Bitcoin Forum

Today I was looking for one Bitcointalk thread on Google. I visited one link that I got in search results and got this notification:
https://talkimg.com/images/2023/09/10/m0CP3.jpeg
It says "Bitcointalk.org would like to use your current location".
At first I thought it's phishing website, but no, it's original Bitcointalk. I have never faced it on Bitcointalk before. Does it come from Cloudflare? Because I don't know why theymos would want to know our location.

Cannot be the proper bitcointalk.
theymos wouldn't need that.
possible puny codes? https://bitcointalk.org/index.php?topic=5184169.0

Nope, it's proper Bitcointalk, because I was signed in to my Bitcointalk when I visited this link. If it would be fake website, I would have to enter my login data to sign in.

Is your phone rooted?
Or are you using any browser extension?

Nope, it's not rooted and I don't have any extensions on my browser

I've never heard of that before. I can see in the access logs that you were talking to bitcointalk.org, though.

My first thought is some sort of browser glitch or extension.

My second thought is that it's Cloudflare. Normally Cloudflare doesn't do anything like that, but it reminds me of a case several months ago where they introduced some new feature which worked by injected Javascript into the page for mobile users only, and I had to go turn that off once I learned of it. (I forget exactly what the feature did.) At a guess, maybe they added this as a way to improve the accuracy of their IPCountry header: since bitcointalk.org doesn't use that, I just now turned that off.

If you visit the same page in a private tab, does it request your location still? (This isn't a sure-fire way to test it, but if it's a problem on my end which I didn't fix, this might trigger it.) Does anyone else see it?

If it's some change in Cloudflare, you'd see it on a lot of sites, since CF is very widely used.

On private tab I didn't got that request. But now when visited this link in regular way, I didn't got this request too. As I said, so far I only got this notification only once.

You'd think that Cloudflare would have the decency to turn newly implemented features off to prevent these sorts of issues. Especially when most websites don't need this sort of in depth location detection.  Despite Cloudflare probably being the  best option its things like these which put me off of using them.

It's not gonna ask again if you blocked (or allowed) it. Assuming it's Chrome, go to (Lithuanian equivalents of) Settings, Site Settings, Location, find Bitcointalk under Blocked or Allowed, remove it, and try again.

This is the link, op tried to visit: https://bitcointalk.org/index.php?topic=319540.1280

I didn't get any prompt, tried multiple browsers as well. Seems like a browser glitch to me.

Could it be an invasive app that recognizes the word bitcoin and is collecting info for potential malware/information gathering? I hardly have anything on my phone app wise because the permissions get out of hand real fast.

The feds are onto you.

I wish we (the forum) had an alternative to Cloudflare :-(

Imagine Cloudflare has all the logs of the IP address that you have ever used to browse your BitcoinTalk account. I do not question that they do not have it yet.

I never got this "Bitcointalk.org would like to use your current location" on my Computer or on my mobile phone.
First time i hear and see about that notification .

We might need more than one incident to confirm that this is really happening because of cloudflare because right now we just need this to be treated as a individual problem which is only related to his phone or the app he is using. @OP haven't you experience the pop up on other websites which doesn't usually ask for your location? If it is maybe it is really related to your browser app or you might have other third party apps doing that for you in disguised of a website asking your location.

There's other solutions out there, but Cloudflare definitely has the monopoly within the industry. They're unfortunately the best service around in terms of uptime, speed, and features. However, there's definitely been questions about what they do with the data, and who's seeing the data. I've used Cloudflare, and haven't had too many complaints about them. Possibly if there was a decent competitor I'd give them a look though. I think I remember theymos being somewhat reluctant to using them also.

If you're worried about snooping use a proxy or tor.

Yes he did and it was understandable.
We talk about decentralization but I still see we have few decades to go to enjoy the full decentralized (hope we do)

Yeah that's what I do since I have learnt that we were under Cloudflare's service.

@LTU_btc were you on your usual connection to bitcointalk?

The local cable provider where I am is injecting javascript ads to http (not https) pages.

https://www.reddit.com/r/longisland/comments/a70owc/anyone_getting_ads_injected_into_their_web/

I know other providers do it also.

However, I have noticed at very rare times it does try to inject it into https pages if it sees any http traffic at all. The result is very odd behavior on the page until a refresh. Then it's all good again.

