The issue I am facing: While most people want Cloudflare, I want to avoid them and block sites that use them. Is this possible? Is there a blacklist of sites that use it? I have so much trouble with them I don't appreciate being randomly blocked and my privacy invaded by them. I realize this is not a popular opinion. But that is why I use PiHole, because my views are not popular. Details about my system: A discrete x86 computer running debian, Unbound, and PiHole. What I have changed si...
I have embedded a link into the title where a person is frustrated with Cloudflare.
I’m interested in knowing the extent of their telemetry and data collection. The user alleges that Cloudflare collects cookies from visitors when one visits a website using their proxy + CDN?
Just to be transparent: I’m not looking to use Cloudflare, I’m going to use my own setup with a VPS, however it is important to know about such technologies, especially since I work in IT.
I generally avoid Cloudflare where possible personally because at the the end of the day, they’re a giant big tech company based in the US, with pretty much unprecedented control over the internet.
With that said, last time I looked into their privacy policy, I thought it was acceptable, but that’s been a while ago, so not entirely sure nowadays. Either way I’m not a huge fan.
It’s really hard to take calls to action like this seriously, when they unironically talk like this:
You cannot pass this invasive “browser check” without enabling JavaScript. This is a waste of five(or more) seconds of your valuable life.
Most of the other points are either grasping, misleading, or make the classic FOSS-centric assumption that we live in a fantasy land where all hosting is free and companies don’t need to exist.
I’m not out here trying to say Cloudflare is vital to society, but come on, these arguments are toothless.
It doesn’t load for me, and according to the way back machine (it couldn’t save the readme somehow?) it redirects to a framagit repo that wants me to create an account.
Not the point though. I don’t care about his motivations, only the fact that brought up: how much do their telemetry practices extend? How do they track even our cookies?
On normal proxy they shouldn’t be able, on protected pages they can get the one previously set for the interstitial page for DDoS or login protection (nobody would like to enter a CAPTCHA on every single load)
Seems the attitude against it is “I just don’t like it”.
If someone keeps getting the captcha interstitial, it’s probably because they’ve configured their browser to turn off things like JavaScript and cookies. This makes them different from a regular user, and can either break a site due to missing requirements, or makes them look like a bot, which Cloudflare will block.
(Most) Bots don’t do JavaScript — because that’d require an entire new engine on the client end, which consumes some resources; resources that they’d rather use to do more bottling. By turning off cookies and JavaScript, the “privacy conscious” user is making themselves look like bots. Vast majority of site operators doesn’t want bots, so they employ mechanisms to detect bots to prevent bots from accessing their site… so if users make themselves look like bots, and operators don’t want bots, then the users must be prepared to deal with the repercussions of their actions (of disabling JS and cookies).
Cloudflare does post their IP ranges so I would probably start with looking at traffic involved with those IPs to see what kind of information was going there, you could also block those ranges and see what breaks.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !selfhosted@lemmy.world
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.
Rules:
Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
3 acronyms in this thread; the most compressed thread commented on today has 14 acronyms.
[Thread #36 for this sub, first seen 13th Aug 2023, 15:55] [FAQ] [Full list] [Contact] [Source code]
I generally avoid Cloudflare where possible personally because at the the end of the day, they’re a giant big tech company based in the US, with pretty much unprecedented control over the internet.
With that said, last time I looked into their privacy policy, I thought it was acceptable, but that’s been a while ago, so not entirely sure nowadays. Either way I’m not a huge fan.
If you’re interested, https://crimeflare.eu.org has some info about it.
It’s really hard to take calls to action like this seriously, when they unironically talk like this:
Most of the other points are either grasping, misleading, or make the classic FOSS-centric assumption that we live in a fantasy land where all hosting is free and companies don’t need to exist.
I’m not out here trying to say Cloudflare is vital to society, but come on, these arguments are toothless.
It doesn’t load for me, and according to the way back machine (it couldn’t save the readme somehow?) it redirects to a framagit repo that wants me to create an account.
Maybe bcause you use a cloudflare DNS? xD there are mirrors tho: https://git.kescher.at/dCF/deCloudflare/src/branch/master/readme/en.md
No that ain’t it:
That could be because of duckduckgo anti tracking system running 24/7 on my phone haha
He wants to block every single site that uses cloudflare.
Maybe it would be easier to block access to everything except a trusted whitelist
I think at this point the best approach is to call the ISP and ask for a cancellation. Buy a modem and connect to old style BBS
Unplugging the Ethernet cable does the same effect lol.
Not the point though. I don’t care about his motivations, only the fact that brought up: how much do their telemetry practices extend? How do they track even our cookies?
On normal proxy they shouldn’t be able, on protected pages they can get the one previously set for the interstitial page for DDoS or login protection (nobody would like to enter a CAPTCHA on every single load)
I see. Thanks
https://www.cloudflare.com/privacypolicy/
Seems the attitude against it is “I just don’t like it”.
If someone keeps getting the captcha interstitial, it’s probably because they’ve configured their browser to turn off things like JavaScript and cookies. This makes them different from a regular user, and can either break a site due to missing requirements, or makes them look like a bot, which Cloudflare will block.
(Most) Bots don’t do JavaScript — because that’d require an entire new engine on the client end, which consumes some resources; resources that they’d rather use to do more bottling. By turning off cookies and JavaScript, the “privacy conscious” user is making themselves look like bots. Vast majority of site operators doesn’t want bots, so they employ mechanisms to detect bots to prevent bots from accessing their site… so if users make themselves look like bots, and operators don’t want bots, then the users must be prepared to deal with the repercussions of their actions (of disabling JS and cookies).
Cloudflare does post their IP ranges so I would probably start with looking at traffic involved with those IPs to see what kind of information was going there, you could also block those ranges and see what breaks.