation lawsuits were filed against us by "human biodiversity"/"scientific racism"/pro-eugenics plaintiffs. The plaintiffs are consequently likely to win their cases by default.
#law #racism #eugenics #slapp #nonprofit
rationalwiki.org/wiki/Racialis…
Racialism
Racialism (also known as scientific racism) is a set of far-right pseudoscientific ideas which hold that humanity can at all be meaningfully divided into biological categories ("races") that are both broad (each category should include many humans, s…RationalWiki
reshared this
Darth Tiktaalik reshared this.
We have new batch of GOOD transgender news for you!
tapatalk.com/groups/crossdream…
#transgender #trans #LGBTQ #LGBTQIA
Crossdream Life-Good Transgender News
California Democrats on an Assembly committee blocked two bills Tuesday that would have banned transgender athletes from girls’ sports, locker roomsCrossdream Life
reshared this
Darth Tiktaalik reshared this.
I totally missed #PortfolioDay, but I make a post anyway 😅.
Hi, I’m Daniela, I’m an autistic comic artist from Berlin/Germany and I make comics about autism/neurodivergence, cozy fantasy art and cute/happy art!
#MastoArt #CozyArt #FantasyArt #Autism #DigitalArt
fuchskind
fuchskind ist bei Wonderlink, die ONE LINK ONLY Linkbaum-Lösung für all Deine Sozialen Netze.Wonderlink
Darth Tiktaalik reshared this.
reshared this
Democracy Matters, Isaac Ji Kuo, GailWaldby@bsky.social, Jyrgen N, stux⚡, Lenz Grimmer, Grant 🇺🇦ArmUkraine🇺🇦, ahimsa, Gordon J Holtslander, der.hans, SpaceLifeForm, Peter Lichota, Evan Prodromou, David J. Atkinson, JonChevreau, crossgolf_rebel - kostenlose Kwalitätsposts, Coach Pāṇini ®, Em, Rokosun, Tinyrabbit ✅, Dan Gillmor, Karl Voit, David Adler, CatSalad🐈🥗 (D.Burch), Aral Balkan, lorax b. horne 🍉, David August, beladona, Florian Schmidt, DoomsdaysCW, Till and Darth Tiktaalik reshared this.
It didn't start with Trump as you say.
Guantanamo is a more recent example.
It already happened to several US citizens and also to tourists who just loved the U.S. tourist folder pictures. And when ICE don't arrest you: beware because in the U.S. any idiot you meet in the street could be carrying a loaded gun.
Being homeless, I have lost my "papers" yet again do to my house being stolen AGAIN. I'm done replacing them and just waiting for ICE to send me to Germany where one branch of my family came from about a century ago.
Oh, BTW, I swore to defend the US Constitution against foreign and domestic terrorism in THIS country.
citizens, look up extraordinary rendition!
It's the same law is it not, the "Alien Enemies Act" that the Trump regime is using to disappear "non-citizens" to the El Salvador prison?
The law that President Roosevelt used in 1942. It's from 1798.
Under Trump It's not theory. They are already trying: x.com/BridgetCambria8/status/1…
And if we consider domestic torture camps, it's not distant future, it's a signed decree right now called "wellness farms" open for anyone doing drugs, needs medicine or struggles with mental health. What this means? Bet "Trump Derangement Syndrome" will be in the next ICD: en.wikipedia.org/wiki/Trump_de…
Scientific America has more about Wellness Farms: scientificamerican.com/article…
If we phrase it "(US) citizen put into (domestic _or_ foreign) camps by US government" - do I really need to go on? Guess everyone interested in the topic already has some bells ringing about current and past things going on. I'd even argue the war on minorities and activists isn't specifically a Trump thing, just the pace at which it happens and that the gov is so vocal about it.
Also there is a fun story from germany: Hungary asked for extradition of someone, court rules in first instance to extradite a german citizen. But as prison conditions are expected to be free of human rights it went to a higher court. Cops were informed that courts first instance decision isn't final but cops went up early that day to deport the woman - while in parallel the court was deciding that she can't be extradited. When she was there the word was "yea, sorry, too late, can't get her back no more". Meanwhile court ruled the extradition was illegal in first place. But has no consequences: tagesschau.de/inland/ausliefer… (german)
Why Is the Trump Administration Villainizing Mental Health Meds for Kids?
