If we can all agree on the right to free speech, includijg the right to speech that you hate and condemn, these kinds of trash and misleading headlines need to wiped off the internet.

While this is definitely a great read and an interesting attack vector, I think the term „deanonymization“ is stretching it here.

As far as I can see, this attack would only let you determine which Cloudflare datacenter the target has been accessing. This would, in most cases, be one near the target, but it wouldn‘t get you a precise position or any personal information about the target. You‘d just get a pretty unreliable and very large radius of where your target might be.

Honestly for saying it deanonizes people is a bit of a fibracation. Yes theoretically a threat actor could figure out what clould flare DNS sever it is. But that really doesnt do much realistically. For example qouting the researcher “i live in new york and my closest data center is in new Jersey”. Realistically what can a hacker do with that, other than know you live somewhere near new Jersey. The threat actor would gain very little and the information they supposedly gained isnt verifiable. You live near NJ but to the threat actor they would assume you live in NJ. Which is a red hairing, and thats not even bring up VPN’s or TOR into the equations. Which 99% of journalist use all the time for amenity. So in conclusion the information they gain is about the same as saying “i may or may not be near this cloudflare server”

It’s kind of funny to me that Discord was (at least initially) more receptive to this than Signal was, it’s also strange that signal uses cloudflare at all when their whole thing is privacy.

Jesus, that’s good work.