Merge branch 'master' of mia01/cloudflare-tor into master

This commit is contained in:
Jeff Cliff 2019-02-24 07:56:47 +00:00 committed by Gogs
commit 966f33d73e
4 changed files with 55 additions and 29 deletions

17
NEWS.md
View File

@ -1,6 +1,17 @@
*2019.02.24*
```
"Sites that respect their visitors do not resort to Cloudflare."
"In some cases, for particular countries, having all traffic visible
to the U.S.A can be a matter of life and death."
```
http://techrights.org/2019/02/17/the-cloudflare-trap/
*2019.02.21* *2019.02.21*
CF defaults to HTTP connections for its customers * CF defaults to HTTP connections for its customers
https://g0v.social/@sheogorath/101404226960335320 https://g0v.social/@sheogorath/101404226960335320
*2019.02.14* *2019.02.14*
@ -11,19 +22,15 @@ https://searxes.danwin1210.me/
*2019.02.08* *2019.02.08*
* well written post, along with some causes for action in privacytools.io * well written post, along with some causes for action in privacytools.io
https://github.com/privacytoolsIO/privacytools.io/issues/374#issuecomment-460077544 https://github.com/privacytoolsIO/privacytools.io/issues/374#issuecomment-460077544
* another privacytools.io thread * another privacytools.io thread
https://github.com/privacytoolsIO/privacytools.io/issues/711 https://github.com/privacytoolsIO/privacytools.io/issues/711
* Cryptome on CF's ability to deanonymize (2016) * Cryptome on CF's ability to deanonymize (2016)
https://cryptome.org/2016/07/cloudflare-de-anons-tor.htm https://cryptome.org/2016/07/cloudflare-de-anons-tor.htm
* bug report issued in wire webapp * bug report issued in wire webapp
https://github.com/wireapp/wire-webapp/issues/5716 https://github.com/wireapp/wire-webapp/issues/5716
*2019.02.01* *2019.02.01*

View File

@ -1,6 +1,6 @@
# The Great Cloudwall # The Great Cloudwall
"The Great Cloudwall" is [CloudFlare](https://www.cloudflare.com/), the world's largest MITM proxy([reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy)). "The Great Cloudwall" is [CloudFlare](https://www.cloudflare.com/), the world's [largest](https://w3techs.com/technologies/history_overview/proxy) MITM proxy([reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy)).
![](image/cloudflaredearuser.png) ![](image/cloudflaredearuser.png)
@ -14,10 +14,16 @@ Cloudflare similarly prevents those in southeast asia and elsewhere who have poo
This repository is a list of websites that are behind The Great Cloudwall, and also actively blocking Tor users. This repository is a list of websites that are behind The Great Cloudwall, and also actively blocking Tor users.
* List: [Domains using Cloudflare](splits/)
* List: [Non-Cloudflare but filtering/blocking tor users](https://notabug.org/themusicgod1/non-cloudflare-tor-hostile) List
* Info: [Block Global Active Adversary Cloudflare](https://trac.torproject.org/projects/tor/ticket/24351) * [Domains using Cloudflare](split/)
* Info: [Problem with CloudFlare](https://github.com/privacytoolsIO/privacytools.io/issues/374#issuecomment-460077544) * [Non-Cloudflare but filtering/blocking tor users](https://notabug.org/themusicgod1/non-cloudflare-tor-hostile)
Information
* [Padlock icon indicates a secure SSL connection established w MitM-ed](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=831835)
* [Block Global Active Adversary Cloudflare](https://trac.torproject.org/projects/tor/ticket/24351)
* [Problem with CloudFlare](https://github.com/privacytoolsIO/privacytools.io/issues/374#issuecomment-460077544)
There are more details of why what they are doing is wrong available [here](cloudflare-philosophy.md). There are more details of why what they are doing is wrong available [here](cloudflare-philosophy.md).
Also see [Frequently Asked Questions](faq.md). Also see [Frequently Asked Questions](faq.md).
@ -27,7 +33,7 @@ Also see [Frequently Asked Questions](faq.md).
# What can you do? # What can you do?
* See [our list of recommended actions](what-to-do.md) and share it with your friends * Read [our list of recommended actions](what-to-do.md) and share it with your friends
* Update the Cloudflare domain list: [List instructions](instructions.md) * Update the Cloudflare domain list: [List instructions](instructions.md)
* Add WTF-Cloudflare news to [NEWS.md](NEWS.md) * Add WTF-Cloudflare news to [NEWS.md](NEWS.md)
* Search something on [Searxes](https://searxes.danwin1210.me/) (this will help collecting Searxes' "MITM domains") * Search something on [Searxes](https://searxes.danwin1210.me/) (this will help collecting Searxes' "MITM domains")
@ -43,7 +49,7 @@ Human is not a robot.
* [Sites using cloudflare](https://github.com/pirate/sites-using-cloudflare) by pirate * [Sites using cloudflare](https://github.com/pirate/sites-using-cloudflare) by pirate
WARNING: WARNING:
Github.com is hostile to Tor users. If you create an account on Github via Tor, your account will be automatically Github.com is very hostile to Tor users. If you create an account on Github via Tor, your account will be automatically
flagged for spam and will be deleted. See "List of services blocking Tor" for details. flagged for spam and will be deleted. See "List of services blocking Tor" for details.
# Who uses this list? # Who uses this list?

