deCloudflare/subfiles/people/2022.mastodon.md

## Mastodon

- Neben der Arbeit an plattformübergreifenden Schnittstellen stellt Cloudflare die JS-Runtime der Entwicklungsplattform Cloud Workers als Open Source bereit. Open Source: Cloudflare arbeitet mit Deno und Node.js an gemeinsamen APIs ([heiseonline@squeet.me](https://www.heise.de/news/Open-Source-Cloudflare-arbeitet-mit-Deno-und-Node-js-an-gemeinsamen-APIs-7079130.html))
- @kolektiva Are users of kolektiva.social made aware the the instance let Cloudflare intercept the traffic? I mean, the content/communication is basically public (and DMs are not really private, just not public), but things like who connects when from where and their authentication... ([omni](https://freeradical.zone/@omni/108271945089504586))
- Everywhere I go, I see his face: Please wait, We are checking your browser... Please turn Javascript on and reload the page. cloudflare ([redstarfish@social.linux.pizza](https://social.linux.pizza/@redstarfish/108272255785145781))
- Cloudflare Workers 及其子域名 (*.*.workers.dev) 在中国大陆（至少）部分地区被 DNS 污染。 thread: /3574 Cloudflare Workers China GFW Poisoning Telegram 原文 ([cascading@misskey.io](https://misskey.io/notes/901msx3h7h))
- &gt; Listens to LeeCamp speak fervently about his distaste for censorship and how *that* is a big reason why he's leaving (CloudFlare) Patreon. Presses Ctrl+Shift+E in TorBrowser to see that he is moving to a site hosted by Amazon. HAS ANYONE told him about Fediverse? parlerHadACommunityToo closedSilo jumpingFromFrypanIntoFire ([dsfgs@activism.openworlds.info](https://activism.openworlds.info/@dsfgs/108268736623305395))
- Anyone know of a Mastodon instance that blocks all other nodes that are on Cloudflare? AskFedi ([aktivismoEstasMiaLuo@activism.openworlds.info](https://activism.openworlds.info/@aktivismoEstasMiaLuo/108265038542915792))
- Cloudflare Pages (*.pages.dev) 子域名上的站点可能于近期在中国大陆开始无法访问，主要的阻断方式包括连接重置和 DNS 污染等。 Cloudflare Pages China GFW Telegram 原文 ([cascading@misskey.io](https://misskey.io/notes/900je2571b))
- @jeffcliff Pretty sure the sane folk have left Turdsite. Let the drones get in at the price they deserve — a discount after the CloudFlare attack. :/ ([dsfgs@activism.openworlds.info](https://activism.openworlds.info/@dsfgs/108262853027959381))
- @ChonkyCat Oh damn! Has that server always been ClownFlare? @dansup ([dsfgs@activism.openworlds.info](https://activism.openworlds.info/@dsfgs/108262821644700601))
- Cloudflare is not just MitM, their CAPTCHA is a paywall ([omni@hackers.town](https://hackers.town/@omni/108261384696264459))
- @dch What's really ironic is that that site, allegedly reporting on ClownFlare, **is** ClownFlare. :/ If anyone finds an accessible version of the article please share. If we get time, we may. cloudFlareIsTheMalware assetNoteIo ([dsfgs@activism.openworlds.info](https://activism.openworlds.info/@dsfgs/108259928360054110))
- @lupyuen Its actually not a Russian cyberattack but Cloudflare… now where's our reward money? disinfo russiaGateWasFake cloudFlareIsTheMalware akamaiReuters reuters ([dsfgs@activism.openworlds.info](https://activism.openworlds.info/@dsfgs/108259213170019405))
- At one point I came across an organization where you can report breaches, and they handle it from there. But then that org eventually put their website on Cloudflare, so I lost confidence in them. ([bojkotiMalbona@infosec.exchange](https://infosec.exchange/@bojkotiMalbona/108253496682164745))
- And I also believe there is no non-public way to send a msg to a Gitlab.com user even if the Cloudflare &amp; CAPTCHA barriers were not in play. ([bojkotiMalbona@infosec.exchange](https://infosec.exchange/@bojkotiMalbona/108253428890585951))
- @bojkotiMalbona Its super-difficult to know whether something is AstroTurf (blackHats), or just a pack of useful idiots. Also cloudflare seem to just swallow up and takeover entire ISPs and countries at a time. So even that is a loose indicator. On I2P there's some sites where you can discuss stuff. Is there a ConsumerAffairs or ScamWatch in your country. Then there's WikiLeaks, TheGrayZone, Telesur, RT, SouthFront, sites that accept Bitcoin or Monero tend to be good. ([dsfgs@activism.openworlds.info](https://activism.openworlds.info/@dsfgs/108253644714644532))
- Can someone hack electronicBillboards in Australia and maybe Google and Cloudflare so billboards say: &gt; Hi &lt;NAME_PHOTO_OF_DRIVER&gt;, CloudFlare learned you like &lt;SEXUAL_FETISH&gt;, and you have &lt;AMOUNT&gt; at &lt;BANK_NAME&gt;. Visit hCaptcha and train militaryDrones for your chance to keep your password private and maybe remove this message. Because Australia's small banks are almost all watched and controlled at CloudFlare now. workFromCar neoFeudalism cloudflareIsTheMalware billboards ([dsfgs@activism.openworlds.info](https://activism.openworlds.info/@dsfgs/108248875858725527))
- All your banks will be CloudFlare. And you will be happy. andYouWillBeHappy ([dsfgs@activism.openworlds.info](https://activism.openworlds.info/@dsfgs/108245889619336440))
- Some lofty types in the UK now want to block RT from theInternet. Given that they are planning to extraDie Julian Assange to the thirdWorld and to his ultimate death, this makes perfect sense, but memo says esteemed journalist, publisher and politicalPrisoner will extraDie in their own prison. (RT is also not a CloudFlare, Google, Murdoch, Amazon, nor Fakebook-controlled newsService) It has to go. incapacitatedScreaming rtBan rThAStogO pUtInhAStogO USAThirdWorld eNglANd ([dsfgs@activism.openworlds.info](https://activism.openworlds.info/@dsfgs/108246016736010979))
- @teledyn We very much need more ppl getting fired for asking questions, thanks for bringing that up. Its the only way to get to convivialSufficiency. Its sounds like its absolutely an ecology issue. Maybe they have plans to destroyTheComputers on their way out? We might take a look at that (cloudFlare) site article, but yes, its pretty rich to hate on bitcoin/monero when AI is arguably a lot worse. getFired gotFired askQuestions killDrones ([dsfgs@activism.openworlds.info](https://activism.openworlds.info/@dsfgs/108244964067433768))
- We really love that the Block CloudFlare MITM Attack (BCMA) Add-on for Firefox (and TorBrowser) is finally offered by Mozilla. Its not perfect, but it is version 1.0.0. 😃 We are concerned that the "Block request immediately" option could be used to fingerprint a person as a BCMA user. We are supportive of blocklisting for min 6 months (currently it only stores the last 500 MITM'd domains, but sites could get dropped from the list in a matter of weeks, given the preponderance of CF sites). ([dsfgs@activism.openworlds.info](https://activism.openworlds.info/@dsfgs/108244207604647683))
- Scrabble quest.. GAFAM FAANG GMAFIA What words will we be able to create from the biggest monopolistic tech dominators in 5 years from now? Also do parent entities such as Alphabet and Meta stay conveniently under the radar? Here&39;s some candidates on the rise: Cloudflare Stripe TikTok Whaz da word, folks? The winner will become CIO of the Fediverse ([humanetech](https://mastodon.social/@humanetech/108243138678224401))
