stop_cloudflare/README.md

243 lines
11 KiB
Markdown
Raw Normal View History

2017-05-01 18:26:27 +02:00
# The Great Cloudwall
2019-05-21 08:32:46 +02:00
![](image/telegram/c81238387627b4bfd3dcd60f56d41626.jpg)
2019-05-20 02:27:18 +02:00
---
2019-02-24 06:13:28 +01:00
"The Great Cloudwall" is [CloudFlare](https://www.cloudflare.com/), the world's [largest](https://w3techs.com/technologies/history_overview/proxy) MITM proxy([reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy)).
2019-05-14 02:33:20 +02:00
It sits between you and origin webserver, acting like a [border patrol agent](https://www.cbp.gov/careers/bpa).
2019-05-16 16:11:47 +02:00
The origin webserver administrator allowed the agent to decide who can access to their "_web property_" and define "_restricted area_".
2019-05-20 02:45:28 +02:00
Take a look at the second image posted below. You will think Cloudflare block _only_ attackers. It's not.
2019-02-19 03:20:38 +01:00
2019-05-20 02:27:18 +02:00
---
2019-05-12 13:09:10 +02:00
2019-02-21 02:40:06 +01:00
![](image/cloudflaredearuser.png)
2019-05-14 01:31:35 +02:00
![](image/howcfwork.jpg)
2019-05-16 16:13:40 +02:00
![](image/usershoulddecide.jpg)
2019-02-19 01:27:31 +01:00
2019-05-20 02:27:18 +02:00
---
2019-05-12 13:09:10 +02:00
2019-05-20 02:45:28 +02:00
It is called this in reference to the [Great Firewall of China](https://www.comparitech.com/privacy-security-tools/blockedinchina/) which does a comparable job of filtering out many humans from seeing web content (ie everyone in mainland China and people outside) while at the same time those not affected to see a dratically different web, a web free of censorship such as an image of ["tank man"](https://en.wikipedia.org/wiki/Tank_Man) and the history of ["Tiananmen Square protests"](https://en.wikipedia.org/wiki/1989_Tiananmen_Square_protests#Censorship_in_China). (Cloudflare also [block](PEOPLE.md) legit robots(crawlers) and API clients)
2019-02-19 01:26:47 +01:00
2019-05-20 02:27:18 +02:00
---
2019-05-12 13:09:10 +02:00
2019-02-21 02:40:06 +01:00
![](image/onemorestep.jpg)
2019-05-12 03:23:30 +02:00
![](image/accdenied.jpg)
2019-05-12 13:06:00 +02:00
![](image/cfublock.jpg)
2019-05-16 15:50:55 +02:00
![](image/omsjsck.jpg)
2019-02-19 03:20:38 +01:00
2019-05-20 02:30:08 +02:00
---
2019-05-12 13:09:10 +02:00
2019-05-16 16:11:47 +02:00
Cloudflare similarly prevents those in southeast asia and elsewhere who have poor internet connectivity from accessing the websites behind it (for example, they could be behind 7+ layers of NAT or sharing same IP) unless they solve multiple image CAPTCHAs. There is no way to solve the captcha without enabling Javascript and Cookies. Cloudflare is using them to make a browser signature.
2019-05-14 01:24:55 +02:00
2019-05-20 02:30:08 +02:00
---
2019-05-14 01:24:55 +02:00
![](image/omsnote.jpg)
![](image/omsdroid.jpg)
![](image/omsstream.jpg)
![](image/omsappl.jpg)
2019-05-20 02:38:07 +02:00
![](image/cferr1010bsig.jpg)
2019-05-14 01:24:55 +02:00
2019-05-20 02:30:08 +02:00
---
2019-05-14 01:24:55 +02:00
2019-05-20 03:03:36 +02:00
[Tor users](https://www.torproject.org/) and [VPN users](https://airvpn.org/topic/23090-cloudflare-often-bans-my-ip-address/) are also a [victim](https://blog.torproject.org/trouble-cloudflare) of Cloudflare. If you didn't try Tor until this moment, we encourage you to [download Tor Browser](https://www.torproject.org/) and visit your favorite websites. (advice: _Do not login to your bank website or government webpage or they will flag your account. [Use VPN](https://www.vpngate.net/en/) for those websites._)
2019-02-19 03:20:38 +01:00
2019-05-20 02:30:08 +02:00
---
2019-05-12 13:09:10 +02:00
2019-05-16 15:46:51 +02:00
![](image/banvpn2.jpg)
2019-05-20 02:38:07 +02:00
![](image/banvpn.jpg)
2017-05-01 18:26:27 +02:00
2019-05-20 02:30:08 +02:00
---
2019-05-12 13:09:10 +02:00
2019-05-14 01:49:06 +02:00
Cloudflare also has a massive [harassment problem](https://web.archive.org/web/20171024040313/http://www.businessinsider.com/cloudflare-ceo-suggests-people-who-report-online-abuse-use-fake-names-2017-5).
