#Stackexchange just became a Cloudflare site, which means it’s now an exclusive resource and also everyone’s data including usernames & passwords are exposed to Cloudflare.

This is antithetical to the pro-privacy philosophies of the #Monero community. Please consider removing it from the sidebar or caution people about CF. Thanks.

top 6 comments

sorted by: hot top controversial new old

[–] [email protected] 4 points 1 year ago (1 children)

Where could I find a list of services that use CF and it's dangers?

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago)

A list of Cloudflare-compromised domains is being tracked here. You can also use this query tool to lookup websites:

There is a browser plugin called BMCA which will detect when you click on a link to a Cloudflare service and redirect you to the archive.org mirror of that site so you don’t connect to CF. There’s another plugin that puts a strikethrough on CF URLs so you know before you click if something is CF’d. Those tools along with others are published here:

http://wmj5kiic7b6kjplpbvwadnht2nh2qnkbnqtcv3dyvpqtz7ssbssftxid.onion/dCF/deCloudflare/-/tree/master/tool?ref_type=heads

Search engines have become extremely polluted with Cloudflare sites in the results. There is a search service called Ombrelo that filters out CF sites from the results:

http://ombrelo.im5wixghmfmt7gf7wb4xrgdm6byx2gj26zn47da6nwo7xvybgxnqryid.onion/

W.r.t. a list of CF’s dangers, I don’t know of a paper that covers that as a thesis. A lot of the problems with Cloudflare are documented here and in other documents in that same repo.

[–] [email protected] 4 points 1 year ago* (last edited 1 year ago)

Also, when something is behind CF, Tor users often (though not always) just can’t open/use it. Say, you have a seriously privacy-centered website. Then try not to accept donations via ko-fi (behind CF) or have links to a video platform behind CF. Which just wouldn’t make sense (especially if your website is recommending Tor, even providing onion), making you look a bit stupid tbh.

Fortunately (or unfortunately) this kind of stupid websites are not rare; Tor users are so get used to blocking, it’s unlikely they get upset. If necessary, they can easily circumvent the blocking in various ways (except they may lose interest or assume it’s perhaps worthless, and as soon as they see “Just a moment…” they may just close it).

PS: Recently (2023-09-20, noticed by Anti-Censorship team) some of snowflake users also got problems. If a Snowflake client gets a Cloudflare IP address, their connection will fail. The latest Tor Browser 12.5.5 is out (2023-09-26), with a workaround, where snowflake avoiding IP that might resolve to CF (Bug tor-browser#42120).

[–] [email protected] 3 points 1 year ago* (last edited 1 year ago) (1 children)

there is a libreddit/invidious/proxitok style stackoverflow proxy project:

https://code.whatever.social/

https://github.com/httpjamesm/AnonymousOverflow

it's available in libredirect, which shows a useful list of instances and which ones use cloudflare

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago) (1 children)

Great find! Glad to see there are some onion hosts as well.

Any idea how to adapt the monero.stackexchange link in the sidebar? The code.whatever.social page cannot handle that link apparently because it does not lead to a specific thread.

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago)

yeah i think that's just something that hasn't been implemented yet

i think it was mainly created for people visiting stackoverflow from search engine results