A federal commission to examine U.S. chronic disease could undercut real treatment for kids with depression, ADHD and other mental health challengesScientific American
An Ivermectin Influencer Died. Now His Followers Are Worried About Their Own ‘Severe’ Symptoms.
unmc.edu/healthsecurity/transm…
An Ivermectin Influencer Died. Now His Followers Are Worried About Their Own ‘Severe’ Symptoms.
(Vice) Danny Lemoi took a daily dose of veterinary-grade ivermectin and told his thousands of followers to give the drug to children. He died of a common side effect of the medication. Just before …The Transmission
Cubans the Latest Latinos For Trump to Find Out
youtube.com/watch?v=gbivs51Y0b…
#TrumpSupporters #LatinosForTrump #maga #fafo #CubanImmigrants #VenezuelanImmigrants #DonaldTrump
Cubans the Latest Latinos For Trump to Find Out
Latinos for Trump this is your FAFO moment. Think Maga will come to your rescue? Marco Rubio? Trump? Instead, the Trump administration will be revoking the l...YouTube
reshared this
Darth Tiktaalik, Darth Tiktaalik, Lenz Grimmer, Blaise Pabón - controlpl4n3, TheConstructor (he/him), Easydor, der.hans and Florian Schmidt reshared this.
reshared this
Noam writes, Esther Payne, Eniko (moved ➡ gamedev.place), Infrapink (he/his/him), Dgar, DoomsdaysCW, alcinnz and Darth Tiktaalik reshared this.
'Segregated facilities' are no longer explicitly banned in federal contracts
Man votes Trump, wife gets arrested & imprisoned
youtube.com/watch?v=c6iq71Itcs…
#donaldTrump #trumpvoters #trumpsupporters #ice
Man votes Trump, wife gets arrested & imprisoned
💻 Sponsored by Aura: Try it free for 2 weeks! See if your data is safe at https://aura.com/pakman-- A man votes for Donald Trump and his Peruvian wife is su...YouTube
GOP state Sen. Justin Eichorn arrested on suspicion of soliciting sex with a 16-year old girl
So, Cloudflare analyzed passwords people are using to log in to sites they protect and discovered lots of re-use.
Let me put the important words in uppercase.
So, CLOUDFLARE ANALYZED PASSWORDS PEOPLE ARE USING to LOG IN to sites THEY PROTECT and DISCOVERED lots of re-use.
[Edit with H/T: benjojo.co.uk/u/benjojo/h/cR4d…]
blog.cloudflare.com/password-r…
#cloudflare #password #cybersecurity
It feels quite uncomfortable that cloudflare is somewhat openly admitting to analysing login credentials that are going through the reverse proxy, and providing aggregated stats on it (without explicit consent of the user it appears?)Based on Cloudflare's observed traffic between September - November 2024, 41% of successful logins across websites protected by Cloudflare involve compromised passwords.
Don't get me wrong the results are actually pretty interesting, but I just cannot think of a ethical way of doing this, and it feels kind of jarring that they just "did that"blog.cloudflare.com/password-r…
Password reuse is rampant: nearly half of observed user logins are compromised
Nearly half of observed login attempts across websites protected by Cloudflare involved leaked credentials. The pervasive issue of password reuse is enabling automated bot attacks and account takeovers on a massive scale.The Cloudflare Blog
reshared this
stux⚡, Karl Voit, 📡 RightToPrivacy & Tech Tips, Stefan Rother-Stübs, Florian Schmidt and Darth Tiktaalik reshared this.
Robert [KJ5ELX] :donor: (@0xF21D@infosec.exchange)
Recently I boosted a couple of links about cloudflare doing some sort of password re-use analysis on passwords they saw through their WAF. This was not a technical post. It was a call to attention.Infosec Exchange
wrote: "[...] something we technically knew was going on before but didn't consciously consider a threat, until now."
I've been warning for CDN's like Cloudflare and Fastly (and cloud providers in general) for a long time.
Here's a recent toot (in Dutch, the "translate" button should do the job): infosec.exchange/@ErikvanStrat….
If you trust Google to translate it (guaranteed NOT error-free, it *may* work in other browsers than Chrome): infosec-exchange.translate.goo…
P.S. Fastly knows your infosec.exchange login credentials.
#Cloudflare #MitM #AitM #Fastly #CDN #TLSinterception
Erik van Straten (@ErikvanStraten@infosec.exchange)
Attached: 1 image Risico Cloudflare (+Trump) 🌦️ Achter Cloudflare Steeds meer websites zitten "achter" het Amerikaanse bedrijf Cloudflare. Stel u opent https://pvv.Infosec Exchange
If your adblock is good enough you always see the captchas, so you always know when a thing is cloud flair.