2019-05-19 12:10:42 +02:00
Cloudflare [shares personal information](https://archive.ph/ePdvi) of those who complain about hosted sites. They sometimes ask you to provide
2019-05-20 03:03:36 +02:00
your true ID. If you don't want to get harassed, assaulted, [swatted](https://boingboing.net/2015/01/19/invasion-boards-set-out-to-rui.html) or killed, you better stay away from Cloudflared websites.
2019-05-14 01:49:06 +02:00
2019-05-20 02:30:08 +02:00
---
2019-05-14 01:49:06 +02:00
2019-05-19 12:10:42 +02:00
![](image/cfdox_what.jpg)
2019-05-14 01:49:06 +02:00
![](image/cfdox_swat.jpg)
![](image/cfdox_kill.jpg)
2019-05-20 01:46:31 +02:00
![](image/cfdox_threat.jpg)
![](image/cfdox_dox.jpg)
2019-05-14 01:49:06 +02:00
2019-05-20 02:30:08 +02:00
---
2019-05-14 01:49:06 +02:00
2019-05-21 05:33:17 +02:00
Let's talk about another harassment problem. Cloudflare is sending spam emails to non-Cloudflare users.
2019-05-21 05:27:35 +02:00
`Only send emails to subscribers whove opted in.`
`When the user say "stop", then stop sending email.`
2019-05-21 05:33:17 +02:00
It's that simple. But Cloudflare don't care.
2019-05-21 05:27:35 +02:00
Cloudflare said using their service [can stop all spammers or attackers](https://support.cloudflare.com/hc/en-us/articles/200170066-Will-activating-CloudFlare-stop-all-spammers-or-attackers-).
2019-05-21 05:33:17 +02:00
How can we stop _Cloudflare spammers_ without activating Cloudflare?
2019-05-21 05:27:35 +02:00
---
![](image/cfspam01.jpg)
2019-05-21 05:43:23 +02:00
![](image/cfspam03.jpg)
2019-05-21 05:27:35 +02:00
![](image/cfspam02.jpg)
![](image/cfspambrittany.jpg)
![](image/cfspamtwtr.jpg)
---
2019-05-20 03:03:36 +02:00
And their DNS service, [1.1.1.1](https://1.1.1.1/), is also filtering out users from visiting the website by returning fake IP address owned by Cloudflare, localhost IP such as "127.0.0.x", or just return nothing. Cloudflare DNS also break online software from smartphone app to computer game because of their fake DNS answer.
2019-03-04 08:50:01 +01:00
2019-05-20 02:30:08 +02:00
---
2019-05-12 13:09:10 +02:00
2019-03-04 08:50:01 +01:00
![](image/dnscensor.jpg)
2019-05-13 16:36:40 +02:00
![](image/cferr1016.jpg)
2019-05-19 13:08:27 +02:00
![](image/cferr1016sp.jpg)
2019-05-19 13:16:35 +02:00
![](image/dnsfailtest.jpg)
2019-05-20 03:15:58 +02:00
![](image/cfdnsprob.jpg)
2019-03-04 08:50:01 +01:00
2019-05-20 02:30:08 +02:00
---
2019-05-12 13:09:10 +02:00
2019-03-17 02:55:05 +01:00
And here you might think, "_I am not using Tor or VPN, why should I care?_".