- @miklo @MitchellYeager6 I will rank them from most evil (w.r.t social &amp; environmental harm) to least, but all these are well into the boycott-worthy level of evil: Amazon Cloudflare Facebook Microsoft PayPal Google HewlettPackard ATT Comcast Charter1communications TimeWarner Sony Motorola Apple ([gerry@mastodon.pirateparty.be](https://mastodon.pirateparty.be/@gerry/108243352989589579))
- @hackernews Nerds tend to underestimate the importance of defaults. They’ll claim “Cloudflare isn’t blocking Tor - that’s the user’s choice”, neglecting that 95+% are just braindead pawns using CF’s defaults. Why? Because nerds override defaults but they can’t step outside themselves to see that that’s statistically unusual. ([koherecoWatchdog@freeradical.zone](https://freeradical.zone/@koherecoWatchdog/108239778748213012))
- @Coffee Interesting… I wasn’t aware of those studies, thanks for sharing. This begs the question: if blocking tor traffic actually hurts cloudflare’s customers due to missed conversions, why are they still doing it? Specifically if the ratio of malicious to genuine traffic is somewhat similar between Tor and non-Tor. ([ilyess@mastodon.online](https://mastodon.online/@ilyess/108238168466797537))
- Imagine being unable to access 33% of the top 10k websites because CloudFlare doesn't like you. ([Coffee@toot.cafe](https://toot.cafe/@Coffee/108237904594749414))
- FIRST AFRICAN NATION adopts bitcoin as legal tender. Lawmakers in the CentralAfricanRepublic have unanimously voted to adopt Bitcoin alongside the CFAFranc. The law makes cryptocurrency exchanges excempt from tax for some strange reason. Maybe because they'll be CloudFlare so want to surviel all the traffic and users' passwords etc. Good news for uncensorable currency, bad news for govt revenue and everyday workers at this stage. ([dsfgs@activism.openworlds.info](https://activism.openworlds.info/@dsfgs/108237626695618490))
- POLL: DO YOU pin the NoScript button to the top of your TorBrowser (like it used to be)? b) Do you imitate TailOS and install UBlockOrigin add-on into Tor Browser? c) If there was an add-on that warned you that you were visiting a CloudFlare, Amazon or Akamai website, how quickly would you drop everything, including balls that are not even yours, to check it out? addOns uBlock deleteAmazon amazon ([dsfgs@activism.openworlds.info](https://activism.openworlds.info/@dsfgs/108234030258310439))
- Der Infrastruktur- und DNS-Anbieter Cloudflare hat eine DDoS-Attacke gestoppt, die zu Spitzenzeiten bis zu 15,3 Millionen Anfragen pro Sekunde verschickte. Cloudflare: Botnet-Angriff mit mehr als 15 Millionen HTTPS-Anfragen/s abgewehrt ([itsecnews@anonsys.net](https://www.heise.de/news/Cloudflare-Botnet-Angriff-mit-mehr-als-15-Millionen-HTTPS-Anfragen-abgewehrt-7070519.html))
- So I guess cloudflare is prepared then. Next stop the moon? ([gigantos@s.gigantos.net](https://s.gigantos.net/@gigantos/108226202024020829))
- @com @jerry So I wonder if using Cloudflare actually eased their effort in passing an audit, because they can probably tick a bunch of boxes that say “not our problem… that’s on Cloudflare’s side of the fence”. ([bojkotiMalbona@infosec.exchange](https://infosec.exchange/@bojkotiMalbona/108221845275233039))
- Someone who sees DeepL’s security statement would be convinced that they are in good hands if they knew nothing about Cloudflare -- which likely describes a majority of those who encounter DeepL. ([bojkotiMalbona@infosec.exchange](https://infosec.exchange/@bojkotiMalbona/108219864107489894))
- I can understand why DeepL is so driven to mislead users about their security -- it’s a profit-driven corporation. But why does the LibreTranslate.com admin mislead users about security? They don’t even have a donation link. They have no reason to be malicious &amp; harm the “libre” brand. It would cost them nothing to warn users that all queries are shared with Cloudflare. ([bojkotiMalbona@infosec.exchange](https://infosec.exchange/@bojkotiMalbona/108219905100511124))
- DeepL’s use of Cloudflare whilst showcasing ISO 27001 compliance really demonstrates well the insufficiency of iso27001. DeepL shows how well a Cloudflare website can decorate the security disclosures of a service while sharing every bit of everyone’s data with a MitM. ([bojkotiMalbona@infosec.exchange](https://infosec.exchange/@bojkotiMalbona/108219851714554080))
- @MarcoMeer @davidoclubb @Blort Yes I have. DeepL chose their words carefully. Their “state of the art TLS” is compromized when another org holds the keys &amp; performs the decryption. Their e2e crypto terminates at Cloudflare’s data center not their own. They say they delete you text immediately have translation, but it’s too late b/c they’ve already shown it to an untrustworthy tech giant. ([koherecoWatchdog@freeradical.zone](https://freeradical.zone/@koherecoWatchdog/108219667424072240))
- Mastodon Pro-tip: if you&39;re struggling to get your website verified on your profile and your website is behind Cloudflare, you have to disable &quot;Bot Fight Mode&quot; under Security =&gt; Bots. Then you have to modify something in your Mastodon &quot;Bio&quot; and save to re-trigger the verification attempt. ([andryou](https://mastodon.social/@andryou/108218913202599968))
- @dromografos Horrible privacy risks exposed! Tonight, on Cloudflare! ([Coffee@toot.cafe](https://toot.cafe/@Coffee/108217640750755724))
- The lesson here, I guess: check the WAF logs in detail before assuming anything's not a CloudFlare issue! More specifically, if anyone else has weird federation issues and uses CloudFlare in front of their site - you need to disable "Bot Fight Mode" under "Security -&gt; Bots" in the dashboard - else federation won't work properly. I have sent CloudFlare a request to fix this on their end too! ([curtispf@mashed.cloud](https://social.mashed.cloud/@curtispf/108216873140742765))
- Want to sign into your matrix account using tor? cloudflare says no. 😿 @matrix ([uniq@chaos.social](https://chaos.social/@uniq/108214086529939675))
- Want to sign into your matrix account using tor? cloudflare says no. 😿 @matrix doesn't this also imply cloudflare can see user passwords and e2e recovery keys? After all, they usually mitm HTTPS. ([uniq@chaos.social](https://chaos.social/@uniq/108212400015010645))
- Finde den Fehler Microsoft Edge bekommt „Sicheres Netzwerk“ (VPN) verpasst. Das Microsoft Edge Secure Network ist ein Dienst, der in Zusammenarbeit mit Cloudflare bereitgestellt wird. Cloudflare setzt sich für den Datenschutz ein und sammelt eine begrenzte Menge an Diagnose- und Unterstützungsdaten als Microsofts Daten-Subprozessor, um die Dienste bereitzustellen. Voraussetzung hier ist, dass man mit einem Microsoft-Account im Browser angemeldet ist. 😜 ([snip@social.tchncs.de](https://social.tchncs.de/@snip/108210396250065663))
- @nielsa Fascism is the melding of govt with big business, the rest are symptoms, things that manifest as a by-product of such fascism. Our sources are reliable re banks censoring and unpersoning. If you have TorBrowser hit Ctrl+Shift+E before loading a website. Quickly you'll learn why CloudFlare is not what it seems. ([dsfgs@activism.openworlds.info](https://activism.openworlds.info/@dsfgs/108208651228597728))
