deCloudflare/deCloudflare
deCloudflare
/
deCloudflare
mirror of https://git.sdf.org/deCloudflare/deCloudflare/
0
0
Fork 0
Code Issues Releases Activity

This commit is contained in:
Tyler Matzen 2021-04-16 05:16:50 +00:00
parent 98eb6cad54
commit 9323bd5fa2
1 changed files with 398 additions and 242 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

640
readme/en.action.md
View File

@ -1,315 +1,471 @@
# 👋 [_Non-English_ versions](../README.md)
<br><br><br><br><br>
# What you can do to resist Cloudflare?
| 🖼 | 🖼 | 🖼 |
| --- | --- | --- |
| ![](../image/matthew_prince_teen.jpg) | ![](../image/matthew_prince.jpg) | ![](../image/blockedbymatthewprince.jpg) |
---
[Matthew Browning Prince (Twitter @eastdakota)](https://twitter.com/eastdakota), born on November 13th 1974, is the CEO and co-founder of CloudFlare.
Thanks to his rich dad, [John B. Prince](http://web.archive.org/web/20081002173414/http://www.mufranchisee.com/article/453/), he attended the [University of Chicago Law School](https://en.wikipedia.org/wiki/University_of_Chicago_Law_School) ('00) and [Harvard Business School](https://en.wikipedia.org/wiki/Harvard_Business_School) ('09). Prince taught Internet law and was a specialist in anti-spam laws and phishing investigations.
# Ethical Issues
"*Id suggest this was armchair analysis by kids its hard to take seriously.*" [t](https://www.theguardian.com/technology/2015/nov/19/cloudflare-accused-by-anonymous-helping-isis)
![](../image/itsreallythatbad.jpg)
![](../image/telegram/c81238387627b4bfd3dcd60f56d41626.jpg)
"*That was simply unfounded paranoia, pretty big difference.*" [t](https://twitter.com/xxdesmus/status/992757936123359233)
"_Don't support this company which is void of ethics_"
"*We also work with Interpol and other non-US entities*" [t](https://twitter.com/eastdakota/status/1203028504184360960)
"_Your company isn't trustworthy. You claim to enforce DMCA but have many lawsuits for not doing so._"
"*Watching hacker skids on Github squabble about trying to bypass Cloudflare's new anti-bot systems continues to be my daily amusement.* 🍿" [t](https://twitter.com/eastdakota/status/1273277839102656515)
"_They only censor those who question their ethics._"
"_I guess the truth is inconvenient and better hidden from public view._" -- [phyzonloop](https://twitter.com/phyzonloop)
![](../image/whoismp.jpg)
---
<details>
<summary>_click me_
<summary>click me
## CloudFlare spams people
## Website consumer
</summary>
Cloudflare is sending spam emails to non-Cloudflare users.
- If the website you like is using Cloudflare, tell them not to use Cloudflare.
- Whining on social media such as Facebook, Reddit, Twitter or Mastodon makes no difference. [Actions are louder than hashtags.](https://twitter.com/phyzonloop/status/1274132092490862594)
- Try to contact to the website owner if you want to make yourself useful.
- Only send emails to subscribers whove opted in
- When the user say "stop", then stop sending email
[Cloudflare said](https://github.com/Eloston/ungoogled-chromium/issues/783):
```
We recommend that you reach out to the administrators for the specific services or sites that you run into issue with and share your experience.
```
It's that simple. But Cloudflare doesn't care.
Cloudflare said using their service [can stop all spammers or attackers](https://support.cloudflare.com/hc/en-us/articles/200170066-Will-activating-Cloudflare-stop-all-spammers-or-attackers-).
How can we stop _Cloudflare spammers_ without activating Cloudflare?
[If you don't ask for it, website owner never know this problem.](../PEOPLE.md)
![](../image/liberapay.jpg)
[Successful example](https://counterpartytalk.org/t/turn-off-cloudflare-on-counterparty-co-plz/164/5).<br>
You have a problem? [Raise your voice now.](https://github.com/maraoz/maraoz.github.io/issues/1) Example below.
```
You are just helping corporate censorship and mass surveillance.
http://crimeflare.eu.org
```
```
Your web page is in the privacy-abusing private walled-garden of CloudFlare.
http://crimeflare.eu.org
```
- Take some time to read website's privacy policy.
- if the website is behind Cloudflare or website is using services connected to Cloudflare.
It must explain what the "Cloudflare" is, and ask for permission to share your data with Cloudflare. Failure to do so will result in the breach of trust and the website in question should be avoided.
