|
|
|
|
|
|
by jeroenhd
1061 days ago
|
|
|
I ran a Snowflake server at home for a while. I shut it off because it used too much CPU for my liking, but I haven't seen any kind of negative impact whatsoever. Domain fronting is not exactly a holy grail. Signal and Tor ran into issues when cloud providers blocked domain fronting (or rather, stopped supporting a feature that never was meant to work anyway) but I don't think that was intended to interrupt anything. "Load balancers are written to make sure they serve the correct certificates for their configured domains" isn't exactly a problematic feature on its own. Domain fronting is trivial, all you need is a call to openssl and an nginx server. It's also trivial to bust, all you need to do is actually validate the certificate. These certificates are either self signed or are part of a random CA chain that no real system would ever trust. It's not "a spy having their secret meetings inside an unsuspecting friend's house". It's someone putting a sign saying "white house, home of the American president, do not enter" in front of a random warehouse in Brazil. Software that falls for domain fronting either doesn't care about the certificates and their validity, or is buggy and should get patched. Some of that software will probably be security software, but if bad actors manage to trick your security software into trusting a few readable strings, domain fronting is probably the least of your worries. I can't imagine what kind of shitty security software would possibly fall for that. |
|
|