cypherpunks/stop_cloudflare
cypherpunks
/
stop_cloudflare
mirror of https://git.openprivacy.ca/cypherpunks/stop_cloudflare
0
0
Fork 0
Code Issues Releases Activity

Merge https://notabug.org/sidetracked/cloudflare-tor

This commit is contained in:
Jeff Cliff 2019-05-05 15:23:01 -04:00
parent bb0503944b 2f7816e6b4
commit 0f3c764bd7
21 changed files with 293 additions and 80 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
NEWS.md
View File

@ -1,3 +1,19 @@
*2019.03.13*
@thexpaw@birdsite:
```
So why did I get that email anyway if I'm opted out of all email communication in the account settings?
Which part of the privacy policy allows you to share data with marketing crap like trustpilot?
```
https://twitter.com/thexpaw/status/1108424723233419264
*2019.03.12*
```Cool new tool : Cloud Firewall```
https://framapiaf.org/@gkrishnaks/101727497214557035
*2019.03.03*
```

22
PEOPLE.md
View File

@ -7,7 +7,7 @@ format:
"[TITLE](https://full.link/blog.html)" by [Who](Link)
Sort:
New article: top
Recent article: top
Disqualify:
- Cloudflared website
@ -23,10 +23,26 @@ Disqualify:
"[Dont Use Cloudflare Because You Impose This on People Who Least Want It](http://techrights.org/2019/02/17/the-cloudflare-trap/)" by [Dr. Roy Schestowitz](http://techrights.org/)
"[Cloudflare: The bad, the worse and the ugly?](http://webschauder.de/cloudflare-the-bad-the-worse-and-the-ugly/)" by [Alle Beiträge](http://webschauder.de/author/jw/)
"[I dont trust Cloudflare with IPFS](https://blog.kareldonk.com/i-dont-trust-cloudflare-with-ipfs/)" by [Karel Donk](https://blog.kareldonk.com/)
"[Cloudflare IPFS experiment](https://js.ipfs.io/ipns/QmZJBQBXX98AuTcoR1HBGdbe5Gph74ZBWSgNemBcqPNv1W/cloudflare-IPFS-experiment.html)" by [Joe](https://js.ipfs.io/ipns/QmZJBQBXX98AuTcoR1HBGdbe5Gph74ZBWSgNemBcqPNv1W/index.html) - ([archive](http://archive.fo/139z1))
"[Don't Trust CloudFlare](https://write.lain.haus/thufie/dont-trust-cloudflare)" by [@lunaterra@cyberia.social](https://cyberia.social/@lunaterra)
"[Stay away from CloudFlare](http://www.unixsheikh.com/articles/stay-away-from-cloudflare.html)" by [Unix Sheikh](http://www.unixsheikh.com/)
"[Support End-to-End Encryption on the Web](https://www.wordfence.com/blog/2017/03/support-end-to-end-encryption/)" by [Mark Maunder](https://www.wordfence.com/)
"[Journal CloudFlare au milieu](https://linuxfr.org/users/thibg/journaux/cloudflare-au-milieu)" by [ThibG](https://linuxfr.org/)
"[why you shouldnt use Cloudflare](https://tech.tiq.cc/2016/01/why-you-shouldnt-use-cloudflare/)" by [tiq](https://tech.tiq.cc/)
"[The CloudFlare MITM](https://web.archive.org/web/20160311163431/https://blog.paymium.com/2014/02/19/the-cloudflare-mitm/)" by [David FRANCOIS](https://blog.paymium.com/)
"[Allergique à Cloudflare ? Voici comment vous soigner…](https://korben.info/cloudflare-mitm.html)" by [KORBEN](https://korben.info/)
"[CloudFlare, We Have A Problem](http://cryto.net/~joepie91/blog/2016/07/14/cloudflare-we-have-a-problem/)" by [joepie91](http://cryto.net/~joepie91/)
"[On Cloudflare](https://www.tyil.nl/post/2017/12/17/on-cloudflare/)" by [tyil](https://www.tyil.nl/)
@ -45,4 +61,8 @@ Disqualify:
"[Ditch Cloudflare - Broken HTTPS/MiTM](https://greysec.net/showthread.php?tid=1256)" by [NO-OP](https://greysec.net/member.php?action=profile&uid=47)
"[Cloudflare as a Security Risk - Support - Whonix Forum](http://forums.whonix.org/t/cloudflare-as-a-security-risk/2162)" by [entr0py](https://forums.whonix.org/u/entr0py)
"[How likely is it that CloudFlare is an NSA operation?](https://www.quora.com/How-likely-is-it-that-CloudFlare-is-an-NSA-operation/answer/Hamid-Sarfraz)" by quora
"[cloudflare 是如何转发 HTTPS 流量的?](https://www.v2ex.com/t/406759)" by [feast](https://www.v2ex.com/member/feast)

