README.md
This commit is contained in:
Alek Amrani
parent
fd5c70a27a
commit
efd3987a5d
24
README.md
24
README.md
|
|
@ -18,26 +18,26 @@
|
|||
| Take a look at the right image. You will think Cloudflare block _only_ bad guys. You will think _Cloudflare is always online(never go [down](https://twitter.com/bengoldacre/status/1146058200887648258))_. You will think _legit bots and crawlers can index your website_. |  |
|
||||
| However [those are not true](PEOPLE.md) at all. Cloudflare is blocking innocent people with no reason. Cloudflare can go down. Cloudflare blocks legit bots. |  |
|
||||
| Just like any hosting service, Cloudflare is not perfect. You will see this screen [even if the origin server is working well](PEOPLE.md). |  |
|
||||
| Do you really think Cloudflare has 100% uptime? [You have no idea](PEOPLE.md) how many times Cloudflare goes down. If Cloudflare goes down your customer cannot access your website. | <br> |
|
||||
| Do you really think Cloudflare has 100% uptime? [You have no idea](PEOPLE.md) how many times Cloudflare [goes down](https://www.zerohedge.com/markets/major-part-web-offline-cloudflare-suffers-outage). If Cloudflare goes down your customer cannot access your website. | <br> |
|
||||
| It is called this in reference to the [Great Firewall of China](https://www.comparitech.com/privacy-security-tools/blockedinchina/) which does a comparable job of [filtering out many humans](PEOPLE.md) from seeing web content (ie everyone in mainland China and people outside) while at the same time those not affected to see a dratically different web, a web free of censorship such as an image of ["tank man"](https://en.wikipedia.org/wiki/Tank_Man) and the history of ["Tiananmen Square protests"](https://en.wikipedia.org/wiki/1989_Tiananmen_Square_protests#Censorship_in_China). |  |
|
||||
| Cloudflare possesses [great power](http://digdeep4orxw6psc33yxa2dgmuycj74zi6334xhxjlgppw6odvkzkiad.onion/ghost/mozilla.html). In a sense, they control what the end user ultimately sees. You are prevented from browsing the website because of Cloudflare. |  |
|
||||
| Cloudflare can be used for censorship. |  |
|
||||
| You cannot view cloudflared website if you are using minor browser which Cloudflare may think it is a bot(because not many people use it). |  |
|
||||
| You cannot pass this invasive "browser check" without enabling Javascript. This is a waste of five(or more) seconds of your valuable life. |  |
|
||||
| Cloudflare also [automatically](https://twitter.com/itsybitsydots/status/1212691131508477952) [block](PEOPLE.md) legit robots/crawlers such as Google, Yandex, Yacy, and [API clients](PEOPLE.md). Cloudflare is actively [monitoring](PEOPLE.md) "bypass cloudflare" community with an intent to break legit research bots. |  |
|
||||
| Cloudflare similarly prevents many people who have poor internet connectivity from accessing the websites behind it (for example, they could be behind 7+ layers of NAT or sharing same IP) unless they solve multiple image CAPTCHAs. In some cases, [this will take 10 to 30 minutes to satisfy Google](https://trac.torproject.org/projects/tor/ticket/23840). |  |
|
||||
| Cloudflare can be used for censorship. |  |
|
||||
| You cannot view cloudflared website if you are using minor browser which Cloudflare may think it is a bot(because not many people use it). |  |
|
||||
| You cannot pass this invasive "browser check" without enabling Javascript. This is a waste of five(or more) seconds of your valuable life. |  |
|
||||
| Cloudflare also [automatically](https://twitter.com/itsybitsydots/status/1212691131508477952) [block](PEOPLE.md) legit robots/crawlers such as Google, Yandex, Yacy, and [API clients](PEOPLE.md). Cloudflare is actively [monitoring](PEOPLE.md) "bypass cloudflare" community with an intent to break legit research bots. |  |
|
||||
| Cloudflare similarly prevents many people who have poor internet connectivity from accessing the websites behind it (for example, they could be behind 7+ layers of NAT or sharing same IP, for example public Wifi) unless they solve multiple image CAPTCHAs. In some cases, [this will take 10 to 30 minutes to satisfy Google](https://trac.torproject.org/projects/tor/ticket/23840). |  |
|
||||
| Many humans and software are being blocked by Cloudflare [every day](PEOPLE.md). |  |
|
||||
| Cloudflare [annoys many people](PEOPLE.md) around the world. Take a look at the list and think whether adopting Cloudflare on your site is good for user experience. |  |
|
||||
| What is the purpose of the internet if you cannot do what you want? Most people who visit your website will just look for other pages if they can't load a webpage. You may be not blocking any visitors, but Cloudflare's default firewall is strict enough to block many people. | <br> |
|
||||
| Cloudflare [annoys many people](PEOPLE.md) around the world. Take a look at the list and think whether adopting Cloudflare on your site is good for user experience. |  |
|
||||
| What is the purpose of the internet if you cannot do what you want? Most people who visit your website will just look for other pages if they can't load a webpage. You may be not blocking any visitors, but Cloudflare's default firewall is strict enough to block many people. | <br> |
|
||||
| There is no way to solve the captcha without enabling Javascript and Cookies. Cloudflare is [using them](PEOPLE.md) to make a browser signature to [identify](https://cryptome.org/2016/07/cloudflare-de-anons-tor.htm) [you](PEOPLE.md). Cloudflare needs to know your identity to decide whether you are eligeble to continue browsing the site. |  |
|
||||
| [Tor users](https://www.torproject.org/) and [VPN users](https://airvpn.org/topic/23090-cloudflare-often-bans-my-ip-address/) are also a [victim](https://blog.torproject.org/trouble-cloudflare) of Cloudflare. Both solutions are being used by many people who cannot afford uncensored internet due to their country/corporation/network policy. Cloudflare is shamelessly attacking those people, forcing them to turn off their proxy solution. |  |
|
||||
| [Tor users](https://www.torproject.org/) and [VPN users](https://airvpn.org/topic/23090-cloudflare-often-bans-my-ip-address/) are also a [victim](https://blog.torproject.org/trouble-cloudflare) of Cloudflare. Both solutions are being used by many people who cannot afford uncensored internet due to their country/corporation/network policy or who wants to add extra layer to protect their privacy. Cloudflare is shamelessly attacking those people, forcing them to turn off their proxy solution. |  |
|
||||
| If you didn't try Tor until this moment, we encourage you to [download Tor Browser](https://www.torproject.org/) and visit your favorite websites. (advice: _Do not login to your bank website or government webpage or they will flag your account. [Use VPN](https://www.vpngate.net/en/) for those websites._) |  |
|
||||
| You might want to say "_Tor is illegal! Tor users are criminal! Tor is bad!_". No. You might learned about Tor from television, saying Tor can be used to browse [darknet](https://en.wikipedia.org/wiki/Darknet) and trade guns, drugs or [chid porn](https://en.wikipedia.org/wiki/Child_sexual_abuse_material). While above statement is true that there are many market website where you can buy such items, those sites are often appear on clearnet too. |  |
|
||||
| Tor _was_ [developed by US Army](https://www.nrl.navy.mil/itd/chacs/dingledine-tor-second-generation-onion-router), but current Tor is developed by the [Tor project](https://www.torproject.org/). There are many people and organizations [who use Tor](https://blog.torproject.org/tor-misused-criminals) including your future friends. So, if you are using Cloudflare on your website you are blocking _real_ humans. You will lose potential friendship and business deal. |  |
|
||||
| And their DNS service, [1.1.1.1](https://1.1.1.1/), is also filtering out users from visiting the website by returning [fake](https://trac.torproject.org/projects/tor/ticket/32915) IP address [owned by Cloudflare](https://www.reddit.com/r/CloudFlare/comments/hiqm4u/no_cloudflare_website_is_loading/), localhost IP such as "127.0.0.x", or just return nothing. | <br> |
|
||||
| Cloudflare DNS also [break](https://twitter.com/bowranger/status/1213031783576428550) [online](https://twitter.com/jb510/status/1212521533907668992) [software](https://twitter.com/No_Style/status/1201525422795710466) [from](https://twitter.com/daemuth/status/1187758306535903233) [smartphone](https://twitter.com/gregortorrence/status/1183102089439805441) [app](https://www.reddit.com/r/CloudFlare/comments/gmfm4i/us_bank_website_is_not_in_cloudflare_dns/) [to computer game because of their fake DNS answer](PEOPLE.md). Cloudflare DNS [cannot query](PEOPLE.md) some bank websites. | <br> |
|
||||
| Cloudflare DNS also [break](https://twitter.com/bowranger/status/1213031783576428550) [online](https://twitter.com/jb510/status/1212521533907668992) [software](https://twitter.com/No_Style/status/1201525422795710466) [from](https://twitter.com/daemuth/status/1187758306535903233) [smartphone](https://twitter.com/gregortorrence/status/1183102089439805441) [app](https://www.reddit.com/r/CloudFlare/comments/gmfm4i/us_bank_website_is_not_in_cloudflare_dns/) [to computer game because of their fake DNS answer](PEOPLE.md). Cloudflare DNS [cannot query](PEOPLE.md) some bank websites. | <br> |
