this post was submitted on 21 Jan 2025
124 points (98.4% liked)

Technology

60725 readers
3783 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 2 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
124
Cloudflare Issue Can Leak Chat App Users' Broad Location (www.404media.co)
submitted 1 day ago* (last edited 1 day ago) by [email protected] to c/[email protected]
35 comments fedilink hide all child comments
 

cross-posted from: https://lemmy.ca/post/37638868 [email protected]

This affects Signal too

An issue with Cloudflare allows an attacker to find which Cloudflare data center a messaging app used to cache an image, meaning an attacker can obtain the approximate location of Signal, Discord, Twitter/X, and likely other chat app users. In some cases an attacker only needs to send an image across the app, with the target not clicking it, to obtain their location.

https://gist.github.com/hackermondev/45a3cdfa52246f1d1201c1e8cdef6117?ref=404media.co

Signal, an open-source encrypted messaging service, is widely used by journalists and activists for its privacy features. Internally, the app utilizes two CDNs for serving content: cdn.signal.org (powered by CloudFront) for profile avatars and cdn2.signal.org (powered by Cloudflare) for message attachments.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 7 points 1 day ago (2 children)

I don't want to be a contrairian, but your cellphone carrier does this non stop. Cloudflare is not a good company, but this is the least of your problems.

[–] [email protected] 4 points 22 hours ago

You have entirely misunderstood this exploit.

[–] [email protected] 2 points 23 hours ago (1 children)

How so? Asking out of curiosity.

[–] [email protected] 6 points 21 hours ago (2 children)

I'm not trying to wear a tinfoil hat, but Snowden clearly revealed that the government is easily able to purchase cellphone location data based on GPS and tower data more easily than they can go through the FISA courts.

[–] [email protected] 2 points 17 hours ago* (last edited 17 hours ago)

Ah, thought you meant though metadata. Like a end user snooping through some obscure meta data method (even after cleaning) let's you triangulate something.

[–] [email protected] 3 points 21 hours ago

Your cellphone provider very likely already sells this data.

I know mine does, because I attended a webinar of a buying company where they explicitly mentioned this.