24
README.md
View File

@ -16,19 +16,31 @@ And their DNS service, [1.1.1.1](https://1.1.1.1/), is also filtering out users
![](image/dnscensor.jpg)
And here you might think, "_I am not using Tor or VPN, why should I care?_".
If you visit website which use Cloudflare, you are sharing your information not only to website owner _but also Cloudflare_.
It is impossible to analyze without [decrypting TLS traffic](https://github.com/nym-zone/block_cloudflare_mitm_fx/issues/15#issuecomment-354773389). Cloudflare knows all your data such as raw password.
[Cloudbeed](https://en.wikipedia.org/wiki/Cloudbleed) can happen anytime.
Do you really want to share your data with Cloudflare, and also 3-letter agency?
![](image/dhssaid.jpg)
---
This repository is a list of websites that are behind The Great Cloudwall, and also actively blocking Tor users.
List
Domain list
* [Domains using Cloudflare](split/)
* [Non-Cloudflare but filtering/blocking Tor users](not_cloudflare/)
Information
* [Padlock icon indicates a secure SSL connection established w MitM-ed](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=831835)
* [Block Global Active Adversary Cloudflare](https://trac.torproject.org/projects/tor/ticket/24351)
* [Problem with CloudFlare](https://github.com/privacytoolsIO/privacytools.io/issues/374#issuecomment-460077544)
* [Padlock icon indicates a secure SSL connection established w MitM-ed](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=831835) by Anonymous
* [Block Global Active Adversary Cloudflare](https://trac.torproject.org/projects/tor/ticket/24351) by nym-zone
* [Problem with CloudFlare](https://github.com/privacytoolsIO/privacytools.io/issues/374#issuecomment-460077544) by libBletchley
* [Criticism and controversies](https://en.wikipedia.org/wiki/Cloudflare#Criticism_and_controversies) by Wikipedia
There are more details of why what they are doing is wrong available [here](cloudflare-philosophy.md).
Also see [Frequently Asked Questions](faq.md).
@ -44,7 +56,7 @@ Also see [Frequently Asked Questions](faq.md).
* Add WTF-Cloudflare news to [NEWS.md](NEWS.md)
* Search something on [Searxes Tor](http://searxes.nmqnkngye4ct7bgss4bmv5ca3wpa55yugvxen5kz2bbq67lwy6ps54yd.onion/) or [clearnet](https://searxes.danwin1210.me/) (this will help collecting Searxes' "MITM domains")
* Take a look at [add-on code](ismitmlink/) (how to use "MITM test API")
* Subscribe to an ![](image/feed.png) RSS feed: "[The Great Cloudwall News](https://searxes.danwin1210.me/collab/open/getrss.php?q=tmg1news)" or follow ![](image/mstdn.jpg) [crimeflare@ieji.de](https://ieji.de/@crimeflare)
* Subscribe to ![](image/feed.png) RSS feed: "[The Great Cloudwall News](https://ieji.de/users/crimeflare.rss)" or follow ![](image/mstdn.jpg) [crimeflare@ieji.de](https://ieji.de/@crimeflare)
![WTF](image/wtfcf.jpg)