- @nielsa So Facebook and Twitter are in the advertising, data broking and Public Relations industry. They are bad enough but… They are better than CloudFlare for sovereignty (mostly because everyone knows about what they are doing). When Fbook tried to be a bank we went into overdrive. CloudFlare (and akamai, lesser Amazon and Azure) control/block almost all Australian banks and payment rails, and by proxy and stealth. Its infinately worse, there is no comparison here. Its an attack. ([dsfgs@activism.openworlds.info](https://activism.openworlds.info/@dsfgs/108208413666886488))
- @nielsa Saying efforts to avoid Cloudflare (and Azure, Amazon and Akamai) is "entirely ridiculous" flys in the face of people, who have jumped ship when we talk to them. Every 'one' person who learns of the centralisation and NetNeutering-nature of the fascist CDN networks is priceless. We don't need to friend, follow people on Cf servers because their takes are, let's just say, low-octane, funnily enough. Stay on CloudFlare if you dare. ([dsfgs@activism.openworlds.info](https://activism.openworlds.info/@dsfgs/108208318525392690))
- WARNING: The mas.to instance is now CloudFlare. Start dropping packets — and by packet's we mean followers. deleteCloudFlare masTo masDotTo PSA fediverseInstances fediBlock ([dsfgs@activism.openworlds.info](https://activism.openworlds.info/@dsfgs/108205292785894671))
- &gt; "Scraping your website" One 'p'. Means to copy the website, usually into some kind of static text based format, sometimes for processing in some way. &gt; "Scrapping your website." Two 'p' Means to purge the website. &gt; Site is CloudFlare In order to fix your website we take the computer serving the content and "pee" on it. Clear? urine piss infoSec p oneP twoP learnTheDifference ([dsfgs@activism.openworlds.info](https://activism.openworlds.info/@dsfgs/108185625146031951))
- NOOOOO DON'T USE CLOUDFLARE THEY ARE MITM YOUR TRAFFIC AND THEY CAN SEE YOUR PASSWORDS :soyjak: :soyjak2: :soy_left: :soy_right: :soyjak_gun: SSV: *turns ln cloudflare caching* wtf my 1:43:48 long video of "THE IDOLM@STER CINDERELLA GIRLS 7thLIVE TOUR Special 3chord♪ Glowing Rock ! @KYOCERA DOME OSAKA - Day 1 Part 1" doesn't load guess I'm not using cloudflare then. ([splitshockvirus@mstdn.starnix.network](https://mstdn.starnix.network/@splitshockvirus/108184553476460073))
- @Blort @davidoclubb (update) DeepL is a no-go from a privacy standpoint -- just found out they share your sensitive translations with Cloudflare, thus privacy is in the shitter. I suggest installing ArgosTranslate and running it locally. ([koherecoWatchdog@freeradical.zone](https://freeradical.zone/@koherecoWatchdog/108183092593257572))
- @novichan @tetrapyloctomist (update) DeepL shares your sensitive translations with Cloudflare, so privacy is in the shitter w/them. I suggest installing ArgosTranslate and running it locally. ([koherecoWatchdog@freeradical.zone](https://freeradical.zone/@koherecoWatchdog/108183058285035581))
- The FBI are saying "ransomware actors" are apparently going after agricultural cooperatives" and "may (…) negatively impact the food supply chain". Wow, that almost sounds like it might be a threat. We of course, blame fedi. cloudFlareIsTheMalware supplyChains agriculture farming ([dsfgs@activism.openworlds.info](https://activism.openworlds.info/@dsfgs/108181640490400689))
- TIL Pixelfed is protected by Cloudflare. Ouch. ([ru@fosstodon.org](https://fosstodon.org/@ru/108181418478420297))
- @icedquinn Sustainable Australia Party used to call these "de facto standards" "naturalMonopolies". They used to argue that such natural monopolies must be made public. They may still do, but we can no longer access their site as cloudFlare blocks access to it. Cloudflare serve a number of other minorParty websites, all of which are inaccessible. Keep in mind, Australia is IN AN ELECTION, right now. auspol privacy electionMeddling electionRigging USA democracyDoesNotExist ([dsfgs@activism.openworlds.info](https://activism.openworlds.info/@dsfgs/108181111698479070))
- Behördenwebsites mit Cloudflare "we are checking your browser" ([quincy@chaos.social](https://chaos.social/@quincy/108179883508136249))
- If you want to opt-out of Visa’s information sharing, you must give your card to Visa’s Cloudflare website. Is this catch22 legal, considering Visa is legally obligated to offer the opt-out? ([koherecoWatchdog@freeradical.zone](https://freeradical.zone/@koherecoWatchdog/108176690207008793))
- Hahaha. Now even CloudFlare'd sites are dropping initial connection attempts. Just die, CloudFlare. cloudFuckd cloudFucked dieCloudFlare ([dsfgs@activism.openworlds.info](https://activism.openworlds.info/@dsfgs/108174798782492937))
- @fedithom @fdroidorg You need to separate the facts from the judgment. The irrefutable fact is that Cloudflare sees all data going to CF-hosted Fdroid servers incl. ssl. What Cloudflare harvests from the F-droid mirrors is anyone’s guess b/c those facts are concealed from the public. Even if Cloudflare were to claim not to, they’ve been caught making false statements before, thus untrustworthy. ([bojkotiMalbona@infosec.exchange](https://infosec.exchange/@bojkotiMalbona/108168770251173981))
- @fdroidorg @iska The answer is the website, for now. Experts &amp; streetwise users are being driven off the Fdroid app but the fdroid website is still easy to detect Cloudflare on (there are a number of tools to do this) and then sideload the apps. ([bojkotiMalbona@infosec.exchange](https://infosec.exchange/@bojkotiMalbona/108168857872534511))
- @fdroidorg @iska There is a project dedicated to finding Cloudflare websites. It’s such a huge undertaking that the project struggles to keep up with it. This is nothing that you could reasonably expect each Fdroid user to undertake on their own. ([bojkotiMalbona@infosec.exchange](https://infosec.exchange/@bojkotiMalbona/108168878863849485))
- @iska @fdroidorg What’s a specific firewall implementation that gives users the option of using a custom filter? BTW, you’re not just blocking one IP address. Cloudflare has around ~10-15% of all websites in the world. That’s a lot of IPs stemming from a lot of ASNs, and the ASN lookups are non-trivial because some CF websites are not tagged in the ASN info as belonging to CF. ([bojkotiMalbona@infosec.exchange](https://infosec.exchange/@bojkotiMalbona/108168867633647833))
- Fdroid is getting dicey for privacy now that are allowing a tech giant to snoop on who fetches which app. Many users choose @fdroidorg for security, but security is compromized when Cloudflare is given reconnaisance data on the apps and versions various users are running. This info opens up Fdroid users to attacks that exploit known bugs. ([bojkotiMalbona@infosec.exchange](https://infosec.exchange/@bojkotiMalbona/108165961277908385))
- @fdroidorg I suggest not trusting the Fdroid app itself anymore. By default it enables ~6 mirrors, any of which can become Cloudflared w/out notice. There is no toggle to automatically block or disable Cloudflare hosts. It’s thus more secure to fetch f-droid apps from the web over Tor, after checking whether a host is CF’d. ([bojkotiMalbona@infosec.exchange](https://infosec.exchange/@bojkotiMalbona/108166039629460241))
- ↳ [Back to list](../people/)
-												commit
											