If you visit website which use Cloudflare, you are sharing your information not only to website owner _but also Cloudflare_.
2019-03-17 02:59:36 +01:00
It is impossible to analyze without [decrypting TLS traffic](https://github.com/nym-zone/block_cloudflare_mitm_fx/issues/15#issuecomment-354773389). Cloudflare knows all your data such as raw password.
2019-03-17 02:55:05 +01:00
[Cloudbeed](https://en.wikipedia.org/wiki/Cloudbleed) can happen anytime.
2019-03-17 03:23:17 +01:00
2019-05-20 02:30:08 +02:00
---
2019-05-12 13:09:10 +02:00
2019-05-13 16:56:55 +02:00
![](image/cfbloghtmledit.jpg)
2019-05-14 11:41:09 +02:00
![](image/cfhelp204144518.jpg)
2019-05-20 05:54:45 +02:00
![](image/cfhelpforum.jpg)
2019-05-19 12:33:50 +02:00
![](image/prism_gfe.jpg)
![](image/sniff2.gif)
2019-05-20 02:30:08 +02:00
---
2019-05-19 12:33:50 +02:00
Do you really want to share your data with Cloudflare, and also 3-letter agency?
2019-05-20 06:00:31 +02:00
Internet user's online profile is a "product" that the government and big tech companies wants to buy.
2019-05-20 05:54:45 +02:00
2019-05-20 06:02:10 +02:00
US [Department of Homeland Security](https://www.dhs.gov/) said:
2019-05-20 06:00:31 +02:00
```
Do you have any idea how valuable the data you have is?
Is there any way you would sell us that data?
```
2019-05-19 12:33:50 +02:00
2019-05-20 02:30:08 +02:00
---
2019-05-19 12:33:50 +02:00
2019-03-17 03:23:17 +01:00
![](image/dhssaid.jpg)
2019-05-20 05:37:15 +02:00
![](image/federalinterest.jpg)
2019-03-17 03:23:17 +01:00
2019-05-20 02:30:08 +02:00
---
2019-05-12 13:09:10 +02:00
2019-04-11 04:43:22 +02:00
Cloudflare also offer _FREE_ VPN service called "[Cloudflare Warp](https://blog.cloudflare.com/1111-warp-better-vpn/)". If you use it, all your smartphone connections are sent to Cloudflare servers. Cloudflare can know which website you've read, what comment you've posted, who you've talked to, etc. You are voluntary giving [all your information](https://github.com/privacytoolsIO/privacytools.io/issues/374#issuecomment-478686469) to Cloudflare. If you think "_Are you joking? Cloudflare is secure._" then you need to learn how [VPN works](https://en.wikipedia.org/wiki/VPN).
2019-04-07 04:02:33 +02:00
2019-05-20 02:30:08 +02:00
---
2019-05-12 13:09:10 +02:00
2019-05-14 01:39:48 +02:00
![](image/howvpnwork.jpg)
2019-04-10 01:31:02 +02:00
2019-05-20 02:30:08 +02:00
---
2019-05-12 13:09:10 +02:00
2019-04-15 14:10:44 +02:00
You might already know about the [PRISM](https://en.wikipedia.org/wiki/PRISM_(surveillance_program)) scandal. It is true that AT&T lets NSA to [copy all internet data](https://www.cnet.com/news/at-t-lets-nsa-hide-and-surveil-in-plain-sight-the-intercept-reports/) for surveillance. Let's say you're working at the NSA, and you want _every citizen's internet profile_. You know most of them are blindly trusting Cloudflare and using it to proxy their personal website, chat website, forum website, bank website, insurance website, search engine, secret member-only website, auction website, shopping, video website, NSFW website, and illegal website. You also know they use Cloudflare's DNS service ("1.1.1.1") and VPN service ("Cloudflare Warp") for "_Secure! Faster! Better!_" internet experience. Combining them with user's IP address, browser fingerprint, cookies and RAY-ID will be useful to build target's online profile. You want their data. [What will you do](https://www.reddit.com/r/privacy/comments/1gb0pa/how_prism_actually_works_1520_att_fiber_optic/)?
