Home > Categories > Technology > Say no to Cloudflare

Say no to Cloudflare - Robin Wils's website

Last modified: Mon, Oct 12, 2020


A cloud which is filled with flares. The cloud has the same shape as the Cloudflare logo. There is a big red cross through the logo.
Say no to Flarecloud logo By Robin Wils - CC0 licensed.

What is Cloudflare?

Long complex description

Cloudflare is a content delivery network, which means that it has different servers in different locations. Websites which use Cloudflare should be better reachable, so faster in different countries.

Cloudflare is not just a content delivery network. Cloudflare is also a reverse proxy (= a middleman between the user and a website), a DDoS mitigation service (= a service which tries to resist or make the impact of a DDoS attack less painful).

Cloudflare is even more as that. Many websites are a part of the Cloudflare content delivery network.

Short description

Cloudflare claims to try to make sites faster and more secure. It is a service which a lot of websites use.

Sounds pretty nice, right?

Think about your visitors

Do you like it when websites ruin a bit of your experience?

In other words: Would you love to visit a website which forces you to solve a annoying timewasting puzzle usually after waiting five seconds which also cost you valuable time?

Awesome! Use Cloudflare!

Your users matter

Every visitor helps. Think about their experience. They make your website successful. They like to see your content. They probably would like it when the website opens quickly without too many junk.

Your users are basically everything.

Who is your userbase… and what do they like?

Focus on them. Some of them probably care about their privacy. You will have fewer visitors if you don’t support them. That influences the success of your website.

I highly doubt that they will like:

What possible users which care about privacy probably won’t like:

Just to be clear

People who care about privacy aren’t criminals, or at least not always. In fact, everyone needs privacy in one way or another. Everyone has the right to privacy.

People who really think that they don’t need privacy should be ok with sending me their address, private conversations, access to their webcam, passwords and more. Don’t actually do this.

An important example are whistleblowers. They have in many cases shared useful information. Many of them can lose their job if they aren’t anonymous enough.

Legal “.onion” sites exist. Some examples of this are:

More information about Tor

Privacy problems

Do you want to disallow people who need and deserve the right on privacy from using your website?

Great! Use Cloudflare!

Reverse proxy

A reverse proxy acts as a man-in-the-middle, which means that it might spy on everything which your users do. Cloudflare is a reverse proxy.

A man-in-the-middle service is something which is between the site and the user. This means that they can easily add JavaScript which spies on you.

It keeps a globally-unique ID

Cloudflare creates a cookie which gives your browser a globally-unique ID. This even happens when the website is using SSL and shows a little padlock in your browser.

This pretty much kills privacy. A globally-unique ID can easily be used to track you.

CAPTCHAs

Not all sites with Cloudflare use CAPTCHAs, but many do. CAPTCHAs are the things which try to check if you are “human”.

hCAPTCHA

Cloudflare suddenly uses hCAPTCHA, which is not accessible at all. It is hard to find accessible CAPTCHAs in general. This Captcha is hard to solve in my opinion.

Also it is on a blockchain, so it makes Cloudflare money.

The funny thing about CAPTCHAs is that there are computer programs (robots), which can solve the “prove you are human” CAPTCHAs.

Buster

Buster is a browser extension which can solve reCaptchas. CAPTCHAs can be solved by clicking on the extension button at the bottom of the reCAPTCHA widget.

License: GPLv3

Friendly Captcha

My current CAPTCHA recommendation is Friendly Captcha.

It seems like the best CAPTCHA at the moment, but you don’t always need a CAPTCHA in the first place. You can find the friendly captcha website below.

Project Honey Pot

Project Honey Pot is a project which collects a lot of user data and much of that data is from innocent users who deserve privacy. Cloudflare was created by people who worked on that project.

Cloudflare has leaked private user data before, so it has something in common with “Project Honey Pot”.

Firefox and Cloudflare

Mozilla (Firefox) has partnered up with Cloudflare and will resolve the domain names from the application itself via a DNS server from Cloudflare. Cloudflare will then be able to read everyone’s DNS requests.

You can disable it in “about:config”. The string value of “network.trr.uri” should be empty.

Some other settings can also contain Cloudflare URLs. It is recommended to search for “cloudflare”.

The about:config page which shows the Cloudflare DNS address in the network.trr.uri string.

(Screenshot) The Firefox about:config Cloudflare DNS settings By Robin Wils - CC0 licensed.

Keep in mind that the configured DNS resolver of your computer might be Cloudflare DNS. You can find guides on the internet about setting the DNS nameservers.

I recommend the Quad9 DNS resolver. Some of their DNS nameservers use DNSSEC, which means that your DNS queries aren’t in plain text. This means that it provides you extra privacy. Quad9 is a nonprofit organisation. It looks trustworthy enough.

Keep in mind that DNS is just a pretty insecure protocol by default.

Most GNU/Linux systems have a /etc/resolv.conf file, but programs like wicd and NetworkManager change these settings. Those programs usually have a settings menu to set the DNS nameservers.

How can you fight against Cloudflare?

That is a excellent question.

It isn’t simple to not use websites which aren’t served by things like Cloudflare without any extra tools. Cloudflare is a big privacy problem. I however have tips for the people who care about privacy.

Tell others about the danger of Cloudflare

You can ask websites to not use Cloudflare. Please do so in a respectful way. Mentioning why Cloudflare is not the best option might help. Stay kind.

I recommend that you recommend them an alternative. You can find Cloudflare alternatives here.

You could write an article or share other people their articles with other people. Make more people aware of this problem.

Feel free to use the images on my site which are CC0 licensed. CC0 means that it is public domain licensed, which means that you can use it for any purpose. There are no restrictions.

Extensions

There are browser extensions which can block Cloudflare. I recommend the Cloud Firewall add-on if you want to do that.

This is an extreme way of fighting against Cloudflare. I suggest that you spread the word instead. Mention the problem online.

Try to reach people. Dare to use stuff which you are against, so that you can reach more people. Connections with people are important.

Cloud Firewall

The Cloud Firewall add-on can block connections to pages and web resources hosted in major cloud services if the user wishes to do so.

Supports blocking Google, Amazon, Facebook, Apple, Microsoft and Cloudflare. Cloud Firewall has a whitelisting option, so that it can disable blocking on specific websites.

Even more reasons

The Stop Cloudflare repository

The following git repository contains more reasons and links to articles of other people. I highly recommend checking it out.

It is a good source of information. The structure of the repository might make it a bit hard to look through.

Stop Cloudflare repository

Forking the repository

I am thinking of forking the repository, because they have made some decisions which I find pretty dumb.

I am a maintainer, but I will probably leave the project, and I haven’t been very active anyways. Their mission isn’t bad though.

Translating the README

This was a good idea, but not when the translations aren’t accurate at all. It just went through Google translate.

The maintainers aren’t too open minded

The maintainers are in general privacy geeks, which are not too open with spreading the sources on closed source stuff, so the word doesn’t gets spread that well.

I don’t think that many of them get how the world works. They aren’t influencing many people.

The maintainers have removed stuff before. There often isn’t much communication between them. Some of the removed stuff was actually good for the user experience.

The user experience

The README is pretty hard to read, especially for people who aren’t computer nerds.

It is kinda, a mess and looks childish. It contains much complaining, but not that many solutions. Keep it short and get to the point.

Is privacy worth it?

I think that productivity matters more than privacy. There are tools which provide productivity while also being better for security and privacy. Take a look at KeePassXC for example.

I would go for the more secure alternative if it doesn’t hurt my productivity too much. I do this because I still want to support privacy for the people who need it.

Don’t get me wrong privacy is important, but not enough people fight for it. Make sure that you are a bit more secure than average users, but don’t overdo it.

Just know that privacy almost does not exist, but it is worth fighting for, some people really need it.

Home > Categories > Technology > Say no to Cloudflare