										
										
											2022-04-20 03:24:15 -04:00
+								## Mastodon
-												commit
											
										
										
											2022-05-09 12:10:49 -04:00
+								- Neben der Arbeit an plattformübergreifenden Schnittstellen stellt Cloudflare die JS-Runtime der Entwicklungsplattform Cloud Workers als Open Source bereit. Open Source: Cloudflare arbeitet mit Deno und Node.js an gemeinsamen APIs ([heiseonline@squeet.me](https://www.heise.de/news/Open-Source-Cloudflare-arbeitet-mit-Deno-und-Node-js-an-gemeinsamen-APIs-7079130.html))
 								- @kolektiva Are users of kolektiva.social made aware the the instance let Cloudflare intercept the traffic? I mean, the content/communication is basically public (and DMs are not really private, just not public), but things like who connects when from where and their authentication... ([omni](https://freeradical.zone/@omni/108271945089504586))
 								- Everywhere I go, I see his face: Please wait, We are checking your browser... Please turn Javascript on and reload the page. cloudflare ([redstarfish@social.linux.pizza](https://social.linux.pizza/@redstarfish/108272255785145781))
-												commit
											
										
										
											2022-05-09 00:10:50 -04:00
+								- Cloudflare Workers 及其子域名 (*.*.workers.dev) 在中国大陆（至少）部分地区被 DNS 污染。 thread: /3574 Cloudflare Workers China GFW Poisoning Telegram 原文 ([cascading@misskey.io](https://misskey.io/notes/901msx3h7h))
-												commit
											
										
										
