What on earth is going on with Cloudfare? It is almost ignored by everybody, including security and privacy experts, including the Tor Browser devs!

https://gitlab.com/librewolf-communi...x/-/issues/119

It sure does. Dillo, w3m, Palemoon with script turned off won't load some cloudflare sites at all.
In fact https://www.linuxquestions.org get a
When dillo tries to load it.

Interesting info. Thanks.

android and ios are deeply underestimated too.
cf is free and so are ios and android so when you come across it you sell your data in return. sounds like a good deal. plus they all get all the data of your contacts too! i'm not sure why is it not on ToS that everything you type on cf-injected website goes not only to website owner but primarily to NSA and CIA but there you go.

It's Cloudflare, not Cloudfare. No need to obfuscate.

I wholeheartedly agree about it being pure evil.

But TOR is about Anonymity, no more no less. There's no point in blocking Cloudflare, or anything.
The whole point of TOR is enabling people to safely surf evil sites, because they're anonymous while doing it.
Diagonally reading this bug report I don't see a clear statement that Cloudflare actually counteracts TOR anonymity. Not saying it's impossible! I just didn't see it, so if somebody has a definite answer to that, please tell!
BTW, that user cypherpunk made a FF addon called "Cloudflare MITM" or some such. It's mentioned in the bug report several times.

Isn't this site somehow involved with cloudflare?

@hazel: back when i first signed up here a decade and a half ago there wasn't any cf yet.

@hazel Yes, the TLS certificate is provided by Cloudflare. There you go...

The problem comes and goes. LQ is only intermittently blocked by Cloudflare. At just this moment, from my current ISP, I get the normal certificate, not the MitM'd one:

Information about that is elsewhere, it's the captchas that can de-anonymise you. Captchas happen to generate known bursts of traffic that any ISP or law enforcement can record, later send to Cloudflare and find out what Cloudflare site a user was visiting through Tor.

An additional thing that might be happening with captchas: they may be doing canvas or other fingerprinting for tracking purposes other than law enforcement, for example to target you with ads or for other nefarious purposes. Some Clouflare sites take a while to get started before they show the captchas - they probably exercise a lot of the browser's scripting capabilities to discover if it is a bot, and that is an ideal time to run fingerprinting scripts too.

I don't understand, what do you mean by that, that the problem comes and goes? LQ has chosen Cloudflare to route the website through their network. There's no problem in that, it's intentional.
That Cloudflare is far from well-intention, yes, sure, that's rather clear, but I don't understand your rationale

So, it is a source of income? For who?

Well, for cloudflare, of course, for whom else?

@Turbocapitalist, I've also checked the certificate through openssl, and it's beyond me, I really don't get it. openssl consistently shows a different certificate than the one in my browser (which shows cloudflare's).

Can anyone explain this to me?

And the websites who participate?

They are offered a free CDN, location proxmity, that's a huge advantage already. You wouldn't expect the website to be paid for that, right?

Depending on the subscription plans, you can pay for more things: https://www.cloudflare.com/plans/ (now I'm promoting cloudflware )

I'm typically of the crowd that says "if you have nothing to hide...". But I'm amazed people are shocked when they find stuff like this. That is the real surprise to me. If you are connected in any way shape or form, someone is watching. Doesn't matter if you like it or not. There is no magic anonymity bullet for the internet. I've seen that said in other threads and forums. There is always something going on in the background, and 9 times out of 10 no one knows, and even less cares about it.

At the end of the day it's like a speed trap. I'm of the opinion that shouldn't be legal. But good luck getting any court to agree with you. Law enforcement, and or money makers will do whatever the hell they want if they feel they have a good reason, and as has been proven in the last decade, not hard to get warrants for wrong reasons (talking about both sides here). Freedom is an illusion, and so is being anonymous. They can disappear in a flash. If you truly don't want anyone tracking you then unplug.