[An acceptable privacy policy example is here](https://archive.is/bDlTz) ("Subprocessors" > "Entity Name")
```
I've read your privacy policy and I cannot find the word Cloudflare.
I refuse to share data with you if you continue to feed my data to Cloudflare.
http://crimeflare.eu.org
```
This is an example of privacy policy which does not have the word Cloudflare.
[Liberland Jobs](https://archive.is/daKIr) [privacy policy](https://docsend.com/view/feiwyte):
![](../image/cfwontobey.jpg)
Cloudflare have their own privacy policy.
[Cloudflare loves doxxing people.](https://www.reddit.com/r/GamerGhazi/comments/2s64fe/be_wary_reporting_to_cloudflare/)
Here's a good example for website's signup form.
AFAIK, zero website do this. Will you trust them?
```
By clicking “Sign up for XYZ”, you agree to our terms of service and privacy statement.
You also agree to share your data with Cloudflare and also agrees to cloudflare's privacy statement.
If Cloudflare leak your information or won't let you to connect to our servers, it's not our fault. [*]
[ Sign up ] [ I disagree ]
```
[*] [PEOPLE.md](../PEOPLE.md)
- Try not to use their service. Remember you are being watched by Cloudflare.
- ["I'm in your TLS, sniffin' your passworz"](../image/iminurtls.jpg)
- Search for other website. There are alternatives and opportunites on the internet!
- Convince your friends to use Tor on the daily basis.
- Anonymity should be the standard of the open internet!
- [Do note that the Tor project dislikes this project.](../HISTORY.md)
</details>
------
<details>
<summary>click me
## Add-ons
</summary>
- If your browser is Firefox, Tor Browser, or Ungoogled Chromium use one of these add-ons below.
- If you want to add other new add-on ask about it first.
| Name | Developer | Support | Can Block | Can Notify | Chrome |
| -------- | -------- | -------- | -------- | -------- | -------- |
| [Bloku Cloudflaron MITM-Atakon](../subfiles/about.bcma.md) | #Addon | [ ? ](http://crimeflare.eu.org/) | **Yes** | **Yes** | **Yes** |
| [Ĉu ligoj estas vundeblaj al MITM-atako?](../subfiles/about.ismm.md) | #Addon | [ ? ](http://crimeflare.eu.org/) | No | **Yes** | **Yes** |
| [Ĉu ĉi tiuj ligoj blokos Tor-uzanton?](../subfiles/about.isat.md) | #Addon | [ ? ](http://crimeflare.eu.org/) | No | **Yes** | **Yes** |
| [Block Cloudflare MITM Attack](https://trac.torproject.org/projects/tor/attachment/ticket/24351/block_cloudflare_mitm_attack-1.0.14.1-an%2Bfx.xpi)<br>[**DELETED BY TOR PROJECT**](../HISTORY.md) | nullius | [ ? ](../tool/block_cloudflare_mitm_fx), [Link](http://crimeflare.eu.org/) | **Yes** | **Yes** | No |
| [TPRB](http://34ahehcli3epmhbu2wbl6kw6zdfl74iyc4vg3ja4xwhhst332z3knkyd.onion/) | Sw | [ ? ](http://34ahehcli3epmhbu2wbl6kw6zdfl74iyc4vg3ja4xwhhst332z3knkyd.onion/) | **Yes** | **Yes** | No |
| [Detect Cloudflare](https://addons.mozilla.org/en-US/firefox/addon/detect-cloudflare/) | Frank Otto | [ ? ](https://github.com/traktofon/cf-detect) | No | **Yes** | No |
| [True Sight](https://addons.mozilla.org/en-US/firefox/addon/detect-cloudflare-plus/) | claustromaniac | [ ? ](https://github.com/claustromaniac/detect-cloudflare-plus) | No | **Yes** | No |
| [Which Cloudflare datacenter am I visiting?](https://addons.mozilla.org/en-US/firefox/addon/cf-pop/) | 依云 | [ ? ](https://github.com/lilydjwg/cf-pop) | No | **Yes** | No |
- "Decentraleyes" can stop connection to "CDNJS (Cloudflare)".
- It prevents a lot of requests from reaching networks, and serves local files to keep sites from breaking.
- The developer replied: "[very concerning indeed](https://github.com/Synzvato/decentraleyes/issues/236#issuecomment-352049501)", "[widespread usage severely centralizes the web](https://github.com/Synzvato/decentraleyes/issues/251#issuecomment-366752049)"
- [You can also remove or distrust Cloudflare certificate from your Certificate Authority(CA).](https://www.ssl.com/how-to/remove-root-certificate-firefox/)
</details>
------
<details>
<summary>click me
## Website owner / Web developer
</summary>
![](../image/word_cloudflarefree.jpg)
- Do not use Cloudflare solution, Period.