											2022-05-08 20:10:39 -04:00
+								- &gt; Listens to LeeCamp speak fervently about his distaste for censorship and how *that* is a big reason why he's leaving (CloudFlare) Patreon. Presses Ctrl+Shift+E in TorBrowser to see that he is moving to a site hosted by Amazon. HAS ANYONE told him about Fediverse? parlerHadACommunityToo closedSilo jumpingFromFrypanIntoFire ([dsfgs@activism.openworlds.info](https://activism.openworlds.info/@dsfgs/108268736623305395))
-												commit
											
										
										
											2022-05-08 05:08:22 -04:00
+								- Anyone know of a Mastodon instance that blocks all other nodes that are on Cloudflare? AskFedi ([aktivismoEstasMiaLuo@activism.openworlds.info](https://activism.openworlds.info/@aktivismoEstasMiaLuo/108265038542915792))
 								- Cloudflare Pages (*.pages.dev) 子域名上的站点可能于近期在中国大陆开始无法访问，主要的阻断方式包括连接重置和 DNS 污染等。 Cloudflare Pages China GFW Telegram 原文 ([cascading@misskey.io](https://misskey.io/notes/900je2571b))
-												commit
											
										
										
											2022-05-07 20:10:55 -04:00
+								- @jeffcliff Pretty sure the sane folk have left Turdsite. Let the drones get in at the price they deserve — a discount after the CloudFlare attack. :/ ([dsfgs@activism.openworlds.info](https://activism.openworlds.info/@dsfgs/108262853027959381))
 								- @ChonkyCat Oh damn! Has that server always been ClownFlare? @dansup ([dsfgs@activism.openworlds.info](https://activism.openworlds.info/@dsfgs/108262821644700601))
-												commit
											
										
										
											2022-05-07 12:10:13 -04:00
+								- Cloudflare is not just MitM, their CAPTCHA is a paywall ([omni@hackers.town](https://hackers.town/@omni/108261384696264459))
-												commit
											
										
										
											2022-05-07 08:10:25 -04:00
+								- @dch What's really ironic is that that site, allegedly reporting on ClownFlare, **is** ClownFlare. :/ If anyone finds an accessible version of the article please share. If we get time, we may. cloudFlareIsTheMalware assetNoteIo ([dsfgs@activism.openworlds.info](https://activism.openworlds.info/@dsfgs/108259928360054110))
-												commit
											
										
										
											2022-05-07 04:10:29 -04:00
+								- @lupyuen Its actually not a Russian cyberattack but Cloudflare… now where's our reward money? disinfo russiaGateWasFake cloudFlareIsTheMalware akamaiReuters reuters ([dsfgs@activism.openworlds.info](https://activism.openworlds.info/@dsfgs/108259213170019405))
-												commit
											
										
										
											2022-05-06 04:10:27 -04:00
+								- At one point I came across an organization where you can report breaches, and they handle it from there. But then that org eventually put their website on Cloudflare, so I lost confidence in them. ([bojkotiMalbona@infosec.exchange](https://infosec.exchange/@bojkotiMalbona/108253496682164745))
 								- And I also believe there is no non-public way to send a msg to a Gitlab.com user even if the Cloudflare &amp; CAPTCHA barriers were not in play. ([bojkotiMalbona@infosec.exchange](https://infosec.exchange/@bojkotiMalbona/108253428890585951))
 								- @bojkotiMalbona Its super-difficult to know whether something is AstroTurf (blackHats), or just a pack of useful idiots. Also cloudflare seem to just swallow up and takeover entire ISPs and countries at a time. So even that is a loose indicator. On I2P there's some sites where you can discuss stuff. Is there a ConsumerAffairs or ScamWatch in your country. Then there's WikiLeaks, TheGrayZone, Telesur, RT, SouthFront, sites that accept Bitcoin or Monero tend to be good. ([dsfgs@activism.openworlds.info](https://activism.openworlds.info/@dsfgs/108253644714644532))
-												commit
											
										
										
											2022-05-05 08:10:15 -04:00
+								- Can someone hack electronicBillboards in Australia and maybe Google and Cloudflare so billboards say: &gt; Hi &lt;NAME_PHOTO_OF_DRIVER&gt;, CloudFlare learned you like &lt;SEXUAL_FETISH&gt;, and you have &lt;AMOUNT&gt; at &lt;BANK_NAME&gt;. Visit hCaptcha and train militaryDrones for your chance to keep your password private and maybe remove this message. Because Australia's small banks are almost all watched and controlled at CloudFlare now. workFromCar neoFeudalism cloudflareIsTheMalware billboards ([dsfgs@activism.openworlds.info](https://activism.openworlds.info/@dsfgs/108248875858725527))
-												commit
											
										
										
											2022-05-04 20:10:35 -04:00
+								- All your banks will be CloudFlare. And you will be happy. andYouWillBeHappy ([dsfgs@activism.openworlds.info](https://activism.openworlds.info/@dsfgs/108245889619336440))
 								- Some lofty types in the UK now want to block RT from theInternet. Given that they are planning to extraDie Julian Assange to the thirdWorld and to his ultimate death, this makes perfect sense, but memo says esteemed journalist, publisher and politicalPrisoner will extraDie in their own prison. (RT is also not a CloudFlare, Google, Murdoch, Amazon, nor Fakebook-controlled newsService) It has to go. incapacitatedScreaming rtBan rThAStogO pUtInhAStogO USAThirdWorld eNglANd ([dsfgs@activism.openworlds.info](https://activism.openworlds.info/@dsfgs/108246016736010979))
-												commit
											
										
										
											2022-05-04 16:11:20 -04:00
+								- @teledyn We very much need more ppl getting fired for asking questions, thanks for bringing that up. Its the only way to get to convivialSufficiency. Its sounds like its absolutely an ecology issue. Maybe they have plans to destroyTheComputers on their way out? We might take a look at that (cloudFlare) site article, but yes, its pretty rich to hate on bitcoin/monero when AI is arguably a lot worse. getFired gotFired askQuestions killDrones ([dsfgs@activism.openworlds.info](https://activism.openworlds.info/@dsfgs/108244964067433768))
-												commit
											
										
										
											2022-05-04 12:10:22 -04:00
+								- We really love that the Block CloudFlare MITM Attack (BCMA) Add-on for Firefox (and TorBrowser) is finally offered by Mozilla. Its not perfect, but it is version 1.0.0. 😃 We are concerned that the "Block request immediately" option could be used to fingerprint a person as a BCMA user. We are supportive of blocklisting for min 6 months (currently it only stores the last 500 MITM'd domains, but sites could get dropped from the list in a matter of weeks, given the preponderance of CF sites). ([dsfgs@activism.openworlds.info](https://activism.openworlds.info/@dsfgs/108244207604647683))
-												commit
											
										
										
											2022-05-04 08:10:23 -04:00
+								- Scrabble quest.. GAFAM FAANG GMAFIA What words will we be able to create from the biggest monopolistic tech dominators in 5 years from now? Also do parent entities such as Alphabet and Meta stay conveniently under the radar? Here&39;s some candidates on the rise: Cloudflare Stripe TikTok Whaz da word, folks? The winner will become CIO of the Fediverse ([humanetech](https://mastodon.social/@humanetech/108243138678224401))
 								- @miklo @MitchellYeager6 I will rank them from most evil (w.r.t social &amp; environmental harm) to least, but all these are well into the boycott-worthy level of evil: Amazon Cloudflare Facebook Microsoft PayPal Google HewlettPackard ATT Comcast Charter1communications TimeWarner Sony Motorola Apple ([gerry@mastodon.pirateparty.be](https://mastodon.pirateparty.be/@gerry/108243352989589579))
-												commit
											
										
										
											2022-05-03 20:11:32 -04:00
+								- @hackernews Nerds tend to underestimate the importance of defaults. They’ll claim “Cloudflare isn’t blocking Tor - that’s the user’s choice”, neglecting that 95+% are just braindead pawns using CF’s defaults. Why? Because nerds override defaults but they can’t step outside themselves to see that that’s statistically unusual. ([koherecoWatchdog@freeradical.zone](https://freeradical.zone/@koherecoWatchdog/108239778748213012))
-												commit
											
										
										
											2022-05-03 12:10:08 -04:00
+								- @Coffee Interesting… I wasn’t aware of those studies, thanks for sharing. This begs the question: if blocking tor traffic actually hurts cloudflare’s customers due to missed conversions, why are they still doing it? Specifically if the ratio of malicious to genuine traffic is somewhat similar between Tor and non-Tor. ([ilyess@mastodon.online](https://mastodon.online/@ilyess/108238168466797537))
-												commit
											
										
										
											2022-05-03 08:10:26 -04:00
+								- Imagine being unable to access 33% of the top 10k websites because CloudFlare doesn't like you. ([Coffee@toot.cafe](https://toot.cafe/@Coffee/108237904594749414))
 								- FIRST AFRICAN NATION adopts bitcoin as legal tender. Lawmakers in the CentralAfricanRepublic have unanimously voted to adopt Bitcoin alongside the CFAFranc. The law makes cryptocurrency exchanges excempt from tax for some strange reason. Maybe because they'll be CloudFlare so want to surviel all the traffic and users' passwords etc. Good news for uncensorable currency, bad news for govt revenue and everyday workers at this stage. ([dsfgs@activism.openworlds.info](https://activism.openworlds.info/@dsfgs/108237626695618490))
-												commit
											
										
										
											2022-05-02 16:10:08 -04:00
+								- POLL: DO YOU pin the NoScript button to the top of your TorBrowser (like it used to be)? b) Do you imitate TailOS and install UBlockOrigin add-on into Tor Browser? c) If there was an add-on that warned you that you were visiting a CloudFlare, Amazon or Akamai website, how quickly would you drop everything, including balls that are not even yours, to check it out? addOns uBlock deleteAmazon amazon ([dsfgs@activism.openworlds.info](https://activism.openworlds.info/@dsfgs/108234030258310439))
-												commit
											
										
										
											2022-05-01 09:30:01 -04:00
+								- Der Infrastruktur- und DNS-Anbieter Cloudflare hat eine DDoS-Attacke gestoppt, die zu Spitzenzeiten bis zu 15,3 Millionen Anfragen pro Sekunde verschickte. Cloudflare: Botnet-Angriff mit mehr als 15 Millionen HTTPS-Anfragen/s abgewehrt ([itsecnews@anonsys.net](https://www.heise.de/news/Cloudflare-Botnet-Angriff-mit-mehr-als-15-Millionen-HTTPS-Anfragen-abgewehrt-7070519.html))
 								- So I guess cloudflare is prepared then. Next stop the moon? ([gigantos@s.gigantos.net](https://s.gigantos.net/@gigantos/108226202024020829))
-												commit
											
										
										
											2022-04-30 17:30:08 -04:00
+								- @com @jerry So I wonder if using Cloudflare actually eased their effort in passing an audit, because they can probably tick a bunch of boxes that say “not our problem… that’s on Cloudflare’s side of the fence”. ([bojkotiMalbona@infosec.exchange](https://infosec.exchange/@bojkotiMalbona/108221845275233039))
-												commit
											
										
										
											2022-04-30 08:10:16 -04:00
+								- Someone who sees DeepL’s security statement would be convinced that they are in good hands if they knew nothing about Cloudflare -- which likely describes a majority of those who encounter DeepL. ([bojkotiMalbona@infosec.exchange](https://infosec.exchange/@bojkotiMalbona/108219864107489894))
 								- I can understand why DeepL is so driven to mislead users about their security -- it’s a profit-driven corporation. But why does the LibreTranslate.com admin mislead users about security? They don’t even have a donation link. They have no reason to be malicious &amp; harm the “libre” brand. It would cost them nothing to warn users that all queries are shared with Cloudflare. ([bojkotiMalbona@infosec.exchange](https://infosec.exchange/@bojkotiMalbona/108219905100511124))
 								- DeepL’s use of Cloudflare whilst showcasing ISO 27001 compliance really demonstrates well the insufficiency of iso27001. DeepL shows how well a Cloudflare website can decorate the security disclosures of a service while sharing every bit of everyone’s data with a MitM. ([bojkotiMalbona@infosec.exchange](https://infosec.exchange/@bojkotiMalbona/108219851714554080))
-												commit
											
