deCloudflare/readme/en.action.md

22 KiB
Raw Blame History

What you can do to resist Cloudflare?

🖼 🖼 🖼

Matthew Browning Prince (Twitter @eastdakota), born on November 13th 1974, is the CEO and co-founder of CloudFlare.

Thanks to his rich dad, John B. Prince, he attended the University of Chicago Law School ('00) and Harvard Business School ('09). Prince taught Internet law and was a specialist in anti-spam laws and phishing investigations.

"Id suggest this was armchair analysis by kids its hard to take seriously." t

"That was simply unfounded paranoia, pretty big difference." t

"We also work with Interpol and other non-US entities" t

"Watching hacker skids on Github squabble about trying to bypass Cloudflare's new anti-bot systems continues to be my daily amusement. 🍿" t


click me

Website consumer

  • If the website you like is using Cloudflare, tell them not to use Cloudflare.
    • Whining on social media such as Facebook, Reddit, Twitter or Mastodon makes no difference. Actions are louder than hashtags.
    • Try to contact to the website owner if you want to make yourself useful.

Cloudflare said:

We recommend that you reach out to the administrators for the specific services or sites that you run into issue with and share your experience.

If you don't ask for it, website owner never know this problem.

Successful example.
You have a problem? Raise your voice now. Example below.

You are just helping corporate censorship and mass surveillance.
https://git.sdf.org/deCloudflare/cloudflare-tor/src/branch/master/README.md
Your web page is in the privacy-abusing private walled-garden of CloudFlare.
https://git.sdf.org/deCloudflare/cloudflare-tor/
  • Take some time to read website's privacy policy.
    • if the website is behind Cloudflare or website is using services connected to Cloudflare.

It must explain what the "Cloudflare" is, and ask for permission to share your data with Cloudflare. Failure to do so will result in the breach of trust and the website in question should be avoided.

An acceptable privacy policy example is here ("Subprocessors" > "Entity Name")

I've read your privacy policy and I cannot find the word Cloudflare.
I refuse to share data with you if you continue to feed my data to Cloudflare.
https://git.sdf.org/deCloudflare/cloudflare-tor/

This is an example of privacy policy which does not have the word Cloudflare. Liberland Jobs privacy policy:

Cloudflare have their own privacy policy. Cloudflare loves doxxing people.

Here's a good example for website's signup form. AFAIK, zero website do this. Will you trust them?

By clicking “Sign up for XYZ”, you agree to our terms of service and privacy statement.
You also agree to share your data with Cloudflare and also agrees to cloudflare's privacy statement.
If Cloudflare leak your information or won't let you to connect to our servers, it's not our fault. [*]

[ Sign up ] [ I disagree ]

[*] PEOPLE.md


click me

Add-ons

  • If your browser is Firefox, Tor Browser, or Ungoogled Chromium use one of these add-ons below.
    • If you want to add other new add-on ask about it first.
Name Developer Support Can Block Can Notify Chrome
Bloku Cloudflaron MITM-Atakon #Addon ? Yes Yes Yes
Ĉu ligoj estas vundeblaj al MITM-atako? #Addon ? No Yes Yes
Ĉu ĉi tiuj ligoj blokos Tor-uzanton? #Addon ? No Yes Yes
Block Cloudflare MITM Attack
DELETED BY TOR PROJECT
nullius ? , Link Yes Yes No
TPRB Sw ? Yes Yes No
Detect Cloudflare Frank Otto ? No Yes No
True Sight claustromaniac ? No Yes No
Which Cloudflare datacenter am I visiting? 依云 ? No Yes No

click me

Website owner / Web developer

🖼 🖼

  • Using Cloudflare to proxy your "API service", "software update server" or "RSS feed" will harm your customer. A customer called you and said "I can't use your API anymore", and you have no idea what is going on. Cloudflare can silently block your customer. Do you think it is okay?
    • There are many RSS reader client and RSS reader online service. Why are you publishing RSS feed if you're not allowing people to subscribe?

IP list: "Cloudflares current IP ranges"

A: Just block them

server {
...
deny 173.245.48.0/20;
deny 103.21.244.0/22;
deny 103.22.200.0/22;
deny 103.31.4.0/22;
deny 141.101.64.0/18;
deny 108.162.192.0/18;
deny 190.93.240.0/20;
deny 188.114.96.0/20;
deny 197.234.240.0/22;
deny 198.41.128.0/17;
deny 162.158.0.0/15;
deny 104.16.0.0/12;
deny 172.64.0.0/13;
deny 131.0.72.0/22;
deny 2400:cb00::/32;
deny 2606:4700::/32;
deny 2803:f800::/32;
deny 2405:b500::/32;
deny 2405:8100::/32;
deny 2a06:98c0::/29;
deny 2c0f:f248::/32;
...
}

B: Redirect to warning page

http {
...
geo $iscf {
default 0;
173.245.48.0/20 1;
103.21.244.0/22 1;
103.22.200.0/22 1;
103.31.4.0/22 1;
141.101.64.0/18 1;
108.162.192.0/18 1;
190.93.240.0/20 1;
188.114.96.0/20 1;
197.234.240.0/22 1;
198.41.128.0/17 1;
162.158.0.0/15 1;
104.16.0.0/12 1;
172.64.0.0/13 1;
131.0.72.0/22 1;
2400:cb00::/32 1;
2606:4700::/32 1;
2803:f800::/32 1;
2405:b500::/32 1;
2405:8100::/32 1;
2a06:98c0::/29 1;
2c0f:f248::/32 1;
}
...
}

server {
...
if ($iscf) {rewrite ^ https://example.com/cfwsorry.php;}
...
}

<?php
header('HTTP/1.1 406 Not Acceptable');
echo <<<CLOUDFLARED
Thank you for visiting ourwebsite.com!<br />
We are sorry, but we can't serve you because your connection is being intercepted by Cloudflare.<br />
Please read https://git.sdf.org/deCloudflare/cloudflare-tor for more information.<br />
CLOUDFLARED;
die();
  • Set up Tor Onion Service or I2P insite if you believe in freedom and welcome anonymous users.

  • Ask for advice from other Clearnet/Tor dual website operators and make anonymous friends!


click me

Software user

  • Discord is using CloudFlare. Alternatives? We recommend Briar (Android), Ricochet (PC), Tox + Tor (Android/PC)

    • Briar includes Tor daemon so you don't have to install Orbot.
    • Qwtch developers, Open Privacy, deleted stop_cloudflare project from their git service without notice.
  • If you use Debian GNU/Linux, or any derivative, subscribe: bug #831835. And if you can, help verify the patch, and help the maintainer come to the right conclusion on whether it should be accepted.

  • Always recommend these browsers.

Name Developer Support Comment
Ungoogled-Chromium Eloston ? PC (Win, Mac, Linux) !Tor
Bromite Bromite ? Android !Tor
Tor Browser Tor Project ? PC (Win, Mac, Linux) Tor
Tor Browser Android Tor Project ? Android Tor
Onion Browser Mike Tigas ? Apple iOS Tor
GNU/Icecat GNU ? PC (Linux)
IceCatMobile GNU ? Android
Iridium Browser Iridium ? PC (Win, Mac, Linux, OpenBSD)

Other software's privacy is imperfect. This doesn't mean Tor browser is "perfect". There is no 100% secure nor 100% private on the internet and technology.

Let's talk about other software's privacy.

Therefore we recommend above table only. Nothing else.


click me

Mozilla Firefox user

  • "Firefox Nightly" will send debug-level information to Mozilla servers without opt-out method.

  • It is possible to prohibit Firefox to connect to Mozilla servers.

    • Mozilla's policy-templates guide
    • Keep in mind this trick might stop working in later version because Mozilla likes to whitelist themselves.
    • Use firewall and DNS filter to block them completely.

"/distribution/policies.json"

"WebsiteFilter": {
  "Block": [
  "*://*.mozilla.com/*",
  "*://*.mozilla.net/*",
  "*://*.mozilla.org/*",
  "*://webcompat.com/*",
  "*://*.firefox.com/*",
  "*://*.thunderbird.net/*",
  "*://*.cloudflare.com/*"
  ]
},
  • Report a bug on mozilla's tracker, telling them not to use Cloudflare. There was a bug report on bugzilla. Many people were posted their concern, however the bug was hidden by the admin in 2018.

  • You can disable DoH in Firefox.

How?

  1. Download Tor and install it on your computer.
  2. Add this line to "torrc" file. DNSPort 127.0.0.1:53
  3. Restart Tor.
  4. Set your computer's DNS server to "127.0.0.1".

click me

Action


Comments

There is always hope in resistance.

Resistance is fertile.

Even some of the darker outcomes comes to be, the very act of resistance trains us to continue to destabilize the dystopic status quo that results.

Resist!
Someday, you'll understand why we wrote this.
There isn't anything futuristic about this. We have already lost.

Now, what did you do today?