Comment by yupyupyups
Comment by yupyupyups a day ago
>Wonder what has replaced “Xkeyscore” given the wide adoption of TLS.
Cloudflare is a US-based company that does MITM attacks on all traffic of the websites that it protects. It's part of how their DDoS mitigation works.
Many people still use large US-based mail providers such as Outlook or Gmail.
Many large services use AWS, GCP or Azure. Perhaps there are ways for the NSA to access customers' virtual storage or MITM attack traffic between app backends and the load balancer where TLS is not used.
Load Balancing && WAF or CDN enablement usually suggests at least a decrypt step or two in the HTTP(s) chain. WAF for layer7 payload inspection, or the default wildcard cert'ing your Cloudflare site for instance.
There's also significant aggregation of traffic at handfuls of service providers amongst service categories, all generally HTTP(s) type services too ... Mail, CDN, Video, Voice, Chat, Social, etc. Each of these are still likely to employ Load Balancing & WAF.
Most WAF/Load Balancing providers have documentation about when/where to perform decrypt in your architecture.
How many Cloudflare sites are just using the Cloudflare wildcard cert?
From there, plenty of 3 letter agency space to start whiteboarding how they might continue to evolve their attack chain.