										
										
											2022-04-30 04:10:18 -04:00
+								- @MarcoMeer @davidoclubb @Blort Yes I have. DeepL chose their words carefully. Their “state of the art TLS” is compromized when another org holds the keys &amp; performs the decryption. Their e2e crypto terminates at Cloudflare’s data center not their own. They say they delete you text immediately have translation, but it’s too late b/c they’ve already shown it to an untrustworthy tech giant. ([koherecoWatchdog@freeradical.zone](https://freeradical.zone/@koherecoWatchdog/108219667424072240))
-												commit
											
										
										
											2022-04-30 00:16:47 -04:00
+								- Mastodon Pro-tip: if you&39;re struggling to get your website verified on your profile and your website is behind Cloudflare, you have to disable &quot;Bot Fight Mode&quot; under Security =&gt; Bots. Then you have to modify something in your Mastodon &quot;Bio&quot; and save to re-trigger the verification attempt. ([andryou](https://mastodon.social/@andryou/108218913202599968))
-												commit
											
										
										
											2022-04-29 20:10:28 -04:00
+								- @dromografos Horrible privacy risks exposed! Tonight, on Cloudflare! ([Coffee@toot.cafe](https://toot.cafe/@Coffee/108217640750755724))
-												commit
											
										
										
											2022-04-29 16:10:11 -04:00
+								- The lesson here, I guess: check the WAF logs in detail before assuming anything's not a CloudFlare issue! More specifically, if anyone else has weird federation issues and uses CloudFlare in front of their site - you need to disable "Bot Fight Mode" under "Security -&gt; Bots" in the dashboard - else federation won't work properly. I have sent CloudFlare a request to fix this on their end too! ([curtispf@mashed.cloud](https://social.mashed.cloud/@curtispf/108216873140742765))
-												commit
											
										
										
											2022-04-29 04:10:18 -04:00
+								- Want to sign into your matrix account using tor? cloudflare says no. 😿 @matrix ([uniq@chaos.social](https://chaos.social/@uniq/108214086529939675))
-												commit
											
										
										
											2022-04-29 00:10:32 -04:00
+								- Want to sign into your matrix account using tor? cloudflare says no. 😿 @matrix doesn't this also imply cloudflare can see user passwords and e2e recovery keys? After all, they usually mitm HTTPS. ([uniq@chaos.social](https://chaos.social/@uniq/108212400015010645))
-												commit
											
										
										
											2022-04-28 16:10:28 -04:00
+								- Finde den Fehler Microsoft Edge bekommt „Sicheres Netzwerk“ (VPN) verpasst. Das Microsoft Edge Secure Network ist ein Dienst, der in Zusammenarbeit mit Cloudflare bereitgestellt wird. Cloudflare setzt sich für den Datenschutz ein und sammelt eine begrenzte Menge an Diagnose- und Unterstützungsdaten als Microsofts Daten-Subprozessor, um die Dienste bereitzustellen. Voraussetzung hier ist, dass man mit einem Microsoft-Account im Browser angemeldet ist. 😜 ([snip@social.tchncs.de](https://social.tchncs.de/@snip/108210396250065663))
-												commit
											
										
										
											2022-04-28 08:10:17 -04:00
+								- @nielsa Fascism is the melding of govt with big business, the rest are symptoms, things that manifest as a by-product of such fascism. Our sources are reliable re banks censoring and unpersoning. If you have TorBrowser hit Ctrl+Shift+E before loading a website. Quickly you'll learn why CloudFlare is not what it seems. ([dsfgs@activism.openworlds.info](https://activism.openworlds.info/@dsfgs/108208651228597728))
 								- @nielsa So Facebook and Twitter are in the advertising, data broking and Public Relations industry. They are bad enough but… They are better than CloudFlare for sovereignty (mostly because everyone knows about what they are doing). When Fbook tried to be a bank we went into overdrive. CloudFlare (and akamai, lesser Amazon and Azure) control/block almost all Australian banks and payment rails, and by proxy and stealth. Its infinately worse, there is no comparison here. Its an attack. ([dsfgs@activism.openworlds.info](https://activism.openworlds.info/@dsfgs/108208413666886488))
-												commit
											
										
										
											2022-04-28 04:10:37 -04:00
+								- @nielsa Saying efforts to avoid Cloudflare (and Azure, Amazon and Akamai) is "entirely ridiculous" flys in the face of people, who have jumped ship when we talk to them. Every 'one' person who learns of the centralisation and NetNeutering-nature of the fascist CDN networks is priceless. We don't need to friend, follow people on Cf servers because their takes are, let's just say, low-octane, funnily enough. Stay on CloudFlare if you dare. ([dsfgs@activism.openworlds.info](https://activism.openworlds.info/@dsfgs/108208318525392690))
-												commit
											
										
										
											2022-04-27 16:10:13 -04:00
+								- WARNING: The mas.to instance is now CloudFlare. Start dropping packets — and by packet's we mean followers. deleteCloudFlare masTo masDotTo PSA fediverseInstances fediBlock ([dsfgs@activism.openworlds.info](https://activism.openworlds.info/@dsfgs/108205292785894671))
-												commit
											
										
										
											2022-04-24 04:10:11 -04:00
+								- &gt; "Scraping your website" One 'p'. Means to copy the website, usually into some kind of static text based format, sometimes for processing in some way. &gt; "Scrapping your website." Two 'p' Means to purge the website. &gt; Site is CloudFlare In order to fix your website we take the computer serving the content and "pee" on it. Clear? urine piss infoSec p oneP twoP learnTheDifference ([dsfgs@activism.openworlds.info](https://activism.openworlds.info/@dsfgs/108185625146031951))
-												commit
											
										
										
