learningChem
Hazard to Others
Posts: 182
Registered: 21-7-2011
Member Is Offline
Mood: No Mood
|
|
cloudflare
I see that now the forum is behind cloudflare, which is pretty horrible for users privacy.
|
|
aga
Forum Drunkard
Posts: 7030
Registered: 25-3-2014
Member Is Offline
|
|
what's cloudflare ?
i was hoping it was some sort of amazing pyro effect.
|
|
learningChem
Hazard to Others
Posts: 182
Registered: 21-7-2011
Member Is Offline
Mood: No Mood
|
|
Hey aga, I think I saw a thread where you mentioned you work for an ISP or something like that? And you don't know what cloudflare is? (and are
unable to research it either?)
|
|
aga
Forum Drunkard
Posts: 7030
Registered: 25-3-2014
Member Is Offline
|
|
Couldn't be arsed to work out what you meant, seeing as you couldnt be arsed giving even a hint.
Yes, i'm an ISP, who provides connectivity.
I could not care less about the zillion new services appearing every week, as that all happens on top of what i do, and is not intrinsic to it.
Funnily enough gdax.com just stopped working and came up with an error:
"Cloudflare Ray ID: 3cbabcc2dab754b6 • Your IP: 81.37.xx.xx • Performance & security by Cloudflare"
Well, at this moment there is no Prformance at all, as it does not work.
Probably a huge sell-off happening, which fills me with Insecurity seeing as i can't take advantage of it.
The Real Network from me in the middle of nowhere all the way to states is all working fine, so perhaps Cloudflare is a bag of shite after all.
|
|
learningChem
Hazard to Others
Posts: 182
Registered: 21-7-2011
Member Is Offline
Mood: No Mood
|
|
cloudflare isn't new - they control a sizable amount of internet infrastructure and one of their main 'services' is MITMing and destroying SSL
security. And as you see exchanges are stupid enough to use them.
'Serious Bug Exposes Sensitive Data From Millions Sites Sitting Behind CloudFlare"
https://thehackernews.com/2017/02/cloudflare-vulnerability.h...
|
|
NEMO-Chemistry
International Hazard
Posts: 1559
Registered: 29-5-2016
Location: UK
Member Is Offline
Mood: No Mood
|
|
I refuse to put my site behind cloudflare, but alot of shared hosts insist now. Not too many sites not on cloudflare, i always assumed you gained a
speed advantage, but trying it on one server i saw no increase at all. I also dislike the idea of everything being on the cloud.
I was amazed to hear, Amazon actually make most of their profit from hiring out there cloud services to other companies.
|
|
JJay
International Hazard
Posts: 3440
Registered: 15-10-2015
Member Is Offline
|
|
Amazon is in a rather strange niche, being the #1 cloud services provider and the #1 online retailer. They dominate the cloud services industry so
much that other cloud providers use them for hosting.
If you're super concerned about CloudFlare (and there definitely are real privacy concerns), use Tor. You'll also need a heavy-duty adblocker.
I spend pretty much all day every day running Chrome in Developer mode, and I kind of like CloudFlare actually, but I can see how it could cause
problems for a lot of people....
[Edited on 12-12-2017 by JJay]
|
|
learningChem
Hazard to Others
Posts: 182
Registered: 21-7-2011
Member Is Offline
Mood: No Mood
|
|
Well cloudflare is pretty hostile to tor. Most sites behind cloudflare can't be accessed via tor unless you run their javascript 'validation' code or
tracking malware. And of course cloudflare is in a perfect possition to do traffic analysis attacks against tor.
[Edited on 12-12-2017 by learningChem]
|
|
JJay
International Hazard
Posts: 3440
Registered: 15-10-2015
Member Is Offline
|
|
Most sites behind Cloudflare actually can be accessed by Tor unless the site administrator is hostile to Tor... Cloudflare simply defines Tor as a
country. It can be blocked by site policy but that has to be configured explicitly.
|
|
learningChem
Hazard to Others
Posts: 182
Registered: 21-7-2011
Member Is Offline
Mood: No Mood
|
|
Like I said they can be accessed IF you run malware from cloudflare. I realize it's possible for site owners to set a more sane policy but many don't,
All in all cloudflare should be boycotted to death.
|
|
JJay
International Hazard
Posts: 3440
Registered: 15-10-2015
Member Is Offline
|
|
If a particular Tor exit node has been flagged by CloudFlare as a source of abuse, you may have to enter a CAPTCHA when using it. I've never really
looked at the specifics of what tracking CloudFlare does because I simply do not care, but if you're doing illegal things and don't know what you're
doing or make mistakes, Big Cloud will take notice.
|
|
learningChem
Hazard to Others
Posts: 182
Registered: 21-7-2011
Member Is Offline
Mood: No Mood
|
|
Tolerance for pervasive surveillance by cloudflare is something I find odd. Also I don't see how this bit "if you're doing illegal things" came
into the picture? The point. here is users privacy and presumption of innocence.. If anything, cloudflare is engaging in illegal surveillance.
[Edited on 12-12-2017 by learningChem]
|
|
JJay
International Hazard
Posts: 3440
Registered: 15-10-2015
Member Is Offline
|
|
Ok, first off, I'm not sure what makes you think I tolerate it.
