this post was submitted on 24 Aug 2024
392 points (97.1% liked)

Asklemmy

43826 readers
867 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy ๐Ÿ”

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_[email protected]~

founded 5 years ago
MODERATORS
 

The simplicity of it is logic defying. It used to be that you had to find crosswalks or move puzzle pieces or type blurred letters and numbers, but NOW all the sudden I can just click a box and HEY!, I'm human?

That's hardly the Turing Test I'd expected.

you are viewing a single comment's thread
view the rest of the comments
[โ€“] [email protected] 25 points 2 months ago (4 children)

Cloudflare knows almost everything done from your IP address because they're used by the majority of websites. And some websites are using a cloudflare signed TLS certificate so if cloudflare wants, can see the content of the communication instead of an encrypted package

So they know if you have a human behavior (visiting many different websites at human speed and having rests during sleeping time) or if you have a bot behavior (sending millions of requests to the same endpoint at superhuman speeds)

[โ€“] [email protected] 4 points 2 months ago (1 children)

I'd argue that the certificate authority does not have the ability to decrypt your communication because of the nature of private and public key mechanism during the whole TLS certificate procedure. You do not send your web servers private key to cloudflare when requesting a certificate.

That would actually be pretty wild...

Other then that you're probably right.

[โ€“] [email protected] 2 points 2 months ago (1 children)

There's a default setting that allows unencrypted communication between the server and cloudflare. So they receive unencrypted data, sign with their certificate. Or send with self signed certificate, they decrypt and reencrypt. Or for some reason can download and import on the server their own internal use certificate.

[โ€“] [email protected] 2 points 2 months ago

You're right, forgot that you can just not encrypt on your servers end and use cloudflare to do that for you, especially when used as CDN

load more comments (2 replies)