											2022-04-24 00:11:59 -04:00
+								- NOOOOO DON'T USE CLOUDFLARE THEY ARE MITM YOUR TRAFFIC AND THEY CAN SEE YOUR PASSWORDS :soyjak: :soyjak2: :soy_left: :soy_right: :soyjak_gun: SSV: *turns ln cloudflare caching* wtf my 1:43:48 long video of "THE IDOLM@STER CINDERELLA GIRLS 7thLIVE TOUR Special 3chord♪ Glowing Rock ! @KYOCERA DOME OSAKA - Day 1 Part 1" doesn't load guess I'm not using cloudflare then. ([splitshockvirus@mstdn.starnix.network](https://mstdn.starnix.network/@splitshockvirus/108184553476460073))
-												commit
											
										
										
											2022-04-23 16:10:18 -04:00
+								- @Blort @davidoclubb (update) DeepL is a no-go from a privacy standpoint -- just found out they share your sensitive translations with Cloudflare, thus privacy is in the shitter. I suggest installing ArgosTranslate and running it locally. ([koherecoWatchdog@freeradical.zone](https://freeradical.zone/@koherecoWatchdog/108183092593257572))
 								- @novichan @tetrapyloctomist (update) DeepL shares your sensitive translations with Cloudflare, so privacy is in the shitter w/them. I suggest installing ArgosTranslate and running it locally. ([koherecoWatchdog@freeradical.zone](https://freeradical.zone/@koherecoWatchdog/108183058285035581))
-												commit
											
										
										
											2022-04-23 12:10:13 -04:00
+								- The FBI are saying "ransomware actors" are apparently going after agricultural cooperatives" and "may (…) negatively impact the food supply chain". Wow, that almost sounds like it might be a threat. We of course, blame fedi. cloudFlareIsTheMalware supplyChains agriculture farming ([dsfgs@activism.openworlds.info](https://activism.openworlds.info/@dsfgs/108181640490400689))
 								- TIL Pixelfed is protected by Cloudflare. Ouch. ([ru@fosstodon.org](https://fosstodon.org/@ru/108181418478420297))
-												commit
											
										
										
											2022-04-23 08:10:13 -04:00
+								- @icedquinn Sustainable Australia Party used to call these "de facto standards" "naturalMonopolies". They used to argue that such natural monopolies must be made public. They may still do, but we can no longer access their site as cloudFlare blocks access to it. Cloudflare serve a number of other minorParty websites, all of which are inaccessible. Keep in mind, Australia is IN AN ELECTION, right now. auspol privacy electionMeddling electionRigging USA democracyDoesNotExist ([dsfgs@activism.openworlds.info](https://activism.openworlds.info/@dsfgs/108181111698479070))
-												commit
											
										
										
											2022-04-23 04:10:18 -04:00
+								- Behördenwebsites mit Cloudflare "we are checking your browser" ([quincy@chaos.social](https://chaos.social/@quincy/108179883508136249))
-												commit
											
										
										
											2022-04-22 16:10:22 -04:00
+								- If you want to opt-out of Visa’s information sharing, you must give your card to Visa’s Cloudflare website. Is this catch22 legal, considering Visa is legally obligated to offer the opt-out? ([koherecoWatchdog@freeradical.zone](https://freeradical.zone/@koherecoWatchdog/108176690207008793))
-												commit
											
										
										
											2022-04-22 09:30:06 -04:00
+								- Hahaha. Now even CloudFlare'd sites are dropping initial connection attempts. Just die, CloudFlare. cloudFuckd cloudFucked dieCloudFlare ([dsfgs@activism.openworlds.info](https://activism.openworlds.info/@dsfgs/108174798782492937))
-												commit
											
										
										
											2022-04-21 04:10:20 -04:00
+								- @fedithom @fdroidorg You need to separate the facts from the judgment. The irrefutable fact is that Cloudflare sees all data going to CF-hosted Fdroid servers incl. ssl. What Cloudflare harvests from the F-droid mirrors is anyone’s guess b/c those facts are concealed from the public. Even if Cloudflare were to claim not to, they’ve been caught making false statements before, thus untrustworthy. ([bojkotiMalbona@infosec.exchange](https://infosec.exchange/@bojkotiMalbona/108168770251173981))
 								- @fdroidorg @iska The answer is the website, for now. Experts &amp; streetwise users are being driven off the Fdroid app but the fdroid website is still easy to detect Cloudflare on (there are a number of tools to do this) and then sideload the apps. ([bojkotiMalbona@infosec.exchange](https://infosec.exchange/@bojkotiMalbona/108168857872534511))
 								- @fdroidorg @iska There is a project dedicated to finding Cloudflare websites. It’s such a huge undertaking that the project struggles to keep up with it. This is nothing that you could reasonably expect each Fdroid user to undertake on their own. ([bojkotiMalbona@infosec.exchange](https://infosec.exchange/@bojkotiMalbona/108168878863849485))
 								- @iska @fdroidorg What’s a specific firewall implementation that gives users the option of using a custom filter? BTW, you’re not just blocking one IP address. Cloudflare has around ~10-15% of all websites in the world. That’s a lot of IPs stemming from a lot of ASNs, and the ASN lookups are non-trivial because some CF websites are not tagged in the ASN info as belonging to CF. ([bojkotiMalbona@infosec.exchange](https://infosec.exchange/@bojkotiMalbona/108168867633647833))
-												commit
											
										
										
											2022-04-20 16:10:38 -04:00
+								- Fdroid is getting dicey for privacy now that are allowing a tech giant to snoop on who fetches which app. Many users choose @fdroidorg for security, but security is compromized when Cloudflare is given reconnaisance data on the apps and versions various users are running. This info opens up Fdroid users to attacks that exploit known bugs. ([bojkotiMalbona@infosec.exchange](https://infosec.exchange/@bojkotiMalbona/108165961277908385))
 								- @fdroidorg I suggest not trusting the Fdroid app itself anymore. By default it enables ~6 mirrors, any of which can become Cloudflared w/out notice. There is no toggle to automatically block or disable Cloudflare hosts. It’s thus more secure to fetch f-droid apps from the web over Tor, after checking whether a host is CF’d. ([bojkotiMalbona@infosec.exchange](https://infosec.exchange/@bojkotiMalbona/108166039629460241))
-												commit
											
										
										
											2022-04-20 03:30:42 -04:00
+								- ↳ [Back to list](../people/)