Say no to Cloudflare

Topics

Say no to Cloudflare

What is Cloudflare?

What is Cloudflare?

A cloud which is filled with flares. The cloud has the same shape as the Cloudflare logo. There is a big red cross through the logo.

Say no to Flarecloud logo By Robin Wils - Public Domain licensed.

Cloudflare means: Cloudflare is a content delivery network, which means that it has different servers in different locations so that the websites which use Cloudflare are supposed to be better reachable, thus faster in different countries.

Cloudflare is not just a content delivery network though. Cloudflare is also a reverse proxy (= a middleman between the user and a website), DDoS mitigation service (= a service which tries to resist or make the impact of a DDoS attack less painful).

Cloudflare is even more as that.
Many websites are a part of the Cloudflare content delivery network.

In easy words: Cloudflare claims to try to make sites faster and more secure. It is a service which a lot of websites use.

Sounds pretty nice, right?
Privacy

Privacy

Do you want to disallow the people who need and deserve privacy from using your website?

Great! Use Cloudflare!

Tor

Many Cloudflare sites usually block Tor. Cloudflare does not provide you anonymity if it does not block Tor. If Cloudflare really cares about security, then they should let people use Tor since Tor is made for security.

They technically don't block Tor access, but the reCAPTCHAs don't function correctly, which can make it very hard to visit a Cloudflare site through Tor.

Source: The Trouble with Cloudflare - Tor Blog WARNING this site contains proprietary or unlicensed JS!

Reverse proxy

A reverse proxy acts as a man-in-the-middle, which means that it might spy on everything which your users do. Cloudflare is a reverse proxy.

Google CAPTCHAs

Not all sites with Cloudflare use CAPTCHAs, but many do. CAPTCHAs are the things which try to check if you are "human".

It probably also sends your personal data to Google since it uses the CAPTCHA from Google, which probably does more than just checking if you are a robot.

Funny fact, there are actually computer programs (robots) that can solve CAPTCHAs.

Source: No CAPTCHA reCaptcha challenge WARNING this site contains proprietary or unlicensed JS!

Buster is a browser extension which can solve reCaptchas. CAPTCHAs can be solved by clicking on the extension button at the bottom of the reCAPTCHA widget.

License: GPLv3

Project Honey Pot

Project Honey Pot is a project which collects a lot of user data and much of that data is from innocent users who deserve privacy.

Cloudflare was created by people who worked on that project.

Cloudflare has leaked private user data before, so it has something in common with "Project Honey Pot".

Firefox and Cloudflare

Mozilla (Firefox) has partnered up with Cloudflare and will resolve the domain names from the application itself via a DNS server from Cloudflare. Cloudflare will then be able to read everyone's DNS requests.

You can disable it in "about:config". The string value of "network.trr.uri" should be empty. Some other settings can also contain Cloudflare URLs, so it is recommended to search for "cloudflare". GNU Icecat and older Firefox versions are not affected yet.

The about:config page which shows the Cloudflare DNS address in the network.trr.uri string.

(Screenshot) The Firefox about:config Cloudflare DNS settings By Robin Wils - Public Domain licensed.

Keep in mind that the configured DNS resolver of your computer also might be Cloudflare DNS. You can find many guides on the internet about setting the DNS nameservers.

I personally recommend the Quad9 DNS resolver. Some of their DNS nameservers use DNSSEC, which means that your DNS queries aren't in plain text. This means that it provides you extra privacy. Quad9 is a nonprofit organisation. I think that they are trustworthy.

GNU+Linux has a /etc/resolv.conf file, but programs like wicd and NetworkManager change these settings. Those programs usually have a settings menu to set the DNS nameservers.

Think about your visitors

Think about your visitors

Do you hate websites which care about your experience?

In other words, would you visit a website which forces you to solve a timewasting annoying puzzle before you can actually access it?

Great! Use Cloudflare!

Your users matter

Every visitor helps. Think about their experience.

You wouldn't like to solve a CAPTCHA on every website which you visit, would you?

What about not getting access to a website at all, is that better?

Cloudflare makes your site slower

You love slow sites, right?

Well, what can I say? Cloudflare is for you!

Cloudflare can make your website response times longer. I am not sure why this happens, but many users tend to complain about this. These complains might be incorrect.

Even if these complaints are incorrect, what does Cloudflare actually provide for you? Does it actually solve a problem which you have?

Tor matters

Some people think that only criminals use Tor, but that is incorrect. In fact, many Tor users use Tor for extra security or/and as a VPN. They also browse normal sites through Tor.

I use Tor as VPN on GNU Icecat when I am not in college. I don't even browse ".onion" links, since I am not interested in that side of the web. I am not a criminal.

Keep in mind that not all ".onion" websites are illegal. Even services like Facebook (proprietary social media), DuckDuckGo (Search engine, the core of this search engine is proprietary), Protonmail (webmail, the mobile app is proprietary) and many others have completely legal ".onion" links available.

Source: 7 Things You Should Know About Tor - EFF

Source: Who uses Tor? WARNING this site contains proprietary or unlicensed JS!

What can you do?

What can you do?

Honestly, that is a really good question.

It is probably not easy to not use any sites which are served by Cloudflare and this might be a huge privacy issue. We can do some things though.

Extensions

There are many extensions against Cloudflare. I personally recommend the Cloud Firewall add-on.

Cloud Firewall

Protection, secure, shield icon, this is the current Cloud Firewall logo By Isaac Grant - CC BY 3.0 licensed.

Cloud Firewall allows users to toggle blocking ON or OFF for allowing your browser to connect to web pages and web resources (like images, videos) hosted on popular top clouds/companies (including Cloudflare). Cloud Firewall has a whitelisting option.

License: GPLv3

Programs which I wrote

I wrote a simple bash script which can be used to block or unblock the Cloudflare IPs from iptables. This script was made for GNU+Linux operating systems. I wrote this before I knew about the Cloud Firewall add-on.

I started writing an add-on which can be used to block Cloudflare. I discontinued the project when I heard about the Cloud Firewall add-on.

Tell other people about the danger of Cloudflare

You can ask websites to not use Cloudflare. Please do so in a respectful way. Mentioning why Cloudflare is not the best option might help.

You could write an article or share articles with other people.

Feel free to use the "Say no to Flarecloud" image which I created. It is public domain licensed so you can use it for any purpose, there are no restrictions.

Knowing this, also changed me

Removing Matrix

Matrix.org apparently also uses Cloudflare, so I decided to remove my matrix account after writing this article. I don't see it as something which offers you privacy if it decides to use Cloudflare.

Fediverse issues

Avoiding all Cloudflare sites is probably not easy, but I will do what I can. The content on the Fediverse can be served by Cloudflare, but it only serves the content of other instances which use Cloudflare through Cloudflare.

I will still use the Fediverse. I find it a shame that Cloudflare exists. The problem is even bigger as I expected.

I use the Cloud Firewall add-on, which means that I can't see the pictures and some other media when I am using Mastodon or Pleroma.

Even more reasons

The CrimeFlarE repository

The following git repository contains more reasons and links to articles of other people. I highly recommend checking it out.

Cloudflare article.txt from the crimeflare/cloudflare-tor repository

Share: