Apart from Cloudflare being an access restricted walled garden that harms interoperability, I really do not want my content on CF & I do not want CF content reaching me. This bug is one of many issues likely caused by Cloudflare:
https://lemmy.dbzer0.com/post/4806490
I would like to flip a switch that has the effect of making my whole UX Cloudflare-free. Cloudflare is antithetical to decentralization and it has clearly broken the #Lemmy network.
https://spyware.neocities.org/cloudflare.txt
Tl;dr: The text states that CloudFlare acts as a bad Man-In-The-Middle for the entire internet:
- It tells you which browser to use, or else you’ll face a captcha or a “Access Denied” screen.
- The extensive data collected by JavaScript scripts injected on-the-fly by CloudFlare poses a privacy threat to users (mouse movements, scrolling, keystrokes, device information, mouse clicks, and more).
- It acts as a Man-In-The-Middle for SSL. When you connect to a website, you’re actually connecting to CloudFlare’s servers, which then relay the data to the actual website, allowing them to intercept all traffic between you and the website.
- CloudFlare often blocks Tor users without reason. Using Tor doesn’t make you a criminal, right?
- CloudFlare makes browsing the internet without JavaScript nearly impossible.
- Cloudflare can potentially attack individual users with malicious JavaScript because you typically enable JavaScript to use websites, falling into their trap. Since they track users, provide personalized code, and collaborate directly with the US government/DHS, there’s no reason they couldn’t tailor attacks to specific users.
This isn’t just an individual problem but a fundamental threat to the internet ecosystem.
Interesting stuff. Is there more? Some more technical resources (and not a neocities site?)
I like Cloudflare for all of its conveniences. But this definitely gives me food for thought.
Do you mean CloudFlare related stuff or privacy in general?
Many of us admins specifically added cloudflare because of users trying to use our instances for nefarious purposes. For myself, it was the last option before shutting down my instance altogether. From Tor users trying to use it without any regard for my hosting to the CSAM attacks, cloudflare gave me an option to keep it running for the time being. I don’t agree with everything they do, but it’s the only way right now I can keep the server on without a constant despamming.
There is no way to “disable” cloudflare if an instance has chosen to use it. It will sit between you and the server for all traffic. You can choose to use another instance if you like, but server owners can choose what to do with their own servers.
That would be misconfiguration on the remote instance’s end. Are you sure it works if you’re not on Tor in the first place?
That’s definitely server to server traffic, it basically goes client->home instance->remote instance and AFAIK it’s not a passthrough request, it makes it own request.
cloudflare has an option to serve your content inside tor without an exit node, is that better or worse?
I’m using it to allow my ipv6 only server be visible for ipv4 users, maybe I’ll think on alternatives now