- You can do better than that, right? [Here's how to remove Cloudflare subscriptions, plans, domains, or accounts.](https://support.cloudflare.com/hc/en-us/articles/200167776-Removing-subscriptions-plans-domains-or-accounts)
| 🖼 | 🖼 |
| --- | --- |
| ![](../image/cfspam01.jpg) | ![](../image/cfspam03.jpg) |
| ![](../image/cfspam02.jpg) | ![](../image/cfspambrittany.jpg)<br>![](../image/cfspamtwtr.jpg) |
| ![](../image/htmlalertcloudflare.jpg) | ![](../image/htmlalertcloudflare2.jpg) |
- Want more customers? You know what to do. Hint is "above line".
- [Hello, you wrote "We take your privacy seriously" but I got "Error 403 Forbidden Anonymous Proxy Not Allowed".](https://it.slashdot.org/story/19/02/19/0033255/stop-saying-we-take-your-privacy-and-security-seriously) Why are you blocking Tor Or VPN? [And why are you blocking temporary emails?](http://523kpawzkarw3j6afz2elxfs4h3hfclomkcmbjs6kaimo4lokympi6yd.onion/)
![](../image/anonexist.jpg)
- Using Cloudflare will increase chances of an outage. Visitors can't access to your website if your server is down or Cloudflare is down.
- [Did you really think Cloudflare never go down?](https://www.ibtimes.com/cloudflare-down-not-working-sites-producing-504-gateway-timeout-errors-2618008) [Another](https://twitter.com/Jedduff/status/1097875615997399040) [sample](https://twitter.com/search?f=tweets&vertical=default&q=Cloudflare%20is%20having%20problems). [Need more](../PEOPLE.md)?
![](../image/cloudflareinternalerror.jpg)
- Using Cloudflare to proxy your "API service", "software update server" or "RSS feed" will harm your customer. A customer called you and said "I can't use your API anymore", and you have no idea what is going on. Cloudflare can silently block your customer. Do you think it is okay?
- There are many RSS reader client and RSS reader online service. Why are you publishing RSS feed if you're not allowing people to subscribe?
![](../image/rssfeedovercf.jpg)
- Do you need HTTPS certificate? Use "Let's Encrypt" or just buy it from CA company.
- Do you need DNS server? Can't set up your own server? How about them: [Hurricane Electric Free DNS](https://dns.he.net/), [Dyn.com](https://dyn.com/dns/), [1984 Hosting](https://www.1984hosting.com/), [Afraid.Org (Admin delete your account if you use TOR)](https://freedns.afraid.org/)
- Looking for hosting service? Free only? How about them: [Onion Service](http://vww6ybal4bd7szmgncyruucpgfkqahzddi37ktceo3ah7ngmcopnpyyd.onion/en/security/network-security/tor/onionservices-best-practices), [Free Web Hosting Area](https://freewha.com/), [Autistici/Inventati Web Site Hosting](https://www.autinv5q6en4gpf4.onion/services/website), [Github Pages](https://pages.github.com/), [Surge](https://surge.sh/)
- [Alternatives to Cloudflare](../subfiles/cloudflare-alternatives.md)
- Are you using "cloudflare-ipfs.com"? [Do you know Cloudflare IPFS is bad?](../PEOPLE.md)
- Install Web Application Firewall such as OWASP and Fail2Ban on your server and configure it properly.
- Blocking Tor is not a solution. Don't punish everyone just for small bad users.
- Redirect or block "Cloudflare Warp" users from accessing your website. And provide a reason if you can.
> IP list: "[Cloudflares current IP ranges](cloudflare_inc/)"
> A: Just block them
```
server {
...
deny 173.245.48.0/20;
deny 103.21.244.0/22;
deny 103.22.200.0/22;
deny 103.31.4.0/22;
deny 141.101.64.0/18;
deny 108.162.192.0/18;
deny 190.93.240.0/20;
deny 188.114.96.0/20;
deny 197.234.240.0/22;
deny 198.41.128.0/17;
deny 162.158.0.0/15;
deny 104.16.0.0/12;
deny 172.64.0.0/13;
deny 131.0.72.0/22;
deny 2400:cb00::/32;
deny 2606:4700::/32;
deny 2803:f800::/32;
deny 2405:b500::/32;
deny 2405:8100::/32;
deny 2a06:98c0::/29;
deny 2c0f:f248::/32;
...
