Comment by yupyupyups
Comment by yupyupyups 10 months ago
>Wonder what has replaced “Xkeyscore” given the wide adoption of TLS.
Cloudflare is a US-based company that does MITM attacks on all traffic of the websites that it protects. It's part of how their DDoS mitigation works.
Many people still use large US-based mail providers such as Outlook or Gmail.
Many large services use AWS, GCP or Azure. Perhaps there are ways for the NSA to access customers' virtual storage or MITM attack traffic between app backends and the load balancer where TLS is not used.
It is MITM, but is it an attack? Literally the website owner hires Cloudflare explicity to decrypt and filter the traffic. Attack implies that it's unwanted behavior, yet the reality seems to imply that its wanted behavior by the site owner at a minimum, although continued use of the site by visitors also suggests that they want that behavior (or they'd go elsewhere).