Also, who's not doing single use email addresses? Every site is a sea of spammy notification/cart abandonment/special offer/watch list/privacy policy update/m&a mail... And thats before they get pwned or sell your details.
Who wants all that in one mail box?
I already get a bitcoin scam call every 2 weeks because i enabled sms 2fa one place and scammers got hold of the number. At this point they know i know and they know i know that, but the guys on the phone have a call/hour quota and they gotta pay rent i guess...
@EndlessMason @ErikvanStraten @malanalysis Cory Doctorow @pluralistic argued that hiding your email address from spambots is futile anyway so he doesn't worry when he publishes it regularly: theguardian.com/technology/201…
He needs a good spam filter technique though. Afaik he is still using the same email address.
Keeping an email address secret won't hide it from spambots
The spam wars aren't going away soon but treating public email addresses as secret is of no benefitCory Doctorow (The Guardian)
@skaphle @EndlessMason @ErikvanStraten @malanalysis @pluralistic
A good promo for #Thunderbird , it’s a very good email client. I use it as well (not that my use is any recommendation whatsoever next to Cory’s :)
: Cloudflare is evil anyway.
Cloudflare reverse-proxies (or -proxied):
-
cloudflare.com.save-israel·org
-
ns.cloudflare.com.save-israel·org
-
albert.ns.cloudflare.com.save-israel·org
-
sydney.ns.cloudflare.com.save-israel·org
-
I don't know whether any of these domains were or are malicious, but such domain names are insane; expect evilness.
See also:
crt.sh/?Identity=save-israel.o…
Tap "Alt" in the images for more info.
#CloudflareIsEvil #BigTechIsEvil #AitM #MitM #DV #DVCerts #DVCertsSuck #BrowsersSuck
I may have a suggested edit for them, for brevity's sake:
Keeping user accounts safe with Cloudflare
FUCKING BLOCK IT
it's long known that the cloudflare proxy in the free tier will terminate SSL at their servers and re-encrypt it on the way to your host. They can basically analyze everything sent through the proxy.
So I'm honestly not surprised at all that they do, in fact, analyze the data users willingly throw at them.
Personally I am using* CF for my domain and DNS as well, but without proxy because of that.
*Because sadly, they are the only ones having a proper API to get letsencrypt certs via DNS auth.
not sure if that is using the monitoring, or enabling the monitoring
HTTP only, opt-in.
You can (should) do this at home.
“Once enabled, leaked credentials detection will scan incoming HTTP requests for known authentication patterns…”
to be clear, the blog post states they got their data from a feature you need to enable and configure. So this shouldn't be a surprise to most cloudflare customers.
developers.cloudflare.com/waf/…
developers.cloudflare.com/waf/…
Leaked credentials detection · Cloudflare Web Application Firewall (WAF) docs
The leaked credentials traffic detection scans incoming requests for credentials (usernames and passwords) previously leaked from data breaches.Cloudflare Docs
my iPhone does this and it’s creepy AF. It will tell me if other people use similar passwords or if mine would be easy to guess. But it will also tell me if my password has been in a data breach which has been helpful because half of these data breaches I only find out about by seeing the notation in my iPhone password area.
Then google tries to force me to set up a “passkey” which won’t help me login to Google Voice on my computer to do two factor authentication if I ever lose my phone, so I’m not real sure how I would get back to any of these things if I misplaced my phone. I can’t transfer the phone number attached to my phone to a new phone if I can’t get into the email, and I can’t get into the email if I can’t give them a code from the phone, which is why I wanted to use a Google Voice number for that stuff, but if I lose my phone I can’t get into the Google Voice.
It all just feels like a huge scam. Yesterday I tried to file a Small Claims Court case and it only gave me two court options so I chose the one closest to me. This morning they told me my filing was rejected because I chose the wrong jurisdiction, when I got someone on the phone they told me the right one should be there, and low and behold it was today.
But as I was going through refiling this morning all I could think about was this is how they lock us out of this stuff. You can only e-file small claims cases, and if I don’t have the option to choose the correct court when I e-file I can’t file. And when it gets to the point that no one is there to answer the phone to help us there will be no help to be had.
And at this point I think I have drifted far off topic and I apologize, but it’s possible I have circled right back around to the topic at hand because this is all the same problem at its core.
this toot is a bit misleading imo.
