0
0
mirror of https://git.sdf.org/deCloudflare/cloudflare-tor synced 2024-12-28 03:59:55 +01:00
anonymous 2018-09-13 10:11:26 -04:00
commit 099312eb79
5 changed files with 112 additions and 64 deletions

View File

@ -1,23 +1,36 @@
# The Great Cloudwall
The Great Cloudwall is [CloudFlare](https://www.cloudflare.com). It is called this in reference to the [Great Firewall of China](http://www.greatfirewallofchina.org/) which does a comparable job of filtering out *some* people from seeing web content(ie everyone in mainland china and some people outside) while at the same time those not affected to see a dratically different web, a web free of censorship of such images as ["tank man"](https://en.wikipedia.org/wiki/Tank_Man). Cloudflare similarly prevents those in southeast asia and elsewhere who have poor internet connectivity from accessing the websites behind it(for example, they could be behind 7+ layers of NAT) unless they solve a CAPTCHA.
"The Great Cloudwall" is [CloudFlare](https://www.cloudflare.com/).
It is called this in reference to the [Great Firewall of China](http://www.greatfirewallofchina.org/) which does a comparable job of filtering out *some* people from seeing web content(ie everyone in mainland china and some people outside) while at the same time those not affected to see a dratically different web, a web free of censorship of such images as ["tank man"](https://en.wikipedia.org/wiki/Tank_Man).
Cloudflare similarly prevents those in southeast asia and elsewhere who have poor internet connectivity from accessing the websites behind it(for example, they could be behind 7+ layers of NAT) unless they solve multiple image CAPTCHAs.
This repository is a list of websites that are behind The Great Cloudwall,
websites who human beings have tried to access and have been [either](merely-using-cloudflare.txt) [blocked](cloudflare-list.txt) [from](cloudflare-tor-hostile-list.txt) or [suspect they will be](cloudflare-tor-hostile-list.txt). Or [Cloudflare's competitors](non-cloudflare-list.txt).
This repository is a list of websites that are behind The Great Cloudwall, and also actively blocking Tor users.
There is more details of why what they are doing is wrong available [here](cloudflare-philosophy.txt).
* [Domains using Cloudflare](cloudflare-list.txt)
* [Hostile to Tor users](cloudflare-tor-hostile-list.txt)
* [Not Cloudflare but other filtering company](non-cloudflare-list.txt)
See [FAQ](FAQ) for Frequently Asked Questions
There are more details of why what they are doing is wrong available [here](cloudflare-philosophy.md).
Also see [Frequently Asked Questions](FAQ).
# What can you do?
* see [list instructions](instructions)
* Add domains you found: [list instructions](instructions)
* See [our list of recommended actions](what-to-do.md).
* see [our list of recommended actions](what-to-do.txt).
There are [other](https://trac.torproject.org/projects/tor/wiki/org/doc/ListOfServicesBlockingTor) [lists](https://github.com/pirate/sites-using-cloudflare), but this one is one where every entry on the list a human being has actually tried
There are other lists, but this one is one where every entry on the list a human being has actually tried
to go to, and has been blocked.
Human is not a robot.
* [List of services blocking Tor](https://trac.torproject.org/projects/tor/wiki/org/doc/ListOfServicesBlockingTor) by Tor project contributors
* [Sites using cloudflare](https://github.com/pirate/sites-using-cloudflare) by pirate
WARNING:
Github.com is hostile to Tor users. If you create an account on Github via Tor, your account will be automatically
flagged for spam and will be deleted. See "List of services blocking Tor" for details.
# Who uses this list?
At least one search engine / searx [instance](http://searxes.danwin1210.me/).
At least one.
* [Searxes](https://searxes.danwin1210.me/) meta-search engine