-Dave

You can't visit this forum via http (301 Permanently moved).
Additionally HSTS is set, which means that your browser will automatically connect via https next time. So if you don't clear the cache of your browser, you don't even try to connect via http at all.




That's itself not possible without your browser trusting a CA from your ISP.
They would effectively be the man-in-the-middle in such a case.

Unfortunately this site does not have the HPKP header set, which would say that your browser can only trust the certificate if it is being handed out by CA X (certificate pinning). This would prevent any MITM attacks, even if a trusted CA signs a new certificate for this site in order to perform a MITM.

A few months back I got a strange notification/ad in my desktop browser, and I save ss, but forget to post about it. I browse the forum as a guest, so maybe it is some of the fake bitcointalk sites. Is this type of ad ever been available in the forum?

https://i.imgur.com/mFeaHZ8.jpg

You were on bitcointalk.to (it has these ads). But it looks like it is down now?

BitcoinTalk doesn't have this kind of ads (only the small banner between some posts).

I always use the link for bitcointalk saved in my bookmarks years ago, this is the only way that I use for login on this site. Too bad I did not save address bar to be sure, but as you say it is probably that fake .to site which is down for some time, and the domain is for sale, only $4,930. It might not be bad move for a forum to buy it?

https://uniregistry.com/market/domain/bitcointalk.to

No, I didn't blocked it, neither allowed it. I just closed browser tab after I saw that.

I haven't noticed anything similar on other websites recently. It might be app, but I don't have any apps on my phone which looks suspicious.
Yeah, it was usual connection.
LOL, Big Brother is watching.

Unless you have a good reason to allow your browser to access your location, then you should remove its permission to do so. Your browser does not need access to your location, microphone, camera, contacts, and so forth, unless you are using a specific site which requires these for whatever reason. I would advocate this for all apps and all permissions. All the most common apps ask for crazy permissions which they don't need. Amazon wants your access to your location, microphone and camera, phone status, photos and media, bluetooth access, and more. Facebook wants all that plus your calendar, your device history, your other running apps, your text messages, and more. There is absolutely no need for these apps to have these permissions, and they will work just find without them; they just want to track you. Go in to your phone's settings and start revoking all these nonsense permissions.

The definitely do, but so does the forum, your ISP, probably your government, and so forth. If you don't want your IP address being widely broadcast, then you should be using a VPN or Tor.

Wait.. so are you telling me that my flashlight app doesn't actually need location-, calendar-, network-, microphone-, contacts- , call-, sms- and storage permission to turn on the light?

But hell.. its just a click anyway.

/s

Looking at the Cloudflare blog, in the past few days 2 new features have been added to their "website protection suite" or however you want to define the collection of services they provide (they released some other stuff, but from what I've gathered it isn't related to their core product) - Browser Insights (https://blog.cloudflare.com/introducing-browser-insights/) and Bot Fight Mode (https://blog.cloudflare.com/cleaning-up-bad-bots/). While neither of those should be enabled by default (at least according to both blog posts), maybe it's automatically enabled for a certain groups of customers? If that's the case, either (or both) of these features might be injecting JS into the page (the announcement of the Browser Insights feature even shows a dashboard screen of insights per geographic region).

Do note that I'm speculating but it's either that, you accidentally visiting a phishing website, your PC being infected with malware / adware or Bitcointalk getting compromised again. Hopefully it's the first one.

Doesn't cloudflare also allow to upload and use own certificates for encryption between the client and the cloudflare server to not be forced to use theirs?

If that's the case, why doesn't bitcointalk use that option ?




Wouldn't it be retarded by an attacker to waste such a strong position (in case of found vulnerabilities etc.) just for some JS which is highly noticeable by asking for location?
And why would only one user get this notification.

Correct me if i am wrong, but i think that this is not an indication for the system being compromised. Not at all.

It does but that's only useful if you don't want to use Cloudflare's SSL certificate for some other reason aside from encryption (e.g. you have one of those fancy SSL certificates with your company name). You uploading the certificate == you giving your SSL private keys to Cloudflare (if I'm not mistaken; I haven't used the service, just did some casual research in the past). For a fully-featured DDOS mitigation service to work, said service has to be able to look at the unencrypted request (both to check it against certain basic rules as well as to detect anomalies using various machine learning methods). The uploaded certificate merely changes the web request pipeline from:

(you)----encrypted connection <CF cert>--->(CF servers)---encrypted connection <your own cert>---->(Bitcointalk servers)

to:

(you)----encrypted connection <your uploaded cert>--->(CF servers)---encrypted connection <your own cert>---->(Bitcointalk servers)

I've bolded the parts where the data being transferred (which in this case is the request to Bitcointalk's servers) is unencrypted^[1].

