8.9 KiB
What you can do to resist Cloudflare?
Website consumer
- If the website you like is using Cloudflare, tell them not to use Cloudflare. Example below.
You are just helping corporate censorship and mass surveillance.
https://trac.torproject.org/projects/tor/ticket/24351
Your web page is in the privacy-abusing private walled-garden of CloudFlare.
See https://github.com/privacytoolsIO/privacytools.io/issues/374#issuecomment-460077544
I've read your privacy policy and I cannot find the word "Cloudflare".
I refuse to share data with you if you continue to feed my data to Cloudflare.
See https://notabug.org/themusicgod1/cloudflare-tor/README.md
-
Try not to use their service. Remember you are being watched by Cloudflare.
-
Search for other website. There are many alternatives and opportunites on the internet!
-
If your browser is Firefox, use one of these add-ons.
Name | Can Block | Can Notify |
---|---|---|
Block Cloudflare MITM Attack | Yes | Yes |
Block Cloudflare MITM Attack | Yes | Yes |
Are links vulnerable to MITM? | No | Yes |
Third-party Request Blocker (AMO) | Yes | Yes |
Third-party Request Blocker | Yes | Yes |
Detect Cloudflare | No | Yes |
- Convince your friends to use Tor Browser on the daily basis. Anonymity should be the standard of the open internet!
Website owner / Web developer
-
Do not use Cloudflare solution. You are loser if you fall to that easy solution. You can do better than that, right?
-
Install Web Application Firewall (such as OWASP) and Fail2Ban on your server and configure it properly.
-
Set up Tor Onion Service or I2P insite if you believe in freedom and welcome anonymous users.
-
Ask for advice from other Clearnet/Tor dual website operators and make anonymous friends! :)
Software user
-
If you use Debian GNU/Linux, or any derivative, subscribe to bug #831835. And if you can, help verify the patch, and help the maintainer come to the right conclusion on whether it should be accepted.
-
Always recommend Tor Browser for desktop and Tor Browser for Android
, Orfoxfor smartphone. Other software's privacy is imperfect. This doesn't mean Tor browser is "perfect". There is no 100% secure nor 100% private on the internet and technology. -
Don't want to use "Tor"? You can use Tor Browser without Tor, and this is the best option for you.
How?
- Download Tor Browser and launch it.
- Open Add-ons Manager (about:addons) and disable EVERYTHING but "Torbutton". Do NOT remove them.
- Open about:config and search "extensions.torbutton.use_nontor_proxy". Set it to "false".
- Go to Options, scroll down to "Network Proxy". Click "Settings" and select "No proxy".
- Close Tor Browser.
Other guide is here.
Let's talk about other software's privacy...
-
If you really need to use Firefox, pick "Firefox ESR". ESR is developed for company and organizations, thus some spyware code is disabled by default. Portable version is here.
-
Remember, Mozilla is using Cloudflare service. They're also using Cloudflare's DNS service on their product D'oh!
-
Mozilla officially rejected this ticket.
-
PaleMoon developer loves Cloudflare.
-
Chrome is a spyware.
-
Brave Browser whitelist Facebook/Twitter trackers.
-
Microsoft Edge lets Facebook run Flash code behind users' backs.
"Mozilla Firefox" user
-
Don't use Firefox Nightly. It will send debug-level information to Mozilla servers without opt-out method. Mozilla servers are behing Cloudflare.
-
It is possible to prohibit Firefox to connect to Mozilla servers. Create a file "/distribution/policies.json". Mozilla's policy-templates guide. Keep in mind this trick might stop working in later version because Mozilla likes to whitelist themselves. Use firewall and DNS filter to block them completely.
"WebsiteFilter": { "Block": [ "*://*.mozilla.com/*", "*://*.mozilla.net/*", "*://*.mozilla.org/*", "*://*.firefox.com/*", "*://*.thunderbird.net/*", "*://*.cloudflare.com/*" ] },
-
Report a bug on mozilla's tracker, telling them not to use Cloudflare/TRR.There was a bug report on bugzilla. Many people were posted their concern, however the bug was hidden by the admin last year. -
To disable DOH, enter about:config?filter=network.trr in the address bar then set "network.trr.mode" to 5 to completely disable it. The value "5" means "Off by choice". (If you really need to use non-ISP DNS, consider using OpenNIC Tier2 DNS service.)
-
Tell us if you see this functionality start to creep up beyond Firefox Nightly into more stable versions of Firefox.
Action
-
Tell others around you about the dangers of Cloudflare. But don't talk with NSA employee; you'll be definitely marked... just kidding!
-
Help improve this repository, both the lists, the arguments against it and the details.
-
Document and make very public where things go wrong with Cloudflare (and similar companies), making sure to mention this repository when you do so
-
Get more people using Tor by default so they can experience the web from the perspective of different parts of the world.
-
Start groups, in social media and meatspace, dedicated to liberating the world from Cloudflare.
-
Where appropriate, link to these groups on this repository - this can be a place for coordinating working together as groups.
-
Start a coop that can provide a meaningful non corporate alternative to Cloudflare.
-
Let us know of any alternatives to help at least provide multiple layered defence against Cloudflare.
-
Try using globalist to maintain this list.
-
If you are in the United States of America and the website in question is a bank or an accountant, try to bring legal pressure under the Gramm–Leach–Bliley Act, or the Americans with DIsabilities Act and report back to us how far you get.
-
If the website is a government site, try to bring legal pressure under the 1st Amendment of the US Constitution.
-
If you are EU citizen, contact the website to send your personal information under the General Data Protection Regulation. If they refuse to give you your information, that's a violation of the law.
-
For companies that claim to offer service on their website try reporting them as "false advertising" to consumer protection organizations and BBB. Cloudflare websites are served by Cloudflare servers.
-
the ITU suggest in the US context that Cloudflare is starting to get big enough that antitrust law might be brought down upon them.