}
```
> B: Redirect to warning page
```
http {
...
geo $iscf {
default 0;
173.245.48.0/20 1;
103.21.244.0/22 1;
103.22.200.0/22 1;
103.31.4.0/22 1;
141.101.64.0/18 1;
108.162.192.0/18 1;
190.93.240.0/20 1;
188.114.96.0/20 1;
197.234.240.0/22 1;
198.41.128.0/17 1;
162.158.0.0/15 1;
104.16.0.0/12 1;
172.64.0.0/13 1;
131.0.72.0/22 1;
2400:cb00::/32 1;
2606:4700::/32 1;
2803:f800::/32 1;
2405:b500::/32 1;
2405:8100::/32 1;
2a06:98c0::/29 1;
2c0f:f248::/32 1;
}
...
}
server {
...
if ($iscf) {rewrite ^ https://example.com/cfwsorry.php;}
...
}
<?php
header('HTTP/1.1 406 Not Acceptable');
echo <<<CLOUDFLARED
Thank you for visiting ourwebsite.com!<br />
We are sorry, but we can't serve you because your connection is being intercepted by Cloudflare.<br />
Please read http://crimeflare.eu.org for more information.<br />
CLOUDFLARED;
die();
```
- Set up Tor Onion Service or I2P insite if you believe in freedom and welcome anonymous users.
- Ask for advice from other Clearnet/Tor dual website operators and make anonymous friends!
</details>
---
------
<details>
<summary>_click me_
<summary>click me
## Remove user's review
## Software user
</summary>
Cloudflare censor [negative reviews](https://web.archive.org/web/20191116004046/https://www.trustpilot.com/reviews/5aa6ee0ed5a5700a7c8cf853). If you post _anti-Cloudflare_ text on Twitter, you have a chance to get a [reply](https://twitter.com/CloudflareHelp/status/1126051764917145601) from [Cloudflare employee](cloudflare_inc/cloudflare_members.txt) with "_[No, it's not](PEOPLE.md)_" message. If you post a negative review on any review site, they will try to [censor](https://twitter.com/phyzonloop/status/1178836176985366529) [it](https://twitter.com/dxgl_org/status/1178722159432220672).
- Discord is using CloudFlare. Alternatives? We recommend [**Briar** (Android)](https://f-droid.org/en/packages/org.briarproject.briar.android/), [Ricochet (PC)](https://ricochet.im/), [Tox + Tor (Android/PC)](https://tox.chat/download.html)
- Briar includes Tor daemon so you don't have to install Orbot.
- Qwtch developers, Open Privacy, deleted stop_cloudflare project from their git service without notice.
- If you use Debian GNU/Linux, or any derivative, subscribe: [bug #831835](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=831835). And if you can, help verify the patch, and help the maintainer come to the right conclusion on whether it should be accepted.
- Always recommend these browsers.
| Name | Developer | Support | Comment |
| -------- | -------- | -------- | -------- |
| [Ungoogled-Chromium](https://ungoogled-software.github.io/ungoogled-chromium-binaries/) | Eloston | [ ? ](https://github.com/Eloston/ungoogled-chromium) | PC (Win, Mac, Linux) _!Tor_ |
| [Bromite](https://www.bromite.org/fdroid) | Bromite | [ ? ](https://github.com/bromite/bromite/issues) | Android _!Tor_ |
| [Tor Browser](https://www.torproject.org/download/) | Tor Project | [ ? ](https://support.torproject.org/) | PC (Win, Mac, Linux) _Tor_|
| [Tor Browser Android](https://www.torproject.org/download/) | Tor Project | [ ? ](https://support.torproject.org/) | Android _Tor_|
| [Onion Browser](https://itunes.apple.com/us/app/onion-browser/id519296448?mt=8) | Mike Tigas | [ ? ](https://github.com/OnionBrowser/OnionBrowser/issues) | Apple iOS _Tor_|
| [GNU/Icecat](https://www.gnu.org/software/gnuzilla/) | GNU | [ ? ](https://www.gnu.org/software/gnuzilla/) | PC (Linux) |
| [IceCatMobile](https://f-droid.org/en/packages/org.gnu.icecat/) | GNU | [ ? ](https://lists.gnu.org/mailman/listinfo/bug-gnuzilla) | Android |
| [Iridium Browser](https://iridiumbrowser.de/about/) | Iridium | [ ? ](https://github.com/iridium-browser/iridium-browser/) | PC (Win, Mac, Linux, OpenBSD) |
| 🖼 | 🖼 |
| --- | --- |
| ![](../image/cfcenrev_01.jpg)<br>![](../image/cfcenrev_02.jpg) | ![](../image/cfcenrev_03.jpg) |
Other software's privacy is imperfect. This doesn't mean Tor browser is "perfect".
