Cf only acts as a mitm for encrypted traffic if you choose it in the options. If you provide your own cert then they can’t decrypt anything.
this post was submitted on 26 Dec 2023
30 points (100.0% liked)
Privacy
22 readers
1 users here now
Privacy is the ability for an individual or group to seclude themselves or information about themselves, and thereby express themselves selectively.
Rules
- Don't do unto others what you don't want done unto you.
- No Porn, Gore, or NSFW content. Instant Ban.
- No Spamming, Trolling or Unsolicited Ads. Instant Ban.
- Stay on topic in a community. Please reach out to an admin to create a new community.
founded 2 years ago
MODERATORS
Cf only acts as a mitm for encrypted traffic if you choose it in the options. If you provide your own cert then they can’t decrypt anything.
That’s really misleading. Most admins use Cloudflare’s gratis service and they use CF to handle the traffic load. This is only possible if CF has the private key and sees the traffic. If CF cannot see the traffic, it must pass it all through to the source webserver which defeats the purpose of using CF.
Most importantly, users have no way of knowing whether a web service opts to use their own key or CFs key. It’s impossible. So wise users have no choice but to assume the worst case (which is also the strong majority of cases): that CF sees the traffic.
load more comments
(1 replies)
What's your threat model? Adjust accordingly.
The situation is, what it is, but there's a wide range of actions one can take that fall between the two poles of do nothing and burn all internet enabled devices.
Forget about threat model. It's becoming increasingly an irrelevant concept, as we reach total globalization and centralisation of all of these global companies.
It's frustrating, but it could be addressed by the EU members just like how they always have blew up Google so many times on so many occasions by suing them millions of dollars.
Has avoiding Cloudflare become Impossible?
Mostly, yes. But let’s break this down. Cloudflare only breaks web services and so far Cloudflare’s privacy abuses and gate-keeping is mostly confined to the web. Avoiding Cloudflare is impossible in some circumstances.
CFd government sites are unavoidable (voting rights lost in the US)
The only Cloudflare sites that are strictly unavoidable AFAICT are government sites. You can always boycott the private sector, but the public sector is shoved down our throats. There are 6 or so states in the US where voter registration goes through Cloudflare. Even if you register on paper there is still no escape because the data entry worker likely uses the Cloudflare site. I am a non-voter for this reason. Although it’s still possible to move to one of the 44 other states and register there.
CFd medical websites
See How lack of digital rights, Cloudflare, and Google worsened a medical emergency situation and undermined human rights. When you need medical info in a hurry, boycotting is tough.
search is liberated -- but only by 1 single search service to date
There is only one general purpose search service that helps avoid Cloudflare: Ombrelo, which tags and down-ranks Cloudflare websites in the results.
Stupid Question:
How do I find out if a website I use is hosted over cloudflare? The noscipt javascript blocker extension shows in some cases I blocked some cloudflare javascript. For example on the lemmy.world instance it shows a script labeled "cloudflareinsights.com" that I block. That apparently provides visitor analytics
According to them on insights:
Our edge sees all requests made to a website, regardless of whether it’s cached or uncached, the user has adblock, or they turned off JavaScript. This enables us to [....]
On other sites it shows a "confirm you are human" check-box labeled with the cloudflare brand (if I activate javascript for that site) -- according to cloudflare wikipedia that service is known as Cloudflare Turnstile. This is how I currently see if cloudflare is involved.
Another interesting thing I noticed on stackoverflow is email protected which confirms to me stackexchange also uses cloudflare somehow.
I guess you could detect a Reverse Proxy by cloudflare based on its IP-Adress ~ but I do not really know how to look that up perhaps the following stack overflow answer might help using the tools nslookup and whois... Any other hints on this?
nslookup www.monero.town
whois -h whois.arin.net n | egrep 'Organization'
Even my proposed solution to use archive.org as a proxy is not a valid solution since I found out today that archive.org is also hosted behind Cloudflare…
Yikes! Can you give more detail? I’ve used archive.org quite heavily for years (it’s the only practical universal escape from Cloudflare). The IP address is not in Cloudflare’s range. But recently Cloudflare as started hiding its own presence by outsourcing to 3rd parties. It’s a vast minority of cases but this could obviously worsen. Is archive.org using CF through one of the undisclosed 3rd parties? A couple years ago archive.org announced a disturbing partnership with CF but did not disclose the details.
Upon further investigation, I mistook original cloudflare headers that were passed through with x-archive-orig-* as an indication that archive.org was behind cloudflare. my mistake. I have edited the original post.
VPN. Tor. Those are basic tools for relative anonymity.