Saying it like like you did sounds like CloudFlare keeps a database of passwords people use on websites in order to compare them. However cloudflare only compares them to previously leaked passwords (through haveibeenpwned and other sources). This could theoretically be done without cloudflare ever having the password. I don't know how they do it though.
It doesn't change the fact that CloudFlare is an actual MitM and therefore a huge security risk.
In addition, remember that Cloudflare offers DNS resolvers at the 1.1.1.1 IPv4 anycast address.
Being in the position of the a users DNS resolver opens up all kinds of possibilities for manipulation of the returned resource records. (It's been a many years since I played with DNSSEC, so I am not sure whether DNSSEC could provide protection.)
Let me put further important words in uppercase:
One more reason why it's a REALLY GOOD IDEA to REALLY #UNPLUGTRUMP ASAP!
@0xF21D wrote:
So, Cloudflare analyzed passwords people are using to log in to sites they protect and discovered lots of re-use.
Let me put the important words in uppercase.
So, CLOUDFLARE ANALYZED PASSWORDS PEOPLE ARE USING to LOG IN to sites THEY PROTECT and DISCOVERED lots of re-use.
blog.cloudflare.com/password-r…
Password reuse is rampant: nearly half of observed user logins are compromised
Nearly half of observed login attempts across websites protected by Cloudflare involved leaked credentials. The pervasive issue of password reuse is enabling automated bot attacks and account takeovers on a massive scale.The Cloudflare Blog
Cloudflare + MITM = Bullshit
Still any questions? Don't usw this shit!
What software is that guy using? It looks like people are repyling from mastodon. Is this a write.as? I didn't think it had that feature actually.
Anyway, this is nuts, and one person there saying he's fine with it because it's free: said the same thing when I joined gmail what, two decades ago? Really regret that now. We should care more about privacy. _I_ didn't sign up for this.
I'm American though. Used to it.
Leaked credentials detection · Cloudflare Web Application Firewall (WAF) docs
The leaked credentials traffic detection scans incoming requests for credentials (usernames and passwords) previously leaked from data breaches.Cloudflare Docs
So if you give your private key and certificate to a third party to MITM you, or you let them request their own certificate, they can MITM you?!
Who saw that coming?!
Microsoft will cause millions of computers dying this year, still people are fan of M$.
I'll give it a week and then nobody cares about Cloudflare either.
@schnur Wow. We knew this was possible and huge reason for all the anti cloudflare stance.
I recall a hearing w/gov said "you realize the access you have is very important".
Might have to cover this. Thanks for sharing.
@RTP @schnur This is why I call it "clownflare" .. That US company owns over 80% of the CDN market share, which makes it the world's largest >MITM< reverse proxy
Source: w3techs.com/technologies/histo…
You would think that developers would know better to configure their own infrastructure, but nah.. they choose convenience, i guess it's a human nature..
Market share trends for reverse proxy services, March 2025
Changes in the market share of reverse proxy servicesw3techs.com
Admittedly I used to run the Mastodon instance sending this message through Cloudflare, but then I one day thought that they have far too much internet traffic about everyone already and switched to bunny.net to reduce that ever so slightly.
All this has done is convince me that I was right to do that.
It still isn't perfect because how I configured it basically means bunny.net effectively MitM nearly everything instead, but I would rather give a company in Slovenia my data than a US company which has something approaching some sort of weird monopoly at this point.
You can analyze whether hashed passwords are the same without looking at the original passwords.This is how password hashing works.
dashlane.com/blog/what-is-pass…
What Is Password Hashing? - Dashlane
What is password hashing? Discover how it works, the algorithms it uses, and why it's crucial for data security.Dashlane
no passwords in plain text and with first 5-digit oh Hash☝️
troyhunt.com/understanding-hav…
Understanding Have I Been Pwned's Use of SHA-1 and k-Anonymity
Four and a half years ago now, I rolled out version 2 of HIBP's Pwned Passwords [https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/] that implemented a really cool k-anonymity model courtesy of the brains at Cloudflare.Troy Hunt
Any more reason to switch to FIDO2 with hardware tokens or #Passkeys.
The latter only if you trust the service providers and if you don't need protection against phishing. With Passkeys and their optional delegation feature you can be tricked into transferring to a hacker. 😞
With a #FIDO2 hardware token, you're really safe.
and back in 2017, cloudflare leaked passwords :D
pbs.org/newshour/science/cloud…
Cloudflare data leak potentially exposed trove of passwords, personal information for months
Cloudflare, an internet services company that manages 10 percent of all web traffic, has been leaking assorted bits of customer information since a bug appeared in their code in September 2016.PBS News
#ClownFlare is a #RogueISP and their #MITM-based approach eould've always allowed that.
- Why is ANYONE here surprised of that?
#CloudFlare is a #RogueISP known to offer Services in #Russia and to #CyberCriminals...#ClownFlare is also a #ValueRemoving #rentseeker who's core product / service is essentially a #Racketeering Scheme and should not exist as any competent hoster offers #DDoS protection free of charge...
This is going around a lot, and isn't nearly as sinister as the Mastodon megabrain is assuming.
Cloudflare analyzed (via the system that it already has to check for bad passwords and signal the service they're connected to that a password should be changed because that's a service they provide that their users can opt-in to) passwords people are using to log in (via zero-knowledge proofs sent to Have I Been Pwned, a feature HIBP has that Cloudflare helped them build) to sites they protect and discovered lots of re-use.
In no piece of that story do the ideas "Cloudflare is storing your passwords" or "anyone at Cloudflare knows your password" enter into it. But it's easy to see how people arrive at that conclusion (becuase, well... Nobody knows how passwords work!).
If Cloudflare's guilty of anything, it's that they wrote a blogpost about this targeted at people of the level of tech-sophistication where they re-use passwords (i.e., they don't even know what a "hash" is) to tell them to stop doing that... And they didn't, in the same post, guard against the possibility that readers would assume they did the analysis in a way so stupid no professional security company would ever do that.
How is that even possible unless they store the passwords unsalted?
Oh no.
Ohhhhhh no.
So wait they stole everyone's passwords and saved them in plaintext?!
OK, cloudflare scanned credentials und geht damit offen um. Das ist zwar nicht schön, vermutlich machen das aber viele Anbieter, um sich / ihre Systeme und auch ihre Kunden zu schützen. Und sie vergleichen "nur" die gespeicherten Passwordhashes mit den übertragenen Credentials.
Die Erlaubnis dafür holen sie sich im Kleingedruckten des kostenlosen "free plan"
"Our data analysis focuses on traffic from Internet properties on Cloudflare’s free plan, which includes leaked credentials detection as a built-in feature. Leaked credentials refer to usernames and passwords exposed in known data breaches or credential dumps ..."
blog.cloudflare.com/password-r…
Password reuse is rampant: nearly half of observed user logins are compromised
Nearly half of observed login attempts across websites protected by Cloudflare involved leaked credentials. The pervasive issue of password reuse is enabling automated bot attacks and account takeovers on a massive scale.The Cloudflare Blog
blog.cloudflare.com/password-r…
Im dort verlinkten DEV post steht:
"Note
Cloudflare does not store, log, or retain plaintext end-user passwords when performing leaked credential checks. Passwords are hashed, converted into a cryptographic representation, and then compared against a database of leaked credentials."
developers.cloudflare.com/waf/…
Nicht schön, aber formal korrekt.
Password reuse is rampant: nearly half of observed user logins are compromised
Nearly half of observed login attempts across websites protected by Cloudflare involved leaked credentials. The pervasive issue of password reuse is enabling automated bot attacks and account takeovers on a massive scale.The Cloudflare Blog
Apparently DOD went through the web pages for Medal of Honor recipients and marked those of non-white dudes as "DEI", which also broke links.
The shameless racism is nakedly on display.
Darth Tiktaalik likes this.
reshared this
Coach Pāṇini ®, Mark Newton, stux⚡, Florian Schmidt, DoomsdaysCW and Darth Tiktaalik reshared this.
Although the DoD won't share it, Gen Rogers' Wikipedia page has his Medal of Honor citation. He charged through multiple waves of incoming artillery fire to lead his men to repel an attack, and was seriously wounded TWICE in the process.
"DEI" should not be not a smear, but in this case, DEI my ass.
reshared this
Mark Newton, Coach Pāṇini ®, Florian Schmidt and Ricki Bowie Knives Tarr reshared this.
This racial discrimination also includes 21 MoH recipients from the #442nd RCT (Regimental Combat Team, Go for Broke) during WWII. The 442nd had most MoH recipients for a unit of just 4000 men.
Sam Sethi said, on bsky:
> If the racists [sic] US Govt really want to dishonour their black or female veterans, odd they have not replaced the 404 image
Grabbed image while I could; great JPEG with full details!
