mirror of
https://codeberg.org/crimeflare/cloudflare-tor
synced 2024-12-24 00:20:41 +00:00
(make it readable on Anti-fingerprint browser screen - width 1000)
http://ea5faa5po25cf7fb.onion/projects/tor/ticket/14429#comment:46
This commit is contained in:
parent
8afa5f3c17
commit
0717caa78c
46
article.txt
46
article.txt
@ -31,34 +31,32 @@ The Javascript Trap[47]
|
||||
Understanding that Google is not to be trusted[45][46]
|
||||
"Trusted Third Parties are Security Holes" - Nick Szabo[44][48]
|
||||
|
||||
Cloudflare is a service for turing tests its users users, which means that
|
||||
it frustrates attempts by users of its users to develop software to interact
|
||||
with their websites[3]. This might seem strange at first - why would you need
|
||||
a program to access a web resource? But there's many things that work on the
|
||||
web like this, including RSS, podcasts, and antivirus definitions[57][58] which are completley broken by a
|
||||
CAPTCHA appearing mid stream[11]. "We humans don't make HTTP requests,
|
||||
our machines to do it for us." makes clear what is really being tested here -
|
||||
whether or not you have the *right* software stack in between you and
|
||||
Cloudflare is a service for turing tests its users users, which means that it frustrates attempts by users of its users
|
||||
to develop software to interact with their websites[3]. This might seem strange at first - why would you need a program
|
||||
to access a web resource? But there's many things that work on the web like this, including RSS, podcasts, and antivirus
|
||||
definitions[57][58] which are completley broken by a CAPTCHA appearing mid stream[11].
|
||||
"We humans don't make HTTP requests, our machines to do it for us."
|
||||
This makes clear what is really being tested here - whether or not you have the *right* software stack in between you and
|
||||
cloudflare.
|
||||
|
||||
This is not a hypothetical: Cloudflare is currently attempting to dictate
|
||||
which web browsers users of websites under cloudflare may use[60].
|
||||
This is not a hypothetical: Cloudflare is currently attempting to dictate which web browsers users of websites under cloudflare may use[60].
|
||||
|
||||
{{expand}}
|
||||
Your right to use Free Software in this stack is at risk, and could disappear
|
||||
at any moment.
|
||||
|
||||
It also is extracting free labour from website users[35], in effect tricking human beings to act like robots in order to defeat a test designed to test whether they are a robot, worse: this labour is going towards training a company that is a poor candidate for friendly AI[36]. Given unfriendly AI is an existential[43] risk[42], this should be among the highest priority things to avoid.
|
||||
Your right to use Free Software in this stack is at risk, and could disappear at any moment.
|
||||
|
||||
It also is extracting free labour from website users[35], in effect tricking human beings to act like robots in order to defeat
|
||||
a test designed to test whether they are a robot, worse: this labour is going towards training a company that is a poor
|
||||
candidate for friendly AI[36]. Given unfriendly AI is an existential[43] risk[42], this should be among the highest priority things to avoid.
|
||||
|
||||
This software stack includes human language: the CAPTCHAs are in english, making non-english speakers around the world at a disadvantage[13]. Attempts to fix this are bound by the fact that they also leak language information to cloudflare[21]
|
||||
|
||||
Furthermore they use Google ReCaptcha for their turing
|
||||
test/CAPTCHA, and Google is part of PRISM, so they expose PRISM data collection
|
||||
to users of their websites.
|
||||
Furthermore they use Google ReCaptcha for their turing test/CAPTCHA, and Google is part of PRISM, so they expose PRISM
|
||||
data collection to users of their websites.
|
||||
|
||||
Which on its own is bad, but also worth pointing out how the ReCAPTCHAs work: it isn't by whether or not you click on the right icon
|
||||
or not(though that, is a factor too), but also
|
||||
|
||||
Which on its own is bad, but also worth pointing out how the ReCAPTCHAs work:
|
||||
it isn't by whether or not you click on the right icon or not(though that, is
|
||||
a factor too), but also
|
||||
> mouse movement, its slightness and straightness
|
||||
> page scrolls
|
||||
> time intervals between browser events
|
||||
@ -70,19 +68,19 @@ a factor too), but also
|
||||
|
||||
This collection of data is likely illegal in regions like the EU where privacy is taken seriously[24]
|
||||
|
||||
It is frustrating even when it works, because you have to fill out 20 captchas
|
||||
on the off chance that you get through 1 time in 20. So this is 95% censorship
|
||||
5% wasting of users time[5].
|
||||
It is frustrating even when it works, because you have to fill out 20 captchas on the off chance that you get through 1 time in 20.
|
||||
So this is 95% censorship plus 5% wasting of users time[5].
|
||||
|
||||
More important, though is it starts to form a ratchet for web browser technology - the captchas are upgraded all the time, and if you use an older web browser you risk being left behind even if it works now.
|
||||
|
||||
|
||||
*How Cloudflare threatens You*
|
||||
|
||||
"When you fetch a page from a website that is served from CloudFlare, Javascript has been injected on-the-fly into that page by CloudFlare. and they also plant a cookie that brands your browser with a globally-unique ID. ID. This happens even if the website is using SSL and shows a cute little padlock in your browser" [10]
|
||||
"When you fetch a page from a website that is served from CloudFlare, Javascript has been injected on-the-fly into that page by CloudFlare. And they also plant a cookie that brands your browser with a globally-unique ID. ID. This happens even if the website is using SSL and shows a cute little padlock in your browser" [10]
|
||||
|
||||
- Cloudflare tracks you
|
||||
Even if your web browsing traffic is protected from onlookers, cloudflare itself because they are a MiTM[14][31] can see your traffic[6]. And if Cloudflare[53] has MITM'd you, then so has the NSA[33].
|
||||
Even if your web browsing traffic is protected from onlookers, cloudflare itself because they are a MiTM[14][31] can see your traffic[6].
|
||||
And if Cloudflare[53] has MITM'd you, then so has the NSA[33].
|
||||
"If a site uses Cloudflare, then the browser lock icon is a false promise."[14]
|
||||
"The short version, a rhetorical question: Would you trust a key escrow régime, in which an “authorized” entity was entrusted with the potential to decrypt all communications at will? If not, why would you trust a de facto mass decryption chokepoint at which many communications are actually decrypted?"[34]
|
||||
in other words
|
||||
|
Loading…
Reference in New Issue
Block a user