|
||||
| And here you might think,<br>"_I am not using Tor or VPN, why should I care?_"<br>"_I trust Cloudflare marketing, why should I care_"<br>"_My website is HTTPS why should I care_" |  |
|
||||
| If you visit website which use Cloudflare, you are sharing your information not only to website owner _but also Cloudflare_. This is how the [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy) works. |  |
|
||||
| If you visit website which use Cloudflare, you are sharing your information not only to website owner _but also Cloudflare_. This is how the [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy) works. |  |
|
||||
| It is impossible to [analyze](https://blog.cloudflare.com/the-csam-scanning-tool/) without [decrypting TLS traffic](https://github.com/nym-zone/block_cloudflare_mitm_fx/issues/15#issuecomment-354773389). |  |
|
||||
| Cloudflare knows all your data such as raw password. |  |
|
||||
| [Cloudbeed](https://en.wikipedia.org/wiki/Cloudbleed) can happen anytime. |  |
|
||||
|
|
@ -46,7 +46,7 @@
|
|||
| Internet user's online profile is a "product" that the government and big tech companies wants to buy. |  |
|
||||
| U.S. [Department of Homeland Security](https://www.dhs.gov/) said:<br><br>"Do you have any idea how valuable the data you have is? Is there any way you would sell us that data?" |  |
|
||||
| Cloudflare also offer _FREE_ VPN service called "[Cloudflare Warp](https://blog.cloudflare.com/1111-warp-better-vpn/)". If you use it, all your smartphone ([or your computer](https://techniapps.com/2019/09/26/download-cloudflare-warp-vpn-for-pc-windows-10-mac/)) connections are sent to Cloudflare servers. Cloudflare can know which website you've read, what comment you've posted, who you've talked to, etc. You are voluntary giving [all your information](https://github.com/privacytoolsIO/privacytools.io/issues/374#issuecomment-478686469) to Cloudflare. If you think "_Are you joking? Cloudflare is secure._" then you need to learn how [VPN works](https://en.wikipedia.org/wiki/VPN). |  |
|
||||
| Cloudflare said their VPN service make your internet [fast](https://www.wired.com/story/cloudflare-says-new-vpn-service-wont-slow-you-down/). But VPN make your internet connection _slower_ than [your](https://twitter.com/ExYakuza/status/1182317536089526273) [existing](https://twitter.com/waddling/status/1177615384616325120) [connection](https://techcrunch.com/2019/04/01/cloudflares-warp-is-a-vpn-that-might-actually-make-your-mobile-connection-better/). |  |
|
||||
| Cloudflare said their VPN service make your internet [fast](https://www.wired.com/story/cloudflare-says-new-vpn-service-wont-slow-you-down/). But VPN make your internet connection _slower_ than [your](https://twitter.com/ExYakuza/status/1182317536089526273) [existing](https://twitter.com/waddling/status/1177615384616325120) [connection](https://techcrunch.com/2019/04/01/cloudflares-warp-is-a-vpn-that-might-actually-make-your-mobile-connection-better/). |  |
|
||||
| You might already know about the [PRISM](https://en.wikipedia.org/wiki/PRISM_(surveillance_program)) scandal. It is true that AT&T lets [NSA](https://en.wikipedia.org/wiki/National_Security_Agency) to [copy all internet data](https://www.cnet.com/news/at-t-lets-nsa-hide-and-surveil-in-plain-sight-the-intercept-reports/) for surveillance. |  |
|
||||
| Let's say you're working at the NSA, and you want _every citizen's internet profile_. You know most of them are [blindly trusting Cloudflare](https://twitter.com/search?q=Cloudflare&f=live) and using it - only one centralized gateway - to proxy their company server connection([SSH](https://blog.cloudflare.com/public-keys-are-not-enough-for-ssh-security/)/[RDP](https://blog.cloudflare.com/cloudflare-access-now-supports-rdp/)), personal website, chat website, forum website, bank website, insurance website, search engine, secret member-only website, auction website, [shopping](https://www.cloudflare.com/case-studies/shopify-powering-the-biggest-shopping-weekend-of-the-year/), video website, NSFW website, and illegal website. You also know they use Cloudflare's DNS service ("_1.1.1.1_") and VPN service ("_Cloudflare Warp_") for "_Secure! Faster! Better!_" internet experience. Combining them with user's IP address, browser [fingerprint](https://github.com/VeNoMouS/cloudscraper/issues/209#issuecomment-624853689), cookies and RAY-ID will be useful to build target's online profile. |  |
|
||||
| You want their data. [What will you do](https://www.reddit.com/r/privacy/comments/1gb0pa/how_prism_actually_works_1520_att_fiber_optic/)? |  |
|
||||
|
|
|
|||
Loading…
Reference in New Issue