Conversation

I know several people working as software engineers at Cloudflare. According to one of them, this incident (blog.cloudflare.com/the-mistake-th) was hardly a mistake. Cloudflare is including block lists sourced from far right evangelical groups as part of their 'family friendly' DNS service.

blog.cloudflare.com

The Mistake that Caused 1.1.1.3 to Block LGBTQIA+ Sites Today

Today we made a mistake. The mistake caused a number of LGBTQIA+ sites to inadvertently be blocked by the new 1.1.1.1 for Families service. I wanted to walk through what happened, why, and what we've...

873

2,404

Replying to

and

Getting all of my stuff out of 1 . 1 . 1 . 1 right now.

SΞbastien F4GRX @f4grx@mastodon.social

Replying to

and

Use quad9.net instead (9.9.9.9)

quad9.net

Quad9 | A public and free DNS service for a better security and privacy

A public and free DNS service for a better security and privacy

Replying to

and

We've had a bad experience with their malware blocking. It blocked several of the

@GrapheneOS

domains and we had to get them to fix it. The variant they offer without malware blocking also doesn't enforce DNSSEC and no mainstream OS has local support for enforcing DNSSEC yet.

Replying to

It was due to faulty data from one of the threat intelligence feeds they use to implement the blocking. They made exceptions for the domains that were wrongly blocked and continued using the faulty feed. I don't think there's enough transparency about how they're doing filtering.

8:36 PM · Sep 3, 2022Twitter Web App

Retweet

Likes