There is no 100% secure nor 100% private on the internet and technology.
- Don't want to use Tor? You can use any browser with Tor daemon.
- [Note that the Tor project don't like this.](https://support.torproject.org/tbb/tbb-9/) Use Tor Browser if you are able to do so.
- [How to use Chromium with Tor](../subfiles/chromium_tor.md)
Let's talk about other software's privacy.
- [If you really need to use Firefox, pick "Firefox ESR".](https://www.mozilla.org/en-US/firefox/organizations/)
- [Firefox - Spyware Watchdog](https://spyware.neocities.org/articles/firefox.html)
- [Firefox rejects free speech, bans free speech](https://web.archive.org/web/20200423010026/https://reclaimthenet.org/firefox-rejects-free-speech-bans-free-speech-commenting-plugin-dissenter-from-its-extensions-gallery/)
- ["100+ downvotes. It seems like asking a software company to stick to... software is just too much these days."](https://old.reddit.com/r/firefox/comments/gutdiw/weve_got_work_to_do_the_mozilla_blog/fslbbb6/)
- [Uh, why is Firefox showing me sponsored links in my URL bar?](https://www.reddit.com/r/firefox/comments/jybx2w/uh_why_is_firefox_showing_me_sponsored_links_in/)
- [Mozilla - Devil Incarnate](https://digdeeper.neocities.org/ghost/mozilla.html)
- [Remember, Mozilla is using Cloudflare service.](https://www.robtex.com/dns-lookup/www.mozilla.org) [They're also using Cloudflare's DNS service on their product.](https://www.theregister.co.uk/2018/03/21/mozilla_testing_dns_encryption/)
- [Mozilla officially rejected this ticket.](https://bugzilla.mozilla.org/show_bug.cgi?id=1426618)
- [Firefox Focus is a joke.](https://github.com/mozilla-mobile/focus-android/issues/1743) [They promised to turn off telemetry but they changed it.](https://github.com/mozilla-mobile/focus-android/issues/4210)
- [PaleMoon/Basilisk developer loves Cloudflare.](https://github.com/mozilla-mobile/focus-android/issues/1743#issuecomment-345993097)
- [Pale Moon's Archive Server hacked and spread malware for 18 Months](https://www.reddit.com/r/privacytoolsIO/comments/cc808y/pale_moons_archive_server_hacked_and_spread/)
- He also hate Tor users - "[Let it be hostile towards Tor. I think most sites should be hostile towards Tor considering its extremely high abuse factor.](https://github.com/yacy/yacy_search_server/issues/314#issuecomment-565932097)"
- [Waterfox have severe "phones home" problem](https://spyware.neocities.org/articles/waterfox.html)
- [Google Chrome is a spyware.](https://www.gnu.org/proprietary/malware-google.en.html)
- [Google profiles your activity.](https://spyware.neocities.org/articles/chrome.html)
- [SRWare Iron make too many phones home connection.](https://spyware.neocities.org/articles/iron.html) It also connect to google domains.
- [Brave Browser whitelist Facebook/Twitter trackers.](https://www.bleepingcomputer.com/news/security/facebook-twitter-trackers-whitelisted-by-brave-browser/)
- [Here's more issues.](https://spyware.neocities.org/articles/brave.html)
- [binance affiliate ID](https://twitter.com/cryptonator1337/status/1269594587716374528)
- [Microsoft Edge lets Facebook run Flash code behind users' backs.](https://www.zdnet.com/article/microsoft-edge-lets-facebook-run-flash-code-behind-users-backs/)
- [Vivaldi does not respect your privacy.](https://spyware.neocities.org/articles/vivaldi.html)
- [Opera spyware level: Extremely High](https://spyware.neocities.org/articles/opera.html)
- Apple iOS: [You shouldn't be using iOS at all, mainly because it is malware.](https://www.gnu.org/proprietary/malware-apple.html)
Therefore we recommend above table only. Nothing else.
</details>
---
------
<details>
<summary>_click me_
<summary>click me
## Share user's private information
## Mozilla Firefox user
</summary>
Cloudflare has a massive [harassment problem](https://web.archive.org/web/20171024040313/http://www.businessinsider.com/cloudflare-ceo-suggests-people-who-report-online-abuse-use-fake-names-2017-5).
