top | item 28584769

(no title)

jsn | 4 years ago

They don't have to be strictly unique per user. You can send out different sets of URLs to different cohorts of users, then correlate new URL blockings with client IDs to detect rogue app installations and excommunicate them. Telegram did that when Russia tried (unsuccessfully) block it.

discuss

maccard|4 years ago

Given this is an app for tacical voting over a 2 day period (which has now passed) all the adversary needs to do is block it for a couple of days. Dns blocking cloudflare for 2 days would pretty much stop this in it's tracks.

(You are right about not requiring completely unique urls per user by the way).

jsn|4 years ago

No, it (again) doesn't work like this at all. 1) DNS blocking of cloudflare is useless, you can receive IPs, or names in non-cloudflare zones, 2) IP blocking of the whole cloudflare will bring so much collateral damage (unrelated services going down) that it's a non-starter, politically speaking, 3) cloudflare is far from the only mass frontend / cdn available, there are hundreds high-collateral services out there.