BIN
image/anonexist.jpg Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 35 KiB

View File

@ -1,9 +1,10 @@
# What you can do to resist Cloudflare? # What you can do to resist Cloudflare?
![](image/matthew_prince.jpg) ![](image/matthew_prince.jpg) < [Matthew Prince (@eastdakota)](https://twitter.com/eastdakota)
"*Id suggest this was armchair analysis by kids its hard to take seriously.*" ([source](https://www.theguardian.com/technology/2015/nov/19/cloudflare-accused-by-anonymous-helping-isis))
------------
###### Website consumer ###### Website consumer
@ -31,7 +32,7 @@ I refuse to share data with you if you continue to feed my data to Cloudflare.
See https://notabug.org/themusicgod1/cloudflare-tor/src/master/README.md See https://notabug.org/themusicgod1/cloudflare-tor/src/master/README.md
``` ```
For example, [Liberland](https://archive.is/daKIr) [privacy policy](https://docsend.com/view/feiwyte) says: For example, [Liberland Jobs](https://archive.is/daKIr) [privacy policy](https://docsend.com/view/feiwyte) says:
![](image/cfwontobey.jpg) ![](image/cfwontobey.jpg)
@ -39,14 +40,17 @@ For example, [Liberland](https://archive.is/daKIr) [privacy policy](https://docs
Cloudflare have their own "privacy policy", and there's no way to hear customer's privacy policy needs. Cloudflare have their own "privacy policy", and there's no way to hear customer's privacy policy needs.
Cloudflare [loves doxxing people](https://www.reddit.com/r/GamerGhazi/comments/2s64fe/be_wary_reporting_to_cloudflare/). Cloudflare [loves doxxing people](https://www.reddit.com/r/GamerGhazi/comments/2s64fe/be_wary_reporting_to_cloudflare/).
Here's a good example for website's privacy policy; Here's a good example for website's signup form.
AFAIK, zero website do this. Will you trust them?
``` ```
By clicking “Sign up for XYZ”, you agree to our terms of service and privacy statement. By clicking “Sign up for XYZ”, you agree to our terms of service and privacy statement.
You also agree to share your data with Cloudflare and also agrees to cloudflare's privacy statement. You also agree to share your data with Cloudflare and also agrees to cloudflare's privacy statement.
``` If Cloudflare leak your information, it's not our fault. [*]
AFAIK, **zero** website do this. Will you trust them? [ Sign up for XYZ ] [ I disagree ]
```
[*] https://www.wired.com/2017/02/crazy-cloudflare-bug-jeopardized-millions-sites/
- Try not to use their service. Remember you are being watched by Cloudflare. - Try not to use their service. Remember you are being watched by Cloudflare.
@ -61,17 +65,24 @@ AFAIK, **zero** website do this. Will you trust them?
| [Block Cloudflare MITM Attack](https://trac.torproject.org/projects/tor/attachment/ticket/24351/block_cloudflare_mitm_attack-1.0.14.1-an%2Bfx.xpi) | **Yes** | **Yes** | | [Block Cloudflare MITM Attack](https://trac.torproject.org/projects/tor/attachment/ticket/24351/block_cloudflare_mitm_attack-1.0.14.1-an%2Bfx.xpi) | **Yes** | **Yes** |
| [Are links vulnerable to MITM?](https://addons.mozilla.org/en-US/firefox/addon/are-links-vulnerable-to-mitm/) | No | **Yes** | | [Are links vulnerable to MITM?](https://addons.mozilla.org/en-US/firefox/addon/are-links-vulnerable-to-mitm/) | No | **Yes** |
| [Third-party Request Blocker (AMO)](https://addons.mozilla.org/en-US/firefox/addon/tprb/) | **Yes** | **Yes** | | [Third-party Request Blocker (AMO)](https://addons.mozilla.org/en-US/firefox/addon/tprb/) | **Yes** | **Yes** |