Cloudflare [shares personal information](https://archive.ph/ePdvi) of those [who](https://twitter.com/ZJemptv/status/898299709634248704) [complain](https://twitter.com/TinyPirate/status/554718958176067584) [about](https://twitter.com/remembrancermx/status/1010329041235148802) [hosted](https://twitter.com/Bridaguy/status/915003769280172037) [sites](https://twitter.com/HelloAndrew/status/897260208845500416). They sometimes ask you to provide
your true ID. If you don't want to get harassed, [assaulted](https://twitter.com/NiteShade925/status/1158469203420205056), [swatted](https://boingboing.net/2015/01/19/invasion-boards-set-out-to-rui.html) or [killed](https://twitter.com/RusEmbUSA/status/1187363092793040901), you better stay away from Cloudflared websites.
- "Firefox Nightly" will send debug-level information to Mozilla servers without opt-out method.
- [Mozilla servers are behing Cloudflare](https://www.digwebinterface.com/?hostnames=www.mozilla.org%0D%0Amozilla.cloudflare-dns.com&type=&ns=resolver&useresolver=8.8.4.4&nameservers=)
- It is possible to prohibit Firefox to connect to Mozilla servers.
- [Mozilla's policy-templates guide](https://github.com/mozilla/policy-templates/blob/master/README.md)
- Keep in mind this trick might stop working in later version because Mozilla likes to whitelist themselves.
- Use firewall and DNS filter to block them completely.
"`/distribution/policies.json`"
> "WebsiteFilter": {
> "Block": [
> "*://*.mozilla.com/*",
> "*://*.mozilla.net/*",
> "*://*.mozilla.org/*",
> "*://webcompat.com/*",
> "*://*.firefox.com/*",
> "*://*.thunderbird.net/*",
> "*://*.cloudflare.com/*"
> ]
> },
| 🖼 | 🖼 |
| --- | --- |
| ![](../image/cfdox_what.jpg) | ![](../image/cfdox_swat.jpg) |
| ![](../image/cfdox_kill.jpg) | ![](../image/cfdox_threat.jpg) |
| ![](../image/cfdox_dox.jpg) | ![](../image/cfdox_ex1.jpg)<br>![](../image/cfdox_ex2.jpg) |
- ~~Report a bug on mozilla's tracker, telling them not to use Cloudflare.~~ There was a bug report on bugzilla. Many people were posted their concern, however the bug was hidden by the admin in 2018.
- You can disable DoH in Firefox.
- [Change default DNS provider of firefox](../subfiles/change-firefox-dns.md)
![](../image/firefoxdns.jpg)
- [If you would like to use non-ISP DNS, consider using OpenNIC Tier2 DNS service or any of non-Cloudflare DNS services.](https://wiki.opennic.org/start)
![](../image/opennic.jpg)
- Block Cloudflare with DNS. [Crimeflare DNS](https://dns.crimeflare.eu.org/)
- You can use Tor as DNS resolver. [If you're not Tor expert, ask question here.](https://tor.stackexchange.com/)
> **How?**
> 1. Download Tor and install it on your computer.
> 2. Add this line to "torrc" file.
> DNSPort 127.0.0.1:53
> 3. Restart Tor.
> 4. Set your computer's DNS server to "127.0.0.1".
</details>
---
------
<details>
<summary>_click me_
<summary>click me
## Corporate solicitation of charitable contributions
## Action
</summary>
CloudFlare is [asking](https://web.archive.org/web/20191112033605/https://opencollective.com/cloudflarecollective#section-about) for charitable contributions. Its quite appalling that an American corporation would ask for charity alongside non-profit organizations that have good causes. If you like [blocking people or wasting other people's time](PEOPLE.md), you might want to order some pizzas🍕 for Cloudflare employees.
- Tell others around you about the dangers of Cloudflare.
- [Help improve this repository.](http://crimeflare.eu.org).
- Both the lists, the arguments against it and the details.
![](../image/cfdonate.jpg)
- [Document and make very public where things go wrong with Cloudflare (and similar companies), making sure to mention this repository when you do so](http://crimeflare.eu.org) :)
- Get more people using Tor by default so they can experience the web from the perspective of different parts of the world.
- Start groups, in social media and meatspace, dedicated to liberating the world from Cloudflare.
- Where appropriate, link to these groups on this repository - this can be a place for coordinating working together as groups.
- [Start a coop that can provide a meaningful non corporate alternative to Cloudflare.](../subfiles/cloudflare-alternatives.md)
- Let us know of any alternatives to help at least provide multiple layered defence against Cloudflare.
- If you are a Cloudflare customer, set your privacy settings, and wait for them to violate them.