View File

@ -1,20 +1,16 @@
= Instructions
= Instructions for manual input
If you go to a website that gives you a reCAPTCHA
1) check if the blocked page says "one more step" as the title, and has something like
"Ray ID CloudFlare: 299472c7c9783c1d • Your IP: 178.20.55.16 • Performance & Safety by CloudFlare "
1) If the webpage served you "Attention Required! Cloudflare" webpage
Check if the blocked page says "one more step" as the title, and has something like
"Ray ID CloudFlare: xxxxxxxxxxxxxxx • Your IP: xxx.xxx.xxx.xxx • Performance & Safety by CloudFlare "
at the bottom of the page.
If it does, add to cloudflare-list.txt
(See #6 for format)
If it does, add to "[cloudflare-list.txt](cloudflare-list.txt)". See #6 for format.
2) Some sites use custom page CloudFlare unit.
The only way to detect it is to find CloudFlare JavaScript, or Ray ID as a CAPTCHA in its source code.
@ -50,7 +46,7 @@ Add to cloudflare-tor-hostile-list.txt
it on two, please help keep list accurate by removing it from one of the two
lists.)
domain . The TLD [<- elegant comment (s) ] [ tags ]
{base domain} [<- elegant comment (s) ] [ tags ]
Tags:
@ -64,10 +60,6 @@ For example, free software projects w / ClownFucked web pages can be viewed simi
* CFA(action) = action is one of "boycott", "discouragedonations", "petition", "legalaction" followed by a URL if possible
* INSTANTp = service denial is instant/deferred
* DOSBASIS(basis) = basis is one of "anonymous", "IPregion", "datacenterIP", "residentialIP", "anonymoustor", "anonymousi2p", "anonymousvpn"
* CAPTCHAp = has CAPTCHA
* COMMERCIALp(type) = type is one of "true", "false"

83
what-to-do.md Normal file
View File

@ -0,0 +1,83 @@
##### What you can do to resist Cloudflare?
###### Website consumer
- If the website you like is using Cloudflare, tell them not to use Cloudflare.
> You are just helping corporate censorship and mass surveillance.
> https://trac.torproject.org/projects/tor/ticket/24351
- Try not to use their service. Remember you are being watched by Cloudflare.
- Search for other website. There are many alternatives and opportunites on the internet!
- If your browser is Firefox, use [Block Cloudflare MITM Attack](https://trac.torproject.org/projects/tor/attachment/ticket/24351/block_cloudflare_mitm_attack-1.0.14.1-an%2Bfx.xpi) add-on. Other alternatives are [Third-party Request Blocker](https://searxes.danwin1210.me/collab/tprb0/get_tprb0.php)(can block or notify) and [Detect Cloudflare](https://addons.mozilla.org/en-US/firefox/addon/detect-cloudflare/)(notify only).
- Convince your friends to use [Tor Browser](https://www.torproject.org/) on the daily basis. Anonymity should be the standard of the open internet!
###### Website owner / Web developer
- Do not use Cloudflare solution. You are loser if you fall to that easy solution. You can do better than that, right?
- Install Web Application Firewall (such as OWASP) and Fail2Ban on _your_ server and configure it _properly_.
- Set up [Tor Onion Service](https://www.torproject.org/docs/onion-services.html.en) or I2P insite if you believe in freedom and welcome anonymous users.
- Ask for advice from other [Clearnet/Tor dual website operators](https://trac.torproject.org/projects/tor/wiki/org/projects/WeSupportTor) and make anonymous friends! :)
###### Software user
- If you use Debian GNU/Linux, or any derivative, subscribe to [bug #831835](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=831835). And if you can, help verify the patch, and help the maintainer come to the right conclusion on whether it should be accepted.
- Always recommend [Tor Browser](https://www.torproject.org/) for desktop and [Orfox](https://guardianproject.info/apps/orfox/) for smartphone. Other software's privacy is imperfect. This doesn't mean Tor browser is "perfect". There is no 100% secure nor 100% private on the internet and technology.
Let's talk about _other software's privacy_...
- If you really need to use Firefox, pick "[Firefox ESR](https://www.mozilla.org/en-US/firefox/organizations/)". ESR is developed for company and organizations, thus _some_ spyware code is disabled by default. Portable version is [here](https://portableapps.com/apps/internet/firefox-portable-esr).
- Remember, Mozilla is [using Cloudflare service](https://www.robtex.com/dns-lookup/www.mozilla.org). They're also using [Cloudflare's DNS service on their product](https://www.theregister.co.uk/2018/03/21/mozilla_testing_dns_encryption/) D'oh!
- Mozilla officially [rejected this ticket](https://bugzilla.mozilla.org/show_bug.cgi?id=1426618).
- PaleMoon developer [likes Cloudflare](https://github.com/mozilla-mobile/focus-android/issues/1743#issuecomment-345993097).
- Chrome is a [spyware](https://www.gnu.org/proprietary/malware-google.en.html).
###### Action
- Tell others around you about the dangers of Cloudflare. But don't talk with NSA employee; you'll be _definitely_ marked... just kidding!
- Help improve this repository, both the lists, the arguments against it and the details.
- Document and make very public where things go wrong with Cloudflare (and similar companies), making sure to mention this repository when you do so
- Get more people using Tor by default so they can experience the web from the perspective of different parts of the world.
- Start groups, in social media and meatspace, dedicated to liberating the world from Cloudflare.
- Where appropriate, link to these groups on this repository - this can be a place for coordinating working together as groups.
- Start a coop that can provide a meaningful non corporate alternative to Cloudflare.
- Let us know of any alternatives to help at least provide multiple layered defence against Cloudflare.
- Try using [globalist](globalist.txt) to maintain this list.
- If you are in the **United States of America** and the website in question is a bank or an accountant, try to bring legal pressure under the [GrammLeachBliley Act](https://en.wikipedia.org/wiki/Gramm%E2%80%93Leach%E2%80%93Bliley_Act) and report back to us how far you get.
- If the website is a government site, try to bring legal pressure under the [1st Amendment of the US Constitution](https://en.wikipedia.org/wiki/First_Amendment_to_the_United_States_Constitution).
- If you are EU citizen, contact the website to send your personal information under the [General Data Protection Regulation](https://en.wikipedia.org/wiki/General_Data_Protection_Regulation). If they refuse to give you your information, that's a violation of the law.
- For companies that claim to _offer service on their website_ try reporting them as "_false advertising_" to consumer protection organizations and BBB. Cloudflare websites are served by Cloudflare servers.