43
cloudflare_owned_NS.txt
View File

@ -1,62 +1,101 @@
abby.ns.cloudflare.com
adrian.ns.cloudflare.com
aida.ns.cloudflare.com
alan.ns.cloudflare.com
albert.ns.cloudflare.com
alex.ns.cloudflare.com
alina.ns.cloudflare.com
alla.ns.cloudflare.com
amanda.ns.cloudflare.com
amber.ns.cloudflare.com
amy.ns.cloudflare.com
andy.ns.cloudflare.com
anna.ns.cloudflare.com
apollo.ns.cloudflare.com
arch.ns.cloudflare.com
aria.ns.cloudflare.com
art.ns.cloudflare.com
asa.ns.cloudflare.com
athena.ns.cloudflare.com
austin.ns.cloudflare.com
ben.ns.cloudflare.com
bella.ns.cloudflare.com
ben.ns.cloudflare.com
beth.ns.cloudflare.com
bob.ns.cloudflare.com
brit.ns.cloudflare.com
chan.ns.cloudflare.com
coby.ns.cloudflare.com
coco.ns.cloudflare.com
cody.ns.cloudflare.com
cory.ns.cloudflare.com
darwin.ns.cloudflare.com
dee.ns.cloudflare.com
dom.ns.cloudflare.com
demi.ns.cloudflare.com
dina.ns.cloudflare.com
dom.ns.cloudflare.com
dora.ns.cloudflare.com
dorthy.ns.cloudflare.com
drew.ns.cloudflare.com
duke.ns.cloudflare.com
ed.ns.cloudflare.com
edna.ns.cloudflare.com
elinore.ns.cloudflare.com
elmo.ns.cloudflare.com
emma.ns.cloudflare.com
etta.ns.cloudflare.com
fay.ns.cloudflare.com
foo.ns.cloudflare.com
fred.ns.cloudflare.com
gabe.ns.cloudflare.com
gail.ns.cloudflare.com
glen.ns.cloudflare.com
guy.ns.cloudflare.com
hank.ns.cloudflare.com
heather.ns.cloudflare.com
hugh.ns.cloudflare.com
ian.ns.cloudflare.com
igor.ns.cloudflare.com
iris.ns.cloudflare.com
jasmine.ns.cloudflare.com
jeff.ns.cloudflare.com
jerry.ns.cloudflare.com
jill.ns.cloudflare.com
jim.ns.cloudflare.com
john.ns.cloudflare.com
jonah.ns.cloudflare.com
josh.ns.cloudflare.com
kate.ns.cloudflare.com
kevin.ns.cloudflare.com
kim.ns.cloudflare.com
kip.ns.cloudflare.com
leah.ns.cloudflare.com
lee.ns.cloudflare.com
leia.ns.cloudflare.com
lex.ns.cloudflare.com
lily.ns.cloudflare.com
lucy.ns.cloudflare.com
matt.ns.cloudflare.com
max.ns.cloudflare.com
megan.ns.cloudflare.com
melinda.ns.cloudflare.com
miki.ns.cloudflare.com
nelly.ns.cloudflare.com
newt.ns.cloudflare.com
nina.ns.cloudflare.com
norm.ns.cloudflare.com
norman.ns.cloudflare.com
olga.ns.cloudflare.com
pam.ns.cloudflare.com
paul.ns.cloudflare.com
pete.ns.cloudflare.com
peyton.ns.cloudflare.com
rachel.ns.cloudflare.com
rick.ns.cloudflare.com
rob.ns.cloudflare.com
rose.ns.cloudflare.com
seth.ns.cloudflare.com
sofia.ns.cloudflare.com
tegan.ns.cloudflare.com
terin.ns.cloudflare.com
theo.ns.cloudflare.com
zoe.ns.cloudflare.com

1
cloudflare_owned_domains.txt
View File

@ -6,6 +6,7 @@ cloudflare-quic.com
cloudflare.com
cloudflare.com.ve
cloudflare.net
workers.dev
cloudflareapi.com
cloudflareapps.com
cloudflarechallenge.com

BIN
image/dhssaid.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 184 KiB

BIN
image/matthew_prince.jpg
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 130 KiB

