A security researcher made a tool that let them quickly check which of Cloudflare's data centers had cached an image, which allowed them to figure out what city a Discord, Signal, or Twitter/X user might be in.

cross-posted from: https://lemmy.ca/post/37638868 !privacy@lemmy.dbzer0.com

This affects Signal too

An issue with Cloudflare allows an attacker to find which Cloudflare data center a messaging app used to cache an image, meaning an attacker can obtain the approximate location of Signal, Discord, Twitter/X, and likely other chat app users. In some cases an attacker only needs to send an image across the app, with the target not clicking it, to obtain their location.

https://gist.github.com/hackermondev/45a3cdfa52246f1d1201c1e8cdef6117?ref=404media.co

Signal, an open-source encrypted messaging service, is widely used by journalists and activists for its privacy features. Internally, the app utilizes two CDNs for serving content: cdn.signal.org (powered by CloudFront) for profile avatars and cdn2.signal.org (powered by Cloudflare) for message attachments.

  • melroy@kbin.melroy.org
    2·
    3 hours ago

    I also have no idea why is down voting me lol. But you are 100% right. Could you imagine in the year 2000 that everything needs to behind Cloudflare in 2025 in order to have a functional internet? This shit is indeed wild.

    • ganymede@lemmy.mlEnglish
      1·
      1 hour ago

      fuck me lemmy is turning into an absolute reddit-esque cesspool shithole.

      i do not understand why people are in here simping for cloudflare (presumably unpaid) do they have money in cloudflare? clearly they don’t have a fucking clue whats really going on in the world, but what makes them think they need to actively enforce (ie. downvote people) for pointing out issues with cloudflare??

      this is beyond weird.