[HOME] [DOWNLOAD] [DOCS] [BLOG] [SUPPORT] [TIPS] [ISSUES] [Priority Support]

cloudflare and co. full ssl mode, "everyone" going to use it, ...


#1

Heard something about cloudflare and co. This is a rather sloppy writeup. Don’t quote me on it.

There are various modes.

[1] full ssl -> end to end through cloudflare
[2] CDN (content delivery network) - ssl user to cloudflare - decrypt at cloudflare - ssl cloudflare to actual server


[2] is results in a huge speedup. Static content such as images, html and scripts can be delivered from a server close to the user - including QoS (quality of service) prioritization. Since cloudflare can decrypt all the traffic, this is a solution many privacy aware websites won’t want.

[1] So cloudflare is mostly known for CDN / [2]. How can [1] be useful? It’s obviously slower, but slower here still means factor 3 speedup. It works by cloudflare having their own dark fiber and making deals with ISPs for guaranteed bandwidth so they can implement faster routing and higher QoS priority.


If true, that means the debate on net neutrality is already over and practically we transitioned into the QoS age. Most services nowadays sign up for cloudflare to be faster. Which from their point of view is profitable, since website speed is crucial. More then 2 seconds page load time and already x % bounce rate.

At the moment there are various free offers of cloudflare. [1] is among them.

If everyone signed up for cloudflare eventually, we could as well as also decide to go back to no one using it - since then some superfluous extra proxy was added - and no one benefited.

The final result will probably be that all server providers have to be bidding on bandwidth or be super slow.


Obviously we shouldn’t sign up whonix.org for cloudflare and co. However, as more and more destitutions are behind cloudflare and co, the number of destinations for all Tor traffic was reduced from many to “one”. Safe to assume cloudflare and co. as a giant global at least passive traffic observer.


#2

Related re: global passive observers/profilers.

I recommend everyone read this below to understand how dangerous Google, Facebook and Twitter are as global traffic observers given their presence on most of the top 200,000 Alexa websites. Google third party web services are on nearly 100% of those (97%).

This is why VPNs are useless. With advances in fingerprinting, anybody using a standard browser and cruising around is being profiled by these corporations, with no fancy decryption of OpenVPN required. Reminder: 29 bits of identifying information just from screen resolution output alone. It’s just too easy…

Your top 15 enemies for tracking/profiling are:

doubleclick.net, google.com, googlesyndication.com, googleapis.com, gstatic.com, admob.com, googleanalytics.com, googleusercontent.com, flurry.com, adobe.com, chartboost.com, unity3d.com, facebook.com, amazonaws.com and tapjoyads.com


#3

Other main reasons are free DDoS protection and free bandwidth which explains the popularity of Cloudflare


#4

on Tor-Talk discussion, CloudFlare want to absorb Tor Exit nodes into their monitoring traffic. and here are some good to say about those morans of CF:

  1. Two faced CEO declares to be fighting for “free speech”,
    yet goes anti and shuts down those like DS whose users
    speak unbelievable nonsense about CF, yet is freespeech.
    EFF and many others condemned this censorship.
    Censorship is rapidly spreading in part due to CF’s choice.
  2. Breaks e2e encryption by MITM browser and website.
    Everything you do with such “TLS” website is MITM’d by a
    secret closed entity you have no explicit reason to trust
    with your data.
    2a) The list of entities in history that have been able to resist
    datamining such a global trove, and further resist selling /
    giving / renting / cracking / leaking / partnering / surveilling /
    spying / manipulating / social mind controlling / court ordering /
    etc it all away… is approximately zero.
  3. Premeditatively chose to do 2 / 2a as a profit business model.
  4. CF’s [pre] history loves partnering with law enforcement.
  5. Todays such “partnering” is often doublespeak for
    secret surveillance fuckery against peoples.
  6. Involved against what some say are victimless paper
    issues of copyright trademark etc via historical partners.
  7. Set the CF defaults to block torizens, requiring websites
    to manually configure CF to accept torizens and their
    perfectly good revenue, content, etc. Torizens lost much
    time in their quest to exist and participate with the rest
    as human beings.
  8. CloudBleed

While the individual techy projects of these megacorps may be
interesting, advanced, useful, and even pro to whatever some
segments might believe in, that does not excuse the responsibility
of the internet to constantly examine and call out what
they’re doing in other areas.

Example in some investigations, balance checks, and backlash
against them starting to rise up, ie: Facebook and others taking
heat now for various things.

https://www.theguardian.com/technology/2013/aug/12/cloudflare-kavkaz-center-censorship-row
https://www.youtube.com/watch?v=SWFX-zEYwN0
https://www.propublica.org/article/how-cloudflare-helps-serve-up-hate-on-the-web
https://www.wired.com/story/free-speech-issue-cloudflare/
https://www.theverge.com/2017/8/16/16157710/cloudflare-daily-stormer-drop-russia-hate-white-nationalism
http://dstormer6em3i4km.onion/matthew-prince-of-cloudflare-admits-he-killed-the-internet-because-he-thinks-andrew-anglin-is-an-asshole/
https://www.eff.org/deeplinks/2017/08/fighting-neo-nazis-future-free-expression

https://www.reddit.com/search?q=alex+jones+censored

https://onlinecensorship.org/

Wait till someone says “Hey