13 KiB
👋 Non-English versions
Ethical Issues
"Don't support this company which is void of ethics"
"Your company isn't trustworthy. You claim to enforce DMCA but have many lawsuits for not doing so."
"They only censor those who question their ethics."
"I guess the truth is inconvenient and better hidden from public view." -- phyzonloop
_click me_
CloudFlare spams people
Cloudflare is sending spam emails to non-Cloudflare users.
- Only send emails to subscribers who’ve opted in
- When the user say "stop", then stop sending email
It's that simple. But Cloudflare doesn't care. Cloudflare said using their service can stop all spammers or attackers. How can we stop Cloudflare spammers without activating Cloudflare?
🖼 | 🖼 |
---|---|
_click me_
Remove user's review
Cloudflare censor negative reviews. If you post anti-Cloudflare text on Twitter, you have a chance to get a reply from Cloudflare employee with "No, it's not" message. If you post a negative review on any review site, they will try to censor it.
🖼 | 🖼 |
---|---|
_click me_
Share user's private information
Cloudflare has a massive harassment problem. Cloudflare shares personal information of those who complain about hosted sites. They sometimes ask you to provide your true ID. If you don't want to get harassed, assaulted, swatted or killed, you better stay away from Cloudflared websites.
🖼 | 🖼 |
---|---|
_click me_
Corporate solicitation of charitable contributions
CloudFlare is asking for charitable contributions. It’s quite appalling that an American corporation would ask for charity alongside non-profit organizations that have good causes. If you like blocking people or wasting other people's time, you might want to order some pizzas🍕 for Cloudflare employees.
_click me_
Terminating sites
What will you do if your site goes down suddenly? There are reports that Cloudflare is deleting user's configuration or stopping service without any warning, silently. We suggest you find better provider.
_click me_
Browser vendor discrimination
CloudFlare gives preferential treatment to those using Firefox while giving hostile treatment to users of non-Tor-Browser over Tor. Tor users of who rightfully refuse to execute non-free javascript also receive hostile treatment. This access inequality is a network neutrality abuse and an abuse of power.
- Left:
Tor Browser
, Right:Chrome
. Same IP address.
- Left:
[Tor Browser] Javascript Disabled, Cookie Enabled
- Right:
[Chrome] Javascript Enabled, Cookie Disabled
- QuteBrowser(minor browser) without Tor (Clearnet IP)
Browser | Access treatment |
---|---|
Tor Browser (Javascript enabled) | access permitted |
Firefox (Javascript enabled) | access degraded |
Chromium (Javascript enabled) | access degraded (pushes Google reCAPTCHA) |
Chromium or Firefox (Javascript disabled) | access denied (pushes broken Google reCAPTCHA) |
Chromium or Firefox (Cookie disabled) | access denied |
QuteBrowser | access denied |
lynx | access denied |
w3m | access denied |
wget | access denied |
"Why not use Audio button to solve easy challenge?"
Yes, there is an audio button, but it always doesn't work over Tor. You will get this message when you click it:
Try again later
Your computer or network may be sending automated queries.
To protect our users, we can't process your request right now.
For more details visit our help page
_click me_
Voter suppression
Voters in US states register to vote ultimately through the state secretary's website in the state of their residence. Republican-controlled state secretary offices engage in voter suppression by proxying the state secretary's website through Cloudflare. Cloudflare's hostile treatment of Tor users, its MITM position as a centralized global point of surveillance, and its detrimental role overall makes prospective voters reluctant to register. Liberals in particular tend to embrace privacy. Voter registration forms collect sensitive information about a voter's political leaning, personal physical address, social security number, and date of birth. Most states only make a subset of that information publicly available, but Cloudflare sees all that information when someone registers to vote.
Note that paper registration does not circumvent Cloudflare because the secretary of state data entry staff workers will likely use the Cloudflare website to enter the data.
🖼 | 🖼 |
---|---|
- Change.org is a famous website for gathering votes and take action. "people everywhere are starting campaigns, mobilizing supporters, and working with decision makers to drive solutions." Unfortunately, many people cannot view change.org at all due to Cloudflare's aggressive filter. They are being blocked from signing the petition, thus excluding them from a democratic process. Using other non-cloudflared platform such as OpenPetition helps remedy the problem.
🖼 | 🖼 |
---|---|
- Cloudflare's "Athenian Project" offers free enterprise-level protection to state and local election websites. They said "their constituents can access election information and voter registration" but this is a lie because many people just can't browse the site at all.
_click me_
Ignoring user's preference
If you opt-out something, you expect that you receive no email about it. Cloudflare ignore user's preference and share data with third-party corporations without customer's consent. If you're using their free plan, they sometimes send email to you asking to buy monthly subscription.
_click me_
Lying about deleting user's data
According to this ex-cloudflare customer's blog, Cloudflare is lying about deleting accounts. Nowadays, many companies keep your data after you've closed or removed your account. Most of good companies do mention about it in their privacy policy. Cloudflare? No.
2019-08-05 CloudFlare sent me confirmation that they'd removed my account.
2019-10-02 I received an email from CloudFlare "because I am a customer"
Cloudflare didn't know about the word "remove". If it is really removed, why this ex-customer got an email? He also mentioned that Cloudflare's privacy policy doesn't mention about it.
Their new privacy policy doesn't make any mention of retaining data for a year.
How can you trust Cloudflare if their privacy policy is a LIE?
_click me_
Keep your personal information
Deleting Cloudflare account is hard level.
Submit a support ticket using the "Account" category,
and request account deletion in the message body.
You must have no domains or credit cards attached to your account prior to requesting deletion.
You will receive this confirmation email.
"We have begun to process your deletion request" but "We will continue to store your personal information".
Can you "trust" this?
Other information
- Joseph Sullivan (Cloudflare CSO)
Sullivan not only allegedly hid the breach from authorities, but also concealed it from many other Uber employees, including top management — with one exception. According to the complaint, Uber's CEO at the time, Travis Kalanick, knew about the incident and about the steps Sullivan took to allegedly cover it up, including making the $100,000 payout under Uber's "bug bounty" program.