In a perfect (not-so-far-from-our-current-situation) world, everyone would have a DDOS-mitigation-in-a-box type of open-source application (which would be widely used and supported) as well as enough money to afford the hardware required to run it. In reality, AFAIK there is no free and open-source DDOS-mitigation-in-a-box application that'd be able to stand up to all the attacks that Cloudflare mitigates right out the box (alongside with it being constantly supported and updated to address new threats). And if you tack on the massive server costs on top of that, you can start to understand how despite the compromise in privacy, Cloudflare (and similar DDoS mitigation services) provide an amazing value proposition (especially for services less concerned with user privacy). It's either sink a ton of money and / or work and hope for the best (Bitcointalk tried this one and it worked.... till it didn't; DDoS mitigation is very much a perpetual arms race that few can keep up with once they reach a certain size), get DDoSed to hell and back (hey, you get the privacy benefits... by not being able to transmit any sort of data to the website) or use one of these services.


I tend to follow the methodology of never ruling something (important) out until you're 99.9% sure that isn't the case - especially when a wrongful assumption can lead to catastrophic consequences. Hacking is (usually) messy and complicated. You usually don't just sit down and "hack something" - for highly secured systems it might take months of pushing and prodding till you figure out where and how the system is vulnerable. Some of that poking and prodding might leave traces. While I'm not saying that I'm fairly certain Bitcointalk was hacked again, I prefer to cover all my bases when talking about possible causes for an issue I have very little information about.

[1] - Do note that this is the most secure configuration as encrypting the <your own cert> part of the pipeline is optional for your browser to consider the connection as "secure". It sort of is (as in it's much more likely and dangerous letting randoms intercept your request (and response) data while you beam it over your coffee shop's WiFi) but if you don't or don't want to trust the people / companies managing the infrastructure between Cloudflare and your hosting company, the high-level configuration shown in the makeshift graph is what you should use (and what I assume Bitcointalk uses).

While it might be possible, i believe that it is highly unlikely that a malicious person would do such a huge blunder.
I never saw or heard of a person who injects JS asking for location permission when trying to exploit something.
Mostly it is either the classic popup or something which is not noticeable at all.
Why risk getting caught when you can inject JS which isn't visible at all without further inspection of the network traffic (which no normal visitor would do anyway).

IF (which is extremely unlikely IMO) this would be indeed an attack, the attacker would have been way too bumbling to be able to achieve what is required to be in this hypothetical position to inject JS.


Most likely this was just cloudflare messing around or malware on OP's mobile. Let's see if there will be additional cases reported regarding strange behavior / pop-ups / permission requests.

The problem with that is it encourages others to engage in the same behavior in order to receive a payoff.  Best to educate users what to look out for and expose the site for being untrustworthy.  LTU_btc should probably also update the OP to not say "Bitcointalk.org..." as that is not the case.

How can you be sure about that ?

For me it seems that he indeed was browsing bitcointalk.org.

Or what explanation do you have for this behavior:

And the screenshot clearly shows him logged in ("Report to moderator" etc), and:

I can't even be sure we aren't living in a simulation.  Maybe OP is some sort of secret spy agent and the NSA hacked bitcointalk.org and inserted amateur malware to try and track his user account.

However, I think it is far more likely that the user was experiencing a bug or a dozen other possible explanations.  I'm not saying it shouldn't be investigated by the powers that be if they have the available time, only that the google result of "bitcointalk.org would like to use your current location" is probably not the most accurate one.  If the issue couldn't be reproduced and nobody else experienced it, then I think a less diabolical explanation is the likely one.  I'm no cybersecurity expert though, so feel free to take my opinion on the subject for the two satoshis it's worth.

Whatever you smoke.. i want it too.  ;D




Does it even matter?   :)



Decide wisely..

https://i.imgflip.com/31h4z0.jpg

Every convenience comes with it's own problems. Pretty sure, cloudflare uses data they get from users to increase our 'convenience'. Just like Google does.