2019-04-10 01:31:02 +02:00
2019-05-20 02:30:08 +02:00
---
2019-04-07 03:37:36 +02:00
2019-05-14 01:24:55 +02:00
![](image/prismattnsa.jpg)
2019-05-20 05:37:15 +02:00
![](image/nsaslide_prismcorp.gif)
2019-05-14 01:24:55 +02:00
2019-05-20 02:30:08 +02:00
---
2019-05-14 01:24:55 +02:00
2019-05-07 12:06:17 +02:00
### Cloudflare is a honeypot.
2019-05-19 12:33:50 +02:00
![](image/honeypot.gif)
2019-05-07 12:06:17 +02:00
### Free honey for everyone. _Some_ strings attached.
2019-04-11 04:43:22 +02:00
2019-05-19 12:33:50 +02:00
![](image/iminurtls.jpg)
2019-04-10 01:33:39 +02:00
### Do not use Cloudflare.
2019-04-11 04:43:22 +02:00
2019-05-19 12:33:50 +02:00
![](image/shadycloudflare.jpg)
2019-04-10 01:33:39 +02:00
### Decentralize the internet.
2019-03-17 02:55:05 +01:00
2019-04-21 02:21:44 +02:00
!["Cloudflare is not an option."](image/cfisnotanoption.jpg)
2019-03-17 02:55:05 +01:00
---
2019-03-04 08:50:01 +01:00
2019-05-20 02:20:29 +02:00
This repository is a list of websites that are behind "The Great Cloudwall", and also actively blocking Tor users.
2017-05-01 18:26:27 +02:00
2019-02-24 06:13:28 +01:00
2019-05-20 02:20:29 +02:00
Data - mirrors: [NixNet](https://git.nixnet.xyz/Username/cloudflare-tor), [CodeBerg](https://codeberg.org/Username/cloudflare-tor)
* [Cloudflare Users](cloudflare_users/)
2019-05-17 11:21:12 +02:00
* [Cloudflare Inc.](cloudflare_inc/)
2019-05-20 02:20:29 +02:00
* [Domains: Non-Cloudflare but filtering/blocking Tor users](not_cloudflare/)
2019-02-24 06:13:28 +01:00
2019-02-24 06:15:27 +01:00
Information
2019-03-17 02:59:36 +01:00
* [Padlock icon indicates a secure SSL connection established w MitM-ed](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=831835) by Anonymous
* [Block Global Active Adversary Cloudflare](https://trac.torproject.org/projects/tor/ticket/24351) by nym-zone
* [Problem with CloudFlare](https://github.com/privacytoolsIO/privacytools.io/issues/374#issuecomment-460077544) by libBletchley
* [Criticism and controversies](https://en.wikipedia.org/wiki/Cloudflare#Criticism_and_controversies) by Wikipedia
2019-05-16 15:50:55 +02:00
* [Another landmark day in the war to control, centralize and censor the internet.](https://www.reddit.com/r/privacy/comments/b8dptl/another_landmark_day_in_the_war_to_control/) by TheGoldenGoose8888
2019-05-20 05:49:49 +02:00
* [Cloudflare Watch](http://www.crimeflare.org:82/) (cons: _down quite a lot, old data, search restricted to EU only_)
2019-04-07 03:37:05 +02:00
2017-05-01 18:26:27 +02:00
2018-09-06 14:04:17 +02:00
There are more details of why what they are doing is wrong available [here](cloudflare-philosophy.md).
2018-10-20 04:56:26 +02:00
Also see [Frequently Asked Questions](faq.md).
2018-01-17 20:14:50 +01:00
2019-05-20 02:20:29 +02:00
![](image/watcloudflare.jpg)
2019-02-19 04:36:09 +01:00
# What can you do?
2019-02-24 06:15:27 +01:00
* Read [our list of recommended actions](what-to-do.md) and share it with your friends
2019-05-05 13:25:37 +02:00
2019-03-12 02:39:47 +01:00
* Read [other user's voice](PEOPLE.md) (if you write a blog, tell us your URL)
2019-05-05 13:25:37 +02:00
2019-03-05 03:31:39 +01:00
* Update the domain list: [List instructions](instructions.md)
2019-05-05 13:25:37 +02:00
2019-02-19 03:30:32 +01:00
* Add WTF-Cloudflare news to [NEWS.md](NEWS.md)
2019-05-05 13:25:37 +02:00
2019-05-18 12:58:41 +02:00
* Search something on [Searxes Tor](http://searxes.nmqnkngye4ct7bgss4bmv5ca3wpa55yugvxen5kz2bbq67lwy6ps54yd.onion/) or [clearnet](https://searxes.eu.org/) (this will help collecting Searxes' "MITM domains")
2019-05-05 13:25:37 +02:00
2019-05-05 13:21:38 +02:00
* Take a look at add-on code and try it
2019-05-20 16:48:32 +02:00
| Name | Firefox | Chrome |
2019-05-05 13:21:38 +02:00
| -------- | -------- | -------- |
2019-05-07 12:04:18 +02:00
| Block Cloudflare MITM Attack | [Code](addon_firefox/bcma) | [Code](addon_chrome/bcma) |
| Are links vulnerable to MITM? | [Code](addon_firefox/ismitmlink) | [Code](addon_chrome/ismitmlink) |
2019-05-20 16:46:51 +02:00
| Which website rejected me? | [Code](addon_firefox/whyrejectme) | [Code](addon_chrome/whyrejectme) |
2019-05-05 13:21:38 +02:00
2019-05-20 06:53:54 +02:00
* Try & write new [Tool / Script](tool/)
2019-05-13 01:11:37 +02:00
2019-05-20 06:53:54 +02:00
* Want something to read? [PDF](pdf/)
* Proofread [Jeff's writing](article.txt)
2019-05-14 16:24:16 +02:00
2019-05-13 01:13:03 +02:00
* ![](image/feed.png) [RSS feed](https://masto.nixnet.xyz/users/crimeflare.rss), ![](image/mstdn.jpg) [crimeflare@masto.nixnet.xyz](https://masto.nixnet.xyz/@crimeflare)
2019-05-13 01:11:37 +02:00
2019-02-28 12:40:05 +01:00
2019-02-19 03:34:58 +01:00
![WTF](image/wtfcf.jpg)
2019-05-12 13:09:10 +02:00
2018-09-02 04:20:17 +02:00
There are other lists, but this one is one where every entry on the list a human being has actually tried
to go to, and has been blocked.
2018-09-02 04:19:43 +02:00
Human is not a robot.
* [List of services blocking Tor](https://trac.torproject.org/projects/tor/wiki/org/doc/ListOfServicesBlockingTor) by Tor project contributors
* [Sites using cloudflare](https://github.com/pirate/sites-using-cloudflare) by pirate
WARNING:
2019-02-24 06:15:27 +01:00
Github.com is very hostile to Tor users. If you create an account on Github via Tor, your account will be automatically
2018-09-02 04:19:43 +02:00
flagged for spam and will be deleted. See "List of services blocking Tor" for details.
2018-05-04 00:40:35 +02:00
2019-05-22 05:58:36 +02:00
![](image/twe_lb.jpg)
![](image/twe_dz.jpg)
2018-05-04 00:40:35 +02:00
# Who uses this list?
2019-05-19 01:17:46 +02:00
* [Searxes](http://searxes.nmqnkngye4ct7bgss4bmv5ca3wpa55yugvxen5kz2bbq67lwy6ps54yd.onion/) meta-search engine
2018-10-09 04:14:19 +02:00
* [Block Cloudflare MITM Attack](https://addons.mozilla.org/en-US/firefox/addon/bcma/) add-on
2019-05-20 06:06:36 +02:00
* Some Browser Add-ons
2019-05-12 03:25:17 +02:00
2019-05-20 02:30:08 +02:00
---
2019-05-12 03:25:17 +02:00
2019-05-13 16:46:33 +02:00
![](image/omsirl.jpg)
![](image/whydoihavetosolveacaptcha.jpg)
2019-05-13 16:36:40 +02:00
![](image/fixthedamn.jpg)
2019-05-12 03:25:17 +02:00
![What did YOU do to stop CF?](image/stopcf.jpg)