After

Width:  |  Height:  |  Size: 162 KiB

6
instructions.md
View File

@ -72,7 +72,9 @@ IMPORTANT: Please add only "Base Domain"
| -------- | -------- |
| list_error403.txt | Returns HTTP Error 403 (Forbidden) |
| list_customerror.txt | Returns custom error message (not HTTP 403) |
| list_other.txt | (not necessary?) |
| list_other.txt | any other form of tor-hostility or mistreatment |
| list_siteground.txt | siteground.com is a Tor-hostile hosting service that indiscriminately DoSes all Tor users with the collective judgement: "our system thinks you might be a robot!" Sometimes the site functions, and sometimes it times out, but the robot accusation is very common. |
| list_formerly_tor-hostile.txt | was previously on one of the above tor-hostile lists |
```
IMPORTANT: Please add only "Base Domain" or "(base domain)[space](comment here)"
@ -93,4 +95,4 @@ Add them to [/not_cloudflare/](not_cloudflare/) (formerly "*TorBlocker Hall of S
This is a collection of websites that ban Tor exits, other than through Cloudflare(e.g. showing access denied pages, systematic timing out connections, ...).
[This add-ons](https://addons.mozilla.org/en-US/firefox/addon/which-website-rejected-me/) will help your list_error403 collection.
[This add-ons](https://addons.mozilla.org/en-US/firefox/addon/which-website-rejected-me/) will help your list_error403 collection.

89
ismitmlink/bg.js
View File

@ -1,7 +1,16 @@
const apiurl = 'https://searxes.danwin1210.me/collab/open/ismitm.php';
let mymemory = {};
let apiurl = 'https://searxes.danwin1210.me/collab/open/ismitm.php';
let TORapiurl = 'http://searxes.nmqnkngye4ct7bgss4bmv5ca3wpa55yugvxen5kz2bbq67lwy6ps54yd.onion/collab/open/ismitm.php';
function ismitm(f) {
fetch('http://searxes.nmqnkngye4ct7bgss4bmv5ca3wpa55yugvxen5kz2bbq67lwy6ps54yd.onion/collab/open/hi.php', {
method: 'GET',
mode: 'cors'
}).then(r => r.text()).then(r => {
if (r == 'hi') {
apiurl = TORapiurl;
}
}).catch(() => {});
function is_infected(f) {
return new Promise((g, b) => {
fetch(apiurl, {
method: 'POST',
@ -10,9 +19,7 @@ function ismitm(f) {
'Content-Type': 'application/x-www-form-urlencoded'
},
body: 'f=' + f
}).then(function (r) {
return r.json();
}).then(function (r) {
}).then(r => r.json()).then(r => {
if (r[0]) {
g(r[1]);
} else {
@ -22,29 +29,49 @@ function ismitm(f) {
});
}
browser.runtime.onMessage.addListener((request, sender, sendResponse) => {
if (request && sender) {
if (mymemory[request] != undefined) {
let rlt = mymemory[request];
if (Object.keys(mymemory).length > 20000) {
let cnt = 1;
for (let t in mymemory) {
if (cnt > 10) {
break;
}
mymemory[t] = null;
delete mymemory[t];
cnt++;
}
}
browser.tabs.sendMessage(sender.tab.id, [request, rlt]);
} else {
ismitm(request).then(function (a) {
mymemory[request] = a;
browser.tabs.sendMessage(sender.tab.id, [request, a]);
}, function () {
browser.tabs.sendMessage(sender.tab.id, [request, false]);
});
}
function i_already_know_you(f) {
if (!/^([a-z0-9_.-]{1,255})\.([a-z]{2,80})$/.test(f)) {
return false;
}
});
return new Promise((g, b) => {
browser.storage.local.get(f).then((ff) => {
if (ff[f]) {
if (ff[f] == 'y') {
g(1);
} else {
g(-1);
}
} else {
g(0);
}
}, () => {
g(0);
});
});
}
function i_remember_you(f, t) {
browser.storage.local.set({
[f]: ((t) ? 'y' : 'n')
});
}
browser.storage.local.clear().then(() => {
browser.runtime.onMessage.addListener((request, sender, sendResponse) => {
if (request && sender) {
i_already_know_you(request).then((r) => {
