#swissid — Public Fediverse posts

It turns out that Swisspost¹ uses Akamai to "protect" its login system called SwissID² and they redirect to

hxxps://login.swissid.ch/idp/oauth2/authorize?scope=openid+email+phone+profile&response_type=code&redirect_uri=https%3A%2F%2Faccount.post.ch%2Fredirect%2Fid-confirmation&state=vX7TlNn7IhybofD70YM0_gLsWLzv2r3tSHFubjqvF6o&nonce=z_8pbla4cMqwQABW-Z1l5btJMHOSjZBjvMbnfIEpMII&client_id=klp-client&ui_locales=it &acr_values=loa-1&prompt=login

and this login.swissid.ch lives behind Akamai.

It so happens that the IP I use to connect is also a Tor _relay_ (not an exit node) and Akamai offers the possibility of blocking "all of Tor" (i.e. exits _and_ relays) as "bad people". Of course if you know anything about Tor you also know that relays are not exits and no traffic ever leaves a relay to "the Internet" but, "sekurity theatre" being what it is, they block it anyway.

Several years ago (2013 or so?) Apple used Akamai (they still do) and support.apple.com blocked Tor relays too but, on the :birdsite:, I contacted Akamai's CSO out of desperation (aka "csoandy") who very kindly looked into it and fixed it! :flan_awe:​ (I assume by educating Apple, or so I hope).

Well, unfortunately Andy has left Akamai and now I cannot have someone "give the talk" to the Swiss Post.

Oh, if you happen to use SwissSign PKI solutions you have the same demented problem.

:flan_set_fire:​

#SwissPost #SwissSign #SwissID #Tor #Akamai
__
¹ https://posta.ch/ (in Italian…)
² https://swissid.ch/