- [Then bring them under anti-spam / privacy violation charges.](https://twitter.com/thexpaw/status/1108424723233419264)
- If you are in the United States of America and the website in question is a bank or an accountant, try to bring legal pressure under the GrammLeachBliley Act, or the Americans with DIsabilities Act and report back to us how far you get.
- If the website is a government site, try to bring legal pressure under the 1st Amendment of the US Constitution.
- If you are EU citizen, contact the website to send your personal information under the General Data Protection Regulation. If they refuse to give you your information, that's a violation of the law.
- For companies that claim to offer service on their website try reporting them as "false advertising" to consumer protection organizations and BBB. Cloudflare websites are served by Cloudflare servers.
- [The ITU suggest in the US context that Cloudflare is starting to get big enough that antitrust law might be brought down upon them.](https://www.itu.int/en/ITU-T/Workshops-and-Seminars/20181218/Documents/Geoff_Huston_Presentation.pdf)
- It's conceivable that the GNU GPL version 4 could include a provision against storing source code behind such a service, requiring for all GPLv4 and later programs that at least the source code is accessible via a medium that does not discriminate against Tor users.
</details>
---
------
<details>
<summary>_click me_
## Terminating sites
</summary>
What will you do if your site goes down _suddenly_? There are reports that Cloudflare is [deleting](https://twitter.com/stefan_eady/status/1126033791267426304) [user's](https://twitter.com/derivativeburke/status/903755267053117440) [configuration](https://twitter.com/lordscarlet/status/1046785164792205314) or [stopping service without any warning](https://twitter.com/svolentin/status/1227324408475344896), [silently](https://twitter.com/BlnaryMlke/status/1194339461984854018). We suggest you find [better provider](what-to-do.md).
![](../image/cftmnt.jpg)
</details>
---
<details>
<summary>_click me_
## Browser vendor discrimination
</summary>
CloudFlare gives preferential treatment to those using Firefox while giving hostile treatment to users of non-Tor-Browser over Tor.
Tor users of who rightfully refuse to execute non-free javascript also receive hostile treatment.
This access inequality is a network neutrality abuse and an abuse of power.
![](../image/browdifftbcx.gif)
- Left: `Tor Browser` , Right: `Chrome`. Same IP address.
![](../image/browserdiff.jpg)
- Left: `[Tor Browser] Javascript Disabled, Cookie Enabled`
- Right: `[Chrome] Javascript Enabled, Cookie Disabled`
![](../image/cfsiryoublocked.jpg)
- QuteBrowser(minor browser) without Tor (Clearnet IP)
![](../image/lynx_cloudflare.gif)
- Lynx
| ***Browser*** | ***Access treatment*** |
| --- | --- |
| Tor Browser (Javascript enabled) | access permitted |
| Firefox (Javascript enabled) | access degraded |
| Chromium (Javascript enabled) | access degraded (pushes Google reCAPTCHA) |
| Chromium or Firefox (Javascript disabled) | access denied (pushes *broken* Google reCAPTCHA) |
| Chromium or Firefox (Cookie disabled) | access denied |
| QuteBrowser | access denied |
| lynx | access denied |
| w3m | access denied |
| wget | access denied |
"_Why not use Audio button to solve easy challenge?_"
Yes, there is an audio button, but it _always_ [doesn't work over Tor](https://trac.torproject.org/projects/tor/ticket/23840). You will get this message when you click it:
### Comments
```
Try again later
Your computer or network may be sending automated queries.
To protect our users, we can't process your request right now.
For more details visit our help page
There is always hope in resistance.
Resistance is fertile.
Even some of the darker outcomes comes to be, the very act of resistance trains us to continue to destabilize the dystopic status quo that results.
Resist!
```
</details>
---
<details>
<summary>_click me_
## Voter suppression
</summary>
Voters in US states register to vote ultimately through the state secretary's website in the state of their residence.
Republican-controlled state secretary offices engage in voter suppression by proxying the state secretary's website through Cloudflare.
Cloudflare's hostile treatment of Tor users, its MITM position as a centralized global point of surveillance, and its detrimental role overall
makes prospective voters reluctant to register. Liberals in particular tend to embrace privacy. Voter registration forms collect sensitive information about a voter's political leaning, personal physical address, social security number, and date of birth.
Most states only make a subset of that information publicly available, but Cloudflare sees ***all*** that information when someone registers to vote.