| [Third-party Request Blocker](https://searxes.danwin1210.me/collab/___go.php?go=get_tprb0&prf=nab) | **Yes** | **Yes** | | [Third-party Request Blocker](https://searxes.danwin1210.me/collab/tprb0/get_tprb0.php) | **Yes** | **Yes** |
| [Detect Cloudflare](https://addons.mozilla.org/en-US/firefox/addon/detect-cloudflare/) | No | **Yes** | | [Detect Cloudflare](https://addons.mozilla.org/en-US/firefox/addon/detect-cloudflare/) | No | **Yes** |
- Convince your friends to use [Tor Browser](https://www.torproject.org/) on the daily basis. Anonymity should be the standard of the open internet! - Convince your friends to use [Tor Browser](https://www.torproject.org/) on the daily basis. Anonymity should be the standard of the open internet!
------------
###### Website owner / Web developer ###### Website owner / Web developer
- Do not use Cloudflare solution. You are loser if you fall to that easy solution. You can do better than that, right? - Do not use Cloudflare solution. You are **loser** if you fall to that easy solution. You can do better than that, *right*?
- Want more customers? You know what to do. Hint is "above line".
![](image/anonexist.jpg)
- Using Cloudflare will increase chances of an outage. Visitors can't access to your website if your server is down *or Cloudflare is down*. Did you really think [Cloudflare never go down](https://www.ibtimes.com/cloudflare-down-not-working-sites-producing-504-gateway-timeout-errors-2618008)?
- Do you need HTTPS certificate? Use "[Let's Encrypt](https://letsencrypt.org/)" or just buy it from CA company.
- Install Web Application Firewall (such as OWASP) and Fail2Ban on _your_ server and configure it _properly_. - Install Web Application Firewall (such as OWASP) and Fail2Ban on _your_ server and configure it _properly_.
@ -79,7 +90,7 @@ AFAIK, **zero** website do this. Will you trust them?
- Ask for advice from other [Clearnet/Tor dual website operators](https://trac.torproject.org/projects/tor/wiki/org/projects/WeSupportTor) and make anonymous friends! :) - Ask for advice from other [Clearnet/Tor dual website operators](https://trac.torproject.org/projects/tor/wiki/org/projects/WeSupportTor) and make anonymous friends! :)
------------
###### Software user ###### Software user
@ -101,7 +112,6 @@ AFAIK, **zero** website do this. Will you trust them?
Let's talk about _other software's privacy_... Let's talk about _other software's privacy_...
- If you really need to use Firefox, pick "[Firefox ESR](https://www.mozilla.org/en-US/firefox/organizations/)". ESR is developed for company and organizations, thus _some_ spyware code is disabled by default. Portable version is [here](https://portableapps.com/apps/internet/firefox-portable-esr). - If you really need to use Firefox, pick "[Firefox ESR](https://www.mozilla.org/en-US/firefox/organizations/)". ESR is developed for company and organizations, thus _some_ spyware code is disabled by default. Portable version is [here](https://portableapps.com/apps/internet/firefox-portable-esr).
- Remember, Mozilla is [using Cloudflare service](https://www.robtex.com/dns-lookup/www.mozilla.org). They're also using [Cloudflare's DNS service on their product](https://www.theregister.co.uk/2018/03/21/mozilla_testing_dns_encryption/) D'oh! - Remember, Mozilla is [using Cloudflare service](https://www.robtex.com/dns-lookup/www.mozilla.org). They're also using [Cloudflare's DNS service on their product](https://www.theregister.co.uk/2018/03/21/mozilla_testing_dns_encryption/) D'oh!