if (r == 1 || r == -1) {
browser.tabs.sendMessage(sender.tab.id, [request, ((r == 1) ? true : false)]);
}
if (r == 0) {
is_infected(request).then((a) => {
i_remember_you(request, a);
browser.tabs.sendMessage(sender.tab.id, [request, a]);
}, () => {
browser.tabs.sendMessage(sender.tab.id, [request, false]);
});
}
}, () => {});
}
});
}, () => {});

60
ismitmlink/cs.js
View File

@ -1,32 +1,32 @@
if (document.body) {
if (!['searxes.danwin1210.me', 'searxes.nmqnkngye4ct7bgss4bmv5ca3wpa55yugvxen5kz2bbq67lwy6ps54yd.onion', 'searxes.cyb'].includes(location.hostname)) {
let cs = (function () {
let s = document.createElement('style');
document.head.appendChild(s);
return s.sheet;
})();
if (cs) {
cs.insertRule("a[data-mitm]{text-decoration-line:line-through !important;text-decoration-color:red !important;text-decoration-style:double !important}", 0);
cs.insertRule("a[data-mitm]::after{content:'[MITM!]';font-weight:bold}", 1);
}
let asked = [location.hostname, 'searxes.danwin1210.me', 'searxes.nmqnkngye4ct7bgss4bmv5ca3wpa55yugvxen5kz2bbq67lwy6ps54yd.onion', 'searxes.cyb'];
document.querySelectorAll("a[href^='http://']:not([data-mitm]),a[href^='https://']:not([data-mitm]),a[href^='//']:not([data-mitm])").forEach(a => {
let aF = (new URL(a.href)).hostname;
if (!/^(.*)\.(onion|i2p|invalid|test|local|localhost|([0-9]{1,3}))$/.test(aF) && !asked.includes(aF)) {
asked.push(aF);
browser.runtime.sendMessage(aF);
}
});
browser.runtime.onMessage.addListener((request, sender, sendResponse) => {
if (request.length == 2) {
if (request[1]) {
document.querySelectorAll("a[href^='http://" + request[0] + "/']:not([data-mitm]),a[href^='https://" + request[0] + "/']:not([data-mitm]),a[href^='//" + request[0] + "/']:not([data-mitm])").forEach(a => {
a.dataset.mitm = 1;
a.title = 'MITM!';
});
}
}
sendResponse(null);
});
if (document.body && !['searxes.danwin1210.me', 'searxes.nmqnkngye4ct7bgss4bmv5ca3wpa55yugvxen5kz2bbq67lwy6ps54yd.onion', 'searxes.cyb'].includes(location.hostname)) {
let cs = (function () {
let s = document.createElement('style');
document.head.appendChild(s);
return s.sheet;
})();
if (cs) {
cs.insertRule("a[data-mitm]{text-decoration-line:line-through !important;text-decoration-color:red !important;text-decoration-style:double !important}", 0);
cs.insertRule("a[data-mitm]::before{content:'[MITM!]';font-weight:bold !important;color:red !important}", 1);
cs.insertRule("a[data-mitm]:hover::before{content:'[Privacy Risk!!]'}", 2);
cs.insertRule("a[data-mitm]:hover{color:red !important}", 3);
}
let asked = ['searxes.danwin1210.me', 'searxes.nmqnkngye4ct7bgss4bmv5ca3wpa55yugvxen5kz2bbq67lwy6ps54yd.onion', 'searxes.cyb', 'addons.mozilla.org'];
document.querySelectorAll("a[href^='http://']:not([data-mitm]),a[href^='https://']:not([data-mitm]),a[href^='//']:not([data-mitm])").forEach(a => {
let aF = (new URL(a.href)).hostname;
if (!/^(.*)\.(onion|i2p|invalid|test|local|localhost|([0-9]{1,3})|bbs|chan|cyb|dyn|geek|gopher|indy|libre|neo|null|o|oss|oz|parody|pirate|bit|lib|coin|emc|bazar|fur)$/.test(aF) && !asked.includes(aF)) {
asked.push(aF);
browser.runtime.sendMessage(aF);
}
});
browser.runtime.onMessage.addListener((request, sender, sendResponse) => {
if (request.length == 2) {
if (request[1]) {
document.querySelectorAll("a[href^='http://" + request[0] + "/']:not([data-mitm]),a[href^='https://" + request[0] + "/']:not([data-mitm]),a[href^='//" + request[0] + "/']:not([data-mitm])").forEach(a => {
a.dataset.mitm = 1;
a.title = 'DANGER! DANGER! MITM!';
});
}
}
sendResponse(null);
});
}

8
ismitmlink/manifest.json
View File

@ -2,9 +2,13 @@
"manifest_version": 2,
"name": "Are links vulnerable to MITM attack?",
"description": "Scan FQDN using Searxes' API",
"version": "1.0.2",
"version": "1.0.4",
"homepage_url": "https://notabug.org/themusicgod1/cloudflare-tor/src/master/ismitmlink",
"author": "Maslin Bossé",
"permissions": [],
"permissions": [
"storage",
"unlimitedStorage"
],
"icons": {
"32": "icons/32.png"
},

3
not_cloudflare/README.md
View File

@ -1,4 +1,5 @@
# Which websites are hostile to Tor users?
Don't block us!
Don't block us!
See [instructions.md](file://../instructions.md) for file purpose and format specifications.

23
not_cloudflare/get_fqdn_tmg1.php Normal file
View File

@ -0,0 +1,23 @@
<?php
//License: WTFPL
define('F_INPUT','noncloudflarelist.txt');
define('F_OUTPUT','fqdnlist.txt');
if (!file_exists(F_INPUT)){
die('File not found');
}
$result = array();
foreach(explode("\n",file_get_contents(F_INPUT)) as $t){
$t = explode(' ',$t)[0];
if (preg_match("/^([a-z0-9-\.]{1,255})\.([a-z]{2,40})$/",$t)){
$result[] = $t;
}
}
$result = array_unique($result);
file_put_contents(F_OUTPUT,implode("\n",$result));
echo('Done');

11
not_cloudflare/list_customerror.txt
View File

@ -1,9 +1,11 @@
abclive.in
aboutdebian.com
adidas.de
adsabs.harvard.edu
aidspolicyproject.org
airbnb.com
Akamai
Akamai's
altcoins.com
amazon.com
@ -30,6 +32,7 @@ blocktrail.com
bloglovin.com
bloomberg.com
bodhizazen.net
busbud.com
casw-acts.ca
cc.gatech.edu
cessfull.com
@ -92,6 +95,7 @@ forums.linuxmint.com
forums.whirlpool.net.au
forum.synology.com
foxnews.com
Freenode
gchq.gov.uk
geizhals.at
gemal.dk
@ -123,6 +127,7 @@ koelnspd.de
leblogdebetty.com
lenovo.com
libertygb.org.uk
lifewire.com
linuxquestions.org
livejournal.com
loebner.net
@ -138,15 +143,18 @@ meaningness.com
midtnmusic.com
mixcloud.com
moodle.org
mosquitomagnet.com
motorcyclecruiser.com
mottweilerstudio.com
n2value.com
nacns.org
nakedcapitalism.com
nbnco.com.au
nemlog-in.dk/login.aspx/noeglekort
nepalmonitor.org
netbank.com.au
networktools.nl
NetZone
newark.com
newgrounds.com
news.ycombinator.com
@ -211,6 +219,8 @@ technologyreview.com
thecultureblend.com
thegrommet.com
theislamicseminary.org
thespruceeats.com
thoughtco.com
ti.com
tineye.com
tocloud.com
@ -237,6 +247,7 @@ vpforums.org
walmart.com
wayfair.com
wbai.org
webstix.com
weforum.org
whatthefuckshouldimakefordinner.com
whiterose.samizdata.net

14
not_cloudflare/list_error403.txt
View File

@ -1,7 +1,10 @@
abebooks.com
ajc.com
asus.com
bitvps.com
caot.ca
captaintrain.com
catbox.moe
dluat.com
europa.eu
expo2015.org
@ -12,15 +15,26 @@ geocaching.com
gutenberg.org
hot-topic.co.nz
hubpages.com
intra.ruc.dk
irs.gov
knowyourmeme.com
lastword.at
libertymutual.com
logon.e-boks.dk
moodle.ruc.dk
no2nsa.x10.bz
republicbuzz.com
rijksoverheid.nl
safeco.com
securifi.com
signon.ruc.dk
singpolyma.net
stadssb.ruc.dk
stefanv.com
study.com
theverge.com
tomshardware.com
wayfair.com
wigle.net
wikidevi.com
witopia.net

11
not_cloudflare/list_formerly_tor-hostile.txt Normal file
View File

@ -0,0 +1,11 @@
20-kudk.queue-it.net 403
europa.eu 403
gutenberg.org 403
hot-topic.co.nz 403
rijksoverheid.nl 403
stefanv.com 403
tomshardware.com 403
usa.gov customerror
wigle.net 403
wikidevi.com 403
witopia.net 403

4
not_cloudflare/list_other.txt
View File

@ -1 +1,3 @@
(add FQDN here)
