The Cloudflare Poison

iarigby , 1 month ago

It is very weird that tools that support “onion” ssl - some way that would allow one layer of encryption for your “allowed” mitm which would keep almost all the request encrypted with key for the server.

Scolding0513 OP , 1 month ago

exactly my thoughts, i been wanting look into this. seems like they are trying to MITM even onion traffic

TheAnonymouseJoker , 1 month ago

I explicitly block Cloudflare and Google domains fully, until and unless it is a website with no privacy repercussions or throwaway account possibilities. If it is something I legally purchase and requires their captcha, I can tolerate it unless I can avoid.

People are too used to submitting or cucking themselves. I am not such a person.

Deebster , 1 month ago

If you're blocking everything that's proxied via Cloudflare or hosted on Google, the internet must be a very small place for you. I think even a third of Lemmy is behind Cloudflare.

TheAnonymouseJoker , 1 month ago

I do not directly use Lemmy world or those instances. Their contents federate with Lemmy.ml instance.

Moreover, only 22% of internet is behind Cloudflare. You missed the part where I said I refuse to use a Cloudflare service where there is no throwaway account possibilities or no privacy/anonymity repercussions. That is most of Cloudflare sites. I have encountered probably 20ish CF sites in my life according to my criteria where I had to avoid using them.

Deebster , 1 month ago

I know how federation works, but look at the network inspector and you'll see you're pulling a lot of images from Cloudflare-proxied sites (or you're missing a lot, if you've blacklisted them).

Anyway, I only meant that even Lemmy, with its anti-corporate culture, is still heavily using Cloudflare. "Only" 22% is still a lot in my book.

I'm interested as to your motives - are you doing this as a boycott, and/or to protect your privacy (or similar)? Also, are you blocking domains one-by-one, or are doing something like using firewall rules?

Scolding0513 OP , 1 month ago

fully agreed. if i have to use a CF site i make absolutely sure im using a dedicated IP with useless disposable info/creds

sometimes I just close the site and never go back, I'm so sick of seeing it.

intro , 1 month ago

Is this also true about the cloudflare DNS over HTTPS option that Firefox provides in the privacy settings?
If yes, then would it help if I changed the setting from 'Cloudflare' to 'NextDNS'?

scytale , 1 month ago

I personally use Mullvad on my FF DNS settings.

vox , 1 month ago

that's just dns tho
but yeah, obviously your dns provider can see the dns requests (aka domain names) you're making, that's the whole point of dns server

ssm , 1 month ago (edited 1 month ago)

I use quad9 with DNS over TLS systemwide with openbsd unwind

unwind.conf config

forwarder { 9.9.9.9 port 853 DoT 149.112.112.112 port 853 DoT }
preference { DoT }

firefox's use of cloudflare for DoH is irresponsible, and possibly worse than just sending your DNS queries to your ISP's default servers. It would be in line with Mozilla's other practices though.

Asudox , 1 month ago

I'd suggest you use the DNS mullvad provides.

elias_griffin , 1 month ago

The name sounds akin to "mass gaslighting"?

hellfire103 , 1 month ago (edited 1 month ago)

Welp. Guess now is as good a time as any for me to switch to deSEC...

FrostyCaveman , 1 month ago

Yeah, that reminds me. I should take my stuff off it