Cloudflare Portugal DNS Resolver

jojawer590 · February 23, 2020, 3:38am

Hello,
What security measures that Cloudflare puts in place regarding the DNS resolvers located in Lisbon, Portugal?

Secret Services, “SIRP” , have direct acess to the metadata from the ISP’S in Portugal
More here - https://www.noticiasaominuto.com/pais/866480/secretaria-geral-do-sirp-evita-dizer-se-secretas-devem-fazer-escutas - in Portuguese. So they are snooping.

michael · February 23, 2020, 3:59am

I cannot answer your specific question, but the Transparency Report is a good place to start.

jojawer590 · February 23, 2020, 4:08am

If they have direct acess, land of the free in Portugal, they don’t need to follow that request.

michael · February 23, 2020, 4:31am

(I am not a lawyer, educated guesses below. Seek legal advice if you need it!)

Direct access to what?

No doubt governments can get access to the wires, and sniff as much traffic as they want. The migration of the web towards encrypted protocols makes such interception more and more difficult, perhaps even impractical.

It is not clear if any company could be compelled to grant a government access to execute unknown code on their servers, or to alter their code or configuration to facilitate interception. In some cases companies have been paid to do so, but that is a different matter.

Cloudflare claim that they do not log the IP addresses accessing 1.1.1.1. If they were compelled to log the data, they could be compelled to not tell anybody that it has happened (see National Security Letters in the USA). However, I am pretty sure that they could not be compelled to actively lie about the activity.

This last statement is best seen in the statement in their Transparency Report that says that Cloudflare:

has never installed any law enforcement software or equipment anywhere on their network;

That is a ‘canary’. If it ever becomes false, they delete it from the report. It is generally agreed that a court cannot force them to include such a statement in a publication with the company and court knowing it to be false. There are various such statements, and they all serve the same purpose. They periodically publish a series of statements, and if they stop publishing one everybody knows what has happened.

jojawer590 · February 23, 2020, 4:46am

Resuming, they have direct access to whatever they want, you could read easily searching for “secretas metadados” and translate to your language.
If the resolvers in Lisbon could be trusted, ■■■■ no.

OliverGrant · February 23, 2020, 12:50pm

@jojawer590,

If you feel so strongly that Cloudflare’s 1.1.1.1 service is compromised then you absolutely shouldn’t use it.

— OG