borger.dk Click "Digital Post" and get redirected to nemlog-in.dk, which tells Tor users "A technical error has occurred."
botsin.space The admin don't care Tor users. Tor user can't login or register at all.
chase.com The bank gives you an opportunity to provide your login creds and then denies the user access and locks their credit card account permanently for "using an unauthorized device". The action is irreversible, and card holders must sign up for a new card with new number if they want service.

2
not_cloudflare/list_siteground.txt Normal file
View File

@ -0,0 +1,2 @@
livingmoldfree.com
thewimpyvegetarian.com

1
split/cloudflare_a.txt
View File

@ -59123,6 +59123,7 @@ advisory.business
advisorycloud.com
advisory.co.uk
advisory-count.review
advisoryexcellence.com
advisorygroupmkt.com
advisoryhq.com
advisoryhq.xyz

1
split/cloudflare_l.txt
View File

@ -80907,6 +80907,7 @@ lhzqjmget.cn
l-hzqpdf.cf
lhzttz.com
lhzxc.com
li.me
li02.com
li0516os.com
li09.com

34
what-to-do.md
View File

@ -72,9 +72,11 @@ If Cloudflare leak your information, it's not our fault. [*]
| [Block Cloudflare MITM Attack](https://trac.torproject.org/projects/tor/attachment/ticket/24351/block_cloudflare_mitm_attack-1.0.14.1-an%2Bfx.xpi) | nullius | [Link](https://github.com/nym-zone/block_cloudflare_mitm_fx) | **Yes** | **Yes** |
| [Are links vulnerable to MITM?](https://addons.mozilla.org/en-US/firefox/addon/are-links-vulnerable-to-mitm/) | Maslin Bossé | [Link](https://notabug.org/themusicgod1/cloudflare-tor/src/master/ismitmlink) | No | **Yes** |
| [Third-party Request Blocker (AMO)](https://addons.mozilla.org/en-US/firefox/addon/tprb/) | Searxes #Addon | [Link](https://searxes.danwin1210.me/) | **Yes** | **Yes** |
| [TPRB](https://searxes.danwin1210.me/collab/tprb0/get_tprb0.php) | Sw | [Link](http://searxes.nmqnkngye4ct7bgss4bmv5ca3wpa55yugvxen5kz2bbq67lwy6ps54yd.onion/collab/___go.php?go=sw) | **Yes** | **Yes** |
| [TPRB](https://sw.skusklxqaqnrmszytky4vfyrg625erw4hqhiokyc2ufnokd2aitb47yd.onion/) | Sw | [Link](https://sw.skusklxqaqnrmszytky4vfyrg625erw4hqhiokyc2ufnokd2aitb47yd.onion/) | **Yes** | **Yes** |
| [Detect Cloudflare](https://addons.mozilla.org/en-US/firefox/addon/detect-cloudflare/) | Frank Otto | [Link](https://github.com/traktofon/cf-detect) | No | **Yes** |
| [Cloud Firewall](https://addons.mozilla.org/en-US/firefox/addon/cloud-firewall/) [*] | Gokulakrishna Sudharsan | [Link](https://gitlab.com/gkrishnaks/cloud-firewall/) | **Yes** | No |
[*] Do not use it if you're using proxy/VPN/Tor because it has "[DNS leak](https://en.wikipedia.org/wiki/DNS_leak)".
- Convince your friends to use [Tor Browser](https://www.torproject.org/) on the daily basis. Anonymity should be the standard of the open internet!
@ -96,6 +98,12 @@ If Cloudflare leak your information, it's not our fault. [*]
- Do you need HTTPS certificate? Use "[Let's Encrypt](https://letsencrypt.org/)" or just buy it from CA company.
- Do you need DNS server? Can't set up your own server? Then how about [Dyn.com](https://dyn.com/dns/), [Hurricane Electric Free DNS](https://dns.he.net/) or [this](https://freedns.afraid.org/)?
- Looking for hosting service? "Free" only? Well, [how about this](https://www.reddit.com/r/webdev/comments/5m8tr4/how_do_i_host_the_website_i_just_built/dc1qpk7/)?
- Are you using "cloudflare-ipfs.com"? Do you know [Cloudflare IPFS is bad](https://ieji.de/@crimeflare/101779952797884218)?
- Install Web Application Firewall (such as OWASP) and Fail2Ban on _your_ server and configure it _properly_.