View File

@ -1,40 +0,0 @@
* see [list instructions](instructions)
* If you use Debian GNU/Linux, or any derivative, subscribe to bug #831835 ( https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=831835 ), help verify the patch, and help the maintainer come to the right conclusion on whether it should be accepted.
* If you use one of the websites on this list, contact the webmasters if you still can, and tell them not to use Cloudflare.
* If they can't leave CloudFlare(perhaps they are merely tech support at the website, and management has decreed that Cloudflare MUST be used) get them to exercise option to whitelist Tor without changing to the "basic level of security" within Cloudflare's options. CloudFlare customers can use this tool(?) to whitelist tor. Advise them, however, that using CloudFlare(or any Cloudflare-like competitors, see [philosophy](cloudflare-philosophy.txt) and [non-cloudflare list](non-cloudflare-list.txt) ) exposes readers/viewers/customers to a giant supplier MitM. This is a questionable practice, regardless of whitelists.
* Tell others around you about the dangers of Cloudflare.
* Help improve this repository, both the lists, the arguments against it and the details
* Document and make very public where things go wrong with Cloudflare (and similar companies), making sure to mention this repository when you do so
* Get more people using Tor by default so they can experience the web from the perspective of different parts of the world.
* Start groups, in social media and meatspace, dedicated to liberating the world from Cloudflare.
* Where appropriate, link to these groups on this repository - this can be a place for coordinating working together as groups
* Start a coop that can provide a meaningful non corporate alternative to Cloudflare
* let us know of any alternatives to help at least provide multiple layered defence against Cloudflare
* Try using [globalist](globalist.txt) to maintain this list!
* If you are in the United States of America
** If the website is a bank or an accountant
*** try to bring legal pressure under the GrammLeachBliley Act https://en.wikipedia.org/wiki/Gramm%E2%80%93Leach%E2%80%93Bliley_Act and report back to us
how far you get
** if the website is a government site
*** try to bring legal pressure under the 1st Amendment of the US Constitution
* For companies that claim to offer service on their website try reporting them as "false advertising" to consumer protection organizations and BBB