7.6 KiB
What you can do to resist Cloudflare?
Website consumer
- If the website you like is using Cloudflare, tell them not to use Cloudflare.
You are just helping corporate censorship and mass surveillance.
-
Try not to use their service. Remember you are being watched by Cloudflare.
-
Search for other website. There are many alternatives and opportunites on the internet!
-
If your browser is Firefox, use one of these add-ons.
| Name | Can Block | Can Notify |
|---|---|---|
| Block Cloudflare MITM Attack | Yes | Yes |
| Block Cloudflare MITM Attack | Yes | Yes |
| Are links vulnerable to MITM? | No | Yes |
| Third-party Request Blocker (AMO) | Yes | Yes |
| Third-party Request Blocker | Yes | Yes |
| Detect Cloudflare | No | Yes |
- Convince your friends to use Tor Browser on the daily basis. Anonymity should be the standard of the open internet!
Website owner / Web developer
-
Do not use Cloudflare solution. You are loser if you fall to that easy solution. You can do better than that, right?
-
Install Web Application Firewall (such as OWASP) and Fail2Ban on your server and configure it properly.
-
Set up Tor Onion Service or I2P insite if you believe in freedom and welcome anonymous users.
-
Ask for advice from other Clearnet/Tor dual website operators and make anonymous friends! :)
Software user
-
If you use Debian GNU/Linux, or any derivative, subscribe to bug #831835. And if you can, help verify the patch, and help the maintainer come to the right conclusion on whether it should be accepted.
-
Always recommend Tor Browser for desktop and Tor Browser for Android
, Orfoxfor smartphone. Other software's privacy is imperfect. This doesn't mean Tor browser is "perfect". There is no 100% secure nor 100% private on the internet and technology.
Let's talk about other software's privacy...
-
If you really need to use Firefox, pick "Firefox ESR". ESR is developed for company and organizations, thus some spyware code is disabled by default. Portable version is here.
-
Remember, Mozilla is using Cloudflare service. They're also using Cloudflare's DNS service on their product D'oh!
-
Mozilla officially rejected this ticket.
-
PaleMoon developer loves Cloudflare.
-
Chrome is a spyware.
-
Brave Browser whitelist Facebook/Twitter trackers.
"Mozilla Firefox" user
-
Don't use Firefox Nightly. It will send debug-level information to Mozilla servers without opt-out method. Mozilla servers are behing Cloudflare.
-
It is possible to prohibit Firefox to connect to Mozilla servers. Create a file "/distribution/policies.json". Mozilla's policy-templates guide.
{ "policies": { "WebsiteFilter": { "Block": [ "://.mozilla.com/", "://.mozilla.net/", "://.mozilla.org/", "://.firefox.com/", "://.thunderbird.net/", "://.cloudflare.com/" ] }, ... }
-
Report a bug on mozilla's tracker, telling them not to use Cloudflare/TRR.There was a bug report on bugzilla. Many people were posted their concern, however the bug was hidden by the admin last year. -
To disable DOH, enter about:config?filter=network.trr in the address bar then set "network.trr.mode" to 5 to completely disable it. The value "5" means "Off by choice". (If you really need to use non-ISP DNS, consider using OpenNIC Tier2 DNS service.)
-
Tell us if you see this functionality start to creep up beyond Firefox Nightly into more stable versions of Firefox.
Action
-
Tell others around you about the dangers of Cloudflare. But don't talk with NSA employee; you'll be definitely marked... just kidding!
-
Help improve this repository, both the lists, the arguments against it and the details.
-
Document and make very public where things go wrong with Cloudflare (and similar companies), making sure to mention this repository when you do so
-
Get more people using Tor by default so they can experience the web from the perspective of different parts of the world.
-
Start groups, in social media and meatspace, dedicated to liberating the world from Cloudflare.
-
Where appropriate, link to these groups on this repository - this can be a place for coordinating working together as groups.
-
Start a coop that can provide a meaningful non corporate alternative to Cloudflare.
-
Let us know of any alternatives to help at least provide multiple layered defence against Cloudflare.
-
Try using globalist to maintain this list.
-
If you are in the United States of America and the website in question is a bank or an accountant, try to bring legal pressure under the Gramm–Leach–Bliley Act, or the Americans with DIsabilities Act and report back to us how far you get.
-
If the website is a government site, try to bring legal pressure under the 1st Amendment of the US Constitution.
-
If you are EU citizen, contact the website to send your personal information under the General Data Protection Regulation. If they refuse to give you your information, that's a violation of the law.
-
For companies that claim to offer service on their website try reporting them as "false advertising" to consumer protection organizations and BBB. Cloudflare websites are served by Cloudflare servers.
-
the ITU suggest in the US context that Cloudflare is starting to get big enough that antitrust law might be brought down upon them.