Note that paper registration does not circumvent Cloudflare because the secretary of state data entry staff workers will likely use the
Cloudflare website to enter the data.
| 🖼 | 🖼 |
| --- | --- |
| ![](../image/cfvotm_01.jpg) | ![](../image/cfvotm_02.jpg) |
- Change.org is a famous website for gathering votes and take action. "[people everywhere are starting campaigns, mobilizing supporters, and working with decision makers to drive solutions.](https://web.archive.org/web/20200206120027/https://www.change.org/about)"
Unfortunately, many people cannot view change.org at all due to Cloudflare's aggressive filter. They are being blocked from signing the petition, thus excluding them from a democratic process. Using other non-cloudflared platform such as [OpenPetition](https://www.openpetition.eu/content/about_us) helps remedy the problem.
| 🖼 | 🖼 |
| --- | --- |
| ![](../image/changeorgasn.jpg) | ![](../image/changeorgtor.jpg) |
- Cloudflare's "[Athenian Project](https://www.cloudflare.com/athenian/)" offers free enterprise-level protection to state and local election websites. They said "_their constituents can access election information and voter registration_" but this is a lie because many people just can't browse the site at all.
</details>
---
<details>
<summary>_click me_
## Ignoring user's preference
</summary>
If you opt-out something, you expect that you receive no email about it. Cloudflare ignore user's preference and share data with third-party corporations [without customer's consent](https://twitter.com/thexpaw/status/1108424723233419264). If you're using their free plan, they sometimes send email to you asking to buy monthly subscription.
![](../image/cfviopl_tp.jpg)
</details>
---
<details>
<summary>_click me_
## Lying about deleting user's data
</summary>
According to this [ex-cloudflare customer's blog](https://shkspr.mobi/blog/2019/11/can-you-trust-cloudflare-with-your-personal-data/), Cloudflare is lying about deleting accounts. Nowadays, many [companies keep your data](https://justdeleteme.xyz/) after you've closed or removed your account. Most of good companies do mention about it in their privacy policy. Cloudflare? No.
```
2019-08-05 CloudFlare sent me confirmation that they'd removed my account.
2019-10-02 I received an email from CloudFlare "because I am a customer"
Someday, you'll understand why we wrote this.
```
Cloudflare didn't know about the word "remove". If it is really _removed_, why this ex-customer got an email? He also mentioned that Cloudflare's privacy policy doesn't mention about it.
```
Their new privacy policy doesn't make any mention of retaining data for a year.
There isn't anything futuristic about this. We have already lost.
```
![](../image/cfviopl_notdel.jpg)
How can you trust Cloudflare if [their privacy policy is a LIE](https://twitter.com/daviddlow/status/1197787135526555648)?
- [Over a year passed since I cancelled my Cloudflare account](https://shkspr.mobi/blog/2020/09/dont-trust-cloudflare-with-your-personal-data/)
</details>
---
<details>
<summary>_click me_
## Keep your personal information
</summary>
### Now, what did you do today?
Deleting Cloudflare account is [hard level](https://justdeleteme.xyz/).
```
Submit a support ticket using the "Account" category,
and request account deletion in the message body.
You must have no domains or credit cards attached to your account prior to requesting deletion.
```
You will [receive this confirmation email](https://twitter.com/originalesushi/status/1199041528414527495).
![](../image/cf_deleteandkeep.jpg)
"We have begun to process your deletion request" but "We will continue to store your personal information".
Can you "trust" this?
- How to cancel your Cloudflare account
1. Login to your [Cloudflare dashboard](https://dash.cloudflare.com/).
2. Delete all zones(domains) from your dashboard.
3. Click _support_ link.
4. Send a new ticket. Tell them that you want to close your account.
5. _Wait several days._
6. Cloudflare staff will ask for your confirmation and the reason why you have decided to leave Cloudflare.
7. Send a reply again.
8. _Wait several days._
9. You will get a message: "We have successfully deleted your account"
</details>
---
## Other information
- [Joseph Sullivan (Joe Sullivan)](../cloudflare_inc/cloudflare_members.md) ([Cloudflare CSO](https://twitter.com/eastdakota/status/1296522269313785862))
- [Ex-Uber security head charged in connection with the cover-up of a 2016 hack that affected 57 million customers](https://www.businessinsider.com/uber-data-hack-security-head-joe-sullivan-charged-cover-up-2020-8)
- [Former Chief Security Officer For Uber Charged With Obstruction Of Justice](https://www.justice.gov/usao-ndca/pr/former-chief-security-officer-uber-charged-obstruction-justice)
```
Sullivan took to allegedly cover it up, including making the $100,000 payout
under Uber's "bug bounty" program.
```
---
## Please continue to next page: "[What you can do to resist Cloudflare?](en.action.md)
![](../image/freemoldybread.jpg)
![](../image/cfisnotanoption.jpg)
![](../image/stopcf.jpg)