- Set up [Tor Onion Service](https://www.torproject.org/docs/onion-services.html.en) or I2P insite if you believe in freedom and welcome anonymous users.
@ -132,12 +140,20 @@ Let's talk about _other software's privacy_...
- PaleMoon developer [loves Cloudflare](https://github.com/mozilla-mobile/focus-android/issues/1743#issuecomment-345993097).
- Waterfox actively using [Cloudflare on their servers](https://www.digwebinterface.com/?hostnames=www.waterfoxproject.org&type=A&ns=resolver&useresolver=8.8.4.4&nameservers=) and their software have [severe "phones home" problem](https://spyware.neocities.org/articles/waterfox.html).
- Chrome is a [spyware](https://www.gnu.org/proprietary/malware-google.en.html).
- Brave Browser [whitelist Facebook/Twitter trackers](https://www.bleepingcomputer.com/news/security/facebook-twitter-trackers-whitelisted-by-brave-browser/).
- SRWare Iron make too many [phones home connection](https://spyware.neocities.org/articles/iron.html). It also connect to google domains.
- Brave Browser [whitelist Facebook/Twitter trackers](https://www.bleepingcomputer.com/news/security/facebook-twitter-trackers-whitelisted-by-brave-browser/). Here's [more issues](https://spyware.neocities.org/articles/brave.html).
- Microsoft Edge lets Facebook [run Flash code behind users' backs](https://www.zdnet.com/article/microsoft-edge-lets-facebook-run-flash-code-behind-users-backs/).
- Vivaldi [does not respect your privacy](https://spyware.neocities.org/articles/vivaldi.html).
Therefore we recommend "Tor Browser" only. Nothing else.
------------
###### "Mozilla Firefox" user
@ -164,9 +180,17 @@ Let's talk about _other software's privacy_...
![](image/firefoxdns.jpg)
- If you really need to use non-ISP DNS, consider using [OpenNIC Tier2 DNS service](https://wiki.opennic.org/start).
- If you would like to use non-ISP DNS, consider using [OpenNIC Tier2 DNS service](https://wiki.opennic.org/start)
![](image/opennic.jpg) or any of non-Cloudflare DNS services.
![](image/opennic.jpg)
- You can use Tor as DNS resolver. If you're not Tor expert, [ask question here](https://tor.stackexchange.com/).
> **How?**
> 1. Download [Tor](https://www.torproject.org/) and install it on your computer.
> 2. Add this line to "torrc" file. [DNSPort description](https://www.torproject.org/docs/tor-manual.html.en).
> DNSPort 127.0.0.1:53
> 3. Restart Tor.
> 4. Set your computer's DNS server to "127.0.0.1".
- Tell us if you see [this functionality](https://ungleich.ch/en-us/cms/blog/2018/08/04/mozillas-new-dns-resolution-is-dangerous/) start to creep up beyond Firefox Nightly into more stable versions of Firefox.
@ -190,6 +214,8 @@ Let's talk about _other software's privacy_...
- Let us know of any alternatives to help at least provide multiple layered defence against Cloudflare.
- If you are a Cloudflare customer, set your privacy settings, and wait for them to violate them. Then bring them under [anti-spam / privacy violation charges](https://twitter.com/thexpaw/status/1108424723233419264).
- Try using [globalist](globalist.txt) to maintain this list.
- If you are in the **United States of America** and the website in question is a bank or an accountant, try to bring legal pressure under the [GrammLeachBliley Act](https://en.wikipedia.org/wiki/Gramm%E2%80%93Leach%E2%80%93Bliley_Act), or the [Americans with DIsabilities Act](https://www.ada.gov/cguide.htm) and report back to us how far you get.