Caption: U.S. Marine Corps Cpl. Ava Alegria, a combat photographer [...] , and Sgt. Kevin Cherry, a drill instructor with Lima Company, 3rd Recruit Training Battalion [...] Parris Island, S.C., Dec. 19, 2024. (U.S. Marine Corps Photo by Lance Cpl. Ayden Cassano)
@danmcd When I take the "dei" out of the URL I get what looks like a redirect response to the URL with the "dei" added back in and THEN I get a 404.
To test that it's not just my fancy browser doing it, I tried with links and got the same behavior.
@jef @danmcd Because it would mean that the people who actually have to upkeep this are taking steps to make it reversible at least. The website could actually be completely intact, this could be done in a reverse proxy.
Being unable to stop it from happening, this would be the next best thing. As soon as whoever needs to get their head out their ass to stop this does, they could put it back.
Also present at this link, but it is not a .gov site.
cmohs.org/recipients/charles-c…
Charles Calvin Rogers | Vietnam War | U.S. Army | Medal of Honor Recipient
U.S. Army Lieutenant Colonel Charles Calvin Rogers was presented the Medal of Honor for military valor during the Vietnam War.Congressional Medal of Honor Society
Darth Tiktaalik likes this.
For the billionaires funding the end of American democracy, bigots are the perennially reliable voting bloc for fascists & Russian psyops.
The coded language of bigotry.
The CRT furor was funded by Koch, Putin, Sharon Virts, Dunn, Wilks, Ackman & Paul Singer.
The DEI and trans furor has the same funding.
thenation.com/article/politics…
jacobin.com/2022/09/wall-stree…
cnbc.com/2021/11/10/critical-r…
washingtonpost.com/technology/…
thedailybeast.com/right-wing-a…
Warmongers too:
desmog.com/2025/03/14/heritage…
Heritage Foundation and Allies Discuss Dismantling the EU - DeSmog
The group that drafted a key blueprint for Donald Trump’s second term convened a meeting in Washington D.C. this week to consider proposals for bulldozing the European Union (EU).Sam Bright (DeSmog)
The US government is at war with its own citizens.
It wasn't just about removing undocumented migrants, it was also about changing the status of existing American citizens.
It's shocking, but it's also a logical consequence of believing some people deserve to survive, thrive, and be happy, more than others.
Sexism, racism, homophobia, transphobia, religion, capitalism, supremacy, monarchy, patriotism, nationalism, fascism... it's a continuum.
web.archive.org/web/2025030516…
Medal of Honor Monday: Army Maj. Gen. Charles Calvin Rogers
Army Maj. Gen. Charles Calvin Rogers worked for gender and race equality while in the service. But he's perhaps most well-known for his leadership during an intense battle in Vietnam, which earned himU.S. Department of Defense
I'd respect them just slightly more if they said what they mean
So many "free thinkers" love their code words to play lawyer
The once great USA looks like a tag-nut on the arse hairs of humanity these days.
Coming from less-than-great-Britain that seems like a terrible thing to say, and I apologise to my American friends who maybe don't see what's happening, for being so blunt.
The world is laughing at the American clown show (except those who are afraid, I guess).
Let's hope USA vomits its poison soon, and starts to recover...
Race breakdown of the US Army.
Would you join up if you’re non-white?
statista.com/statistics/214869…
Distribution of race and ethnicity among the U.S. military 2019 | Statista
In the fiscal year of 2019, 21.39 percent of active-duty enlisted women were of Hispanic origin.Statista
See if the DoD marked some white guys as DEI too: that could happen if they used software to detect a face and a white guy's face was dark enough due to poor lighting to trick the software into classifying him/her as non-white.
It wouldn't surprise me if they didn't think anything through: their 1st priority is to generate those 5 sentences for Musk describing each thing they accomplished in a week.
Don’t tell them about Edward Carter Jr. but everyone should read about this American hero before their intern gets around to removing it too
Darth Tiktaalik likes this.
check out this hero’s story too: Army Pfc. William Henry Thompson
Darth Tiktaalik likes this.
Darth Tiktaalik likes this.
Darth Tiktaalik reshared this.
"Joining me today on the pod is someone I'm hoping to reach across the aisle to. Ladies and gentlemen, welcome Joseph Goebbels!"
Darth Tiktaalik reshared this.
stux⚡
in reply to Andrea Junker • • •Only in the US of BS-A..
At this point the world kinda thinks laws in the US are made against the people instead of for
Samhain Night
in reply to stux⚡ • • •H4Heights 🇪🇺🇵🇸🇺🇦🇨🇦
in reply to Andrea Junker • • •