cloudflare-tor/what-to-do.md

##### What you can do to resist Cloudflare?



######  Website consumer

- If the website you like is using Cloudflare, tell them not to use Cloudflare.

> You are just helping corporate censorship and mass surveillance.
> https://trac.torproject.org/projects/tor/ticket/24351

- Try not to use their service. Remember you are being watched by Cloudflare.

- Search for other website. There are many alternatives and opportunites on the internet!

- If your browser is Firefox, use [Block Cloudflare MITM Attack](https://trac.torproject.org/projects/tor/attachment/ticket/24351/block_cloudflare_mitm_attack-1.0.14.1-an%2Bfx.xpi) add-on. Other alternatives are [Searxes' Third-party Request Blocker](https://addons.mozilla.org/en-US/firefox/addon/tprb/)(can block Cloudflare) and [Detect Cloudflare](https://addons.mozilla.org/en-US/firefox/addon/detect-cloudflare/)(notify only).

- Convince your friends to use [Tor Browser](https://www.torproject.org/) on the daily basis. Anonymity should be the standard of the open internet!



######  Website owner / Web developer

- Do not use Cloudflare solution. You are loser if you fall to that easy solution. You can do better than that, right?

- Install Web Application Firewall and Fail2Ban on _your_ server and configure it _properly_.

- Set up [Tor Onion Service](https://www.torproject.org/docs/onion-services.html.en) if you believe in freedom and welcome anonymous users.

- Ask for advice from other [Clearnet/Tor dual website operators](https://trac.torproject.org/projects/tor/wiki/org/projects/WeSupportTor) and make anonymous friends! :)



######  Software user

- If you use Debian GNU/Linux, or any derivative, subscribe to bug #831835 ( https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=831835 ). And if you can, help verify the patch, and help the maintainer come to the right conclusion on whether it should be accepted.

- Always recommend [Tor Browser](https://www.torproject.org/) for desktop and [Orfox](https://guardianproject.info/apps/orfox/) for smartphone. Other software's privacy is JUST A ILLUSION.


Let's talk about _other software's privacy_...


- If you really need to use Firefox, pick "[Firefox ESR](https://www.mozilla.org/en-US/firefox/organizations/)". ESR is developed for company and organizations, thus _some_ spyware code is disabled by default. Portable version is [here](https://portableapps.com/apps/internet/firefox-portable-esr).

- Remember, Mozilla is [using Cloudflare service](https://www.robtex.com/dns-lookup/www.mozilla.org). They're also using [Cloudflare's DNS service on their product](https://www.theregister.co.uk/2018/03/21/mozilla_testing_dns_encryption/) D'oh!

- Mozilla officially [rejected this ticket](https://bugzilla.mozilla.org/show_bug.cgi?id=1426618).

- PaleMoon developer [likes Cloudflare](https://github.com/mozilla-mobile/focus-android/issues/1743#issuecomment-345993097).

- Chrome is a [spyware](https://www.gnu.org/proprietary/malware-google.en.html).



######  Action

- Tell others around you about the dangers of Cloudflare.  

- Help improve this repository, both the lists, the arguments against it and the details.

- Document and make very public where things go wrong with Cloudflare (and similar companies), making sure to mention this repository when you do so

- Get more people using Tor by default so they can experience the web from the perspective of different parts of the world.

- Start groups, in social media and meatspace, dedicated to liberating the world from Cloudflare.

- Where appropriate, link to these groups on this repository - this can be a place for coordinating working together as groups.

- Start a coop that can provide a meaningful non corporate alternative to Cloudflare.

- Let us know of any alternatives to help at least provide multiple layered defence against Cloudflare.

- Try using [globalist](globalist.txt) to maintain this list.

- If you are in the **United States of America** and the website in question is a bank or an accountant, try to bring legal pressure under the Gramm–Leach–Bliley Act https://en.wikipedia.org/wiki/Gramm%E2%80%93Leach%E2%80%93Bliley_Act and report back to us how far you get.

- If the website is a government site, try to bring legal pressure under the 1st Amendment of the US Constitution.

- For companies that claim to offer service on their website try reporting them as "false advertising" to consumer protection organizations and BBB.