@ -116,7 +126,7 @@ Let's talk about _other software's privacy_...
- Microsoft Edge lets Facebook [run Flash code behind users' backs](https://www.zdnet.com/article/microsoft-edge-lets-facebook-run-flash-code-behind-users-backs/). - Microsoft Edge lets Facebook [run Flash code behind users' backs](https://www.zdnet.com/article/microsoft-edge-lets-facebook-run-flash-code-behind-users-backs/).
------------
###### "Mozilla Firefox" user ###### "Mozilla Firefox" user
@ -140,13 +150,13 @@ Let's talk about _other software's privacy_...
- To disable DOH, enter about:config?filter=network.trr in the address bar then set "network.trr.mode" to 5 to completely disable it. The value "5" [means "Off by choice"](https://gist.github.com/bagder/5e29101079e9ac78920ba2fc718aceec). - To disable DOH, enter about:config?filter=network.trr in the address bar then set "network.trr.mode" to 5 to completely disable it. The value "5" [means "Off by choice"](https://gist.github.com/bagder/5e29101079e9ac78920ba2fc718aceec).
- If you really need to use non-ISP DNS, consider using [OpenNIC Tier2 DNS service](https://wiki.opennic.org/start).) - If you really need to use non-ISP DNS, consider using [OpenNIC Tier2 DNS service](https://wiki.opennic.org/start).
![](image/opennic.jpg) ![](image/opennic.jpg)
- Tell us if you see [this functionality](https://ungleich.ch/en-us/cms/blog/2018/08/04/mozillas-new-dns-resolution-is-dangerous/) start to creep up beyond Firefox Nightly into more stable versions of Firefox. - Tell us if you see [this functionality](https://ungleich.ch/en-us/cms/blog/2018/08/04/mozillas-new-dns-resolution-is-dangerous/) start to creep up beyond Firefox Nightly into more stable versions of Firefox.
------------
###### Action ###### Action
@ -154,7 +164,7 @@ Let's talk about _other software's privacy_...
- Help improve this repository, both the lists, the arguments against it and the details. - Help improve this repository, both the lists, the arguments against it and the details.
- Document and make very public where things go wrong with Cloudflare (and similar companies), making sure to mention this repository when you do so - Document and make very public where things go wrong with Cloudflare (and similar companies), making sure to mention this repository when you do so ;)
- Get more people using Tor by default so they can experience the web from the perspective of different parts of the world. - Get more people using Tor by default so they can experience the web from the perspective of different parts of the world.
@ -176,4 +186,7 @@ Let's talk about _other software's privacy_...
- For companies that claim to _offer service on their website_ try reporting them as "_false advertising_" to consumer protection organizations and BBB. Cloudflare websites are served by Cloudflare servers. - For companies that claim to _offer service on their website_ try reporting them as "_false advertising_" to consumer protection organizations and BBB. Cloudflare websites are served by Cloudflare servers.
- the [ITU](https://www.itu.int/en/ITU-T/Workshops-and-Seminars/20181218/Documents/Geoff_Huston_Presentation.pdf) suggest in the US context that Cloudflare is starting to get big enough that antitrust law might be brought down upon them. - The [ITU](https://www.itu.int/en/ITU-T/Workshops-and-Seminars/20181218/Documents/Geoff_Huston_Presentation.pdf) suggest in the US context that Cloudflare is starting to get big enough that antitrust law might be brought down upon them.
![](image/stopcf.jpg)