I don't mean to come off as though I'm arguing in favor of Cloudflare's ability to see what sites you're visiting, but I know better than to believe
that I have to run malware on my machine to access services behind Cloudflare if I use Tor (I was a very early Tor user and do use it occasionally for
lawful and wholesome purposes such as Tor activism). If you don't understand that referring to a piece of Javascript tracking code as "malware" is
hyperbole and distortion, you lack the baseline level of rationality required to have a productive discussion on this topic. Threatening to "boycott"
sites that use CloudFlare (e.g. this one) is not going to make CloudFlare go away, nor will it gain you the respect of your peers.
And as far as pervasive surveillance goes, Cloudflare is not nearly as bad as Google, and Firefox sends every url you visit to a mysterious
third-party server, purportedly for some kind of anti-malware purposes. There are simply bigger fish to fry.
[Edited on 12-12-2017 by JJay]
|
|
learningChem
Hazard to Others
Posts: 182
Registered: 21-7-2011
Member Is Offline
Mood: No Mood
|
|
I know what tracking scripts are and I think it's OK to classify them as malware. You are free to say that's hyperbole. And I am free dsiagree with
your characterization.
Quote: | Threatening to "boycott" sites that use CloudFlare (e.g. this one) |
Except I never said that. I said *cloudflare* should be boycotted which means sites shouldn't be using it. So maybe before commenting on my
rationality you should read more carefully?
As to google and firefox of course they are yet another threat. Google is bigger than cloudflare but if you don't run their malware, sorry, "tracking
application", they don't deny access to content. Also google can't do MITM attacks like cloudflare can
https://info.ssl.com/the-real-cost-of-a-cloudflare-free-ssl-...
https://www.troyhunt.com/cloudflare-ssl-and-unhealthy-securi...
(ps: I certainly don't mean to come off as defending google =) )
[Edited on 12-12-2017 by learningChem]
|
|
aga
Forum Drunkard
Posts: 7030
Registered: 25-3-2014
Member Is Offline
|
|
LOL.
Did anyone think anything they do on the internet is in any way truly 'private' ?
Hahahahahaha.
That must be a joke no ? Must be, surely.
With even the slightest grasp of how it all works, application/routing kinda things like Tor, or cookie-based Ad tracking like CloudSnare etc. are
irrelevant. Ignorance truly is Bliss.
Surely nobody has any faith in Tor or a VPN or IP masking as actual 'anonimity' in any real sense.
If so, well, just keep worrying about CloudScare and remain content that you do not know anything about the rest of it.
|
|
JJay
International Hazard
Posts: 3440
Registered: 15-10-2015
Member Is Offline
|
|
I'm pretty darn sure that the three-letter agencies can often decloak Tor users if they are determined to do so. If you want to be truly anonymous,
leave your cell phone at home and use public wifi with a modified MAC address from the inside of your van without ever showing your face or your
license plate. But bear in mind that surveillance cameras are everywhere, even outdoors, and most business owners would be more than happy to help out
the CIA/FBI/NSA/DEA/ATF/DOD/DHS/EPA/IBM when they stop by and politely ask if they can see the footage, so if people get upset, they will find you.
|
|
learningChem
Hazard to Others
Posts: 182
Registered: 21-7-2011
Member Is Offline
Mood: No Mood
|
|
Quote: | surveillance cameras are everywhere |
Oh yeah. The fascist police state get more entrenched by the hour.
[Edited on 13-12-2017 by learningChem]
|
|
NEMO-Chemistry
International Hazard
Posts: 1559
Registered: 29-5-2016
Location: UK
Member Is Offline
Mood: No Mood
|
|
The assumption seems to be this is all done out of ill intent, the fact is knowledge is power, and power is money! Simples.
The more google knows, the more it can sell and the more products it can put out. Google are the first to know where any size outbreak of flue occurs.
They dont care what you do, what they want is to know how to get stuff in front of you.
3 letter agencies can and do take advantage, but if it wasnt the net, it would be your post if needed.
As for cameras, the UK has more cameras per capita than all other nations lumped together. But your not being watched, that would be a good thing. It
was sold as safety, you will be watched and before you even realize your in trouble, we will have help on its way to you.
The reality though is, you get mugged or murdered, all on film and nicely captured. But no one was watching, instead it saves alot of man power, just
go pick up the dead body and grab the film to see who did it. Crime solved and figures looking better already!
How many times have we in the UK heard... The rate of detection is increasing, even if it seems base line crime is up?
So it isnt snooping, its plain and simple economics in both the cloud/net and cameras. Makes me laugh that people think they important enough to
watch!!
Thousands of terrorists on lists, only a fraction are actively watched. And yet we worry that the little things we do might get us trouble. I really
dont think anyone here matters enough to be watched, myself included but i am one the most paranoid.
The other point is, you dont like how the net is, unplug your router and take up knitting.
[Edited on 13-12-2017 by NEMO-Chemistry]
|
|
learningChem
Hazard to Others
Posts: 182
Registered: 21-7-2011
Member Is Offline
Mood: No Mood
|
|
Not sure what point you are making but you are wrong regarding who the targets of surveillance are. The targets are ordinary people. I'll let you
figure out why.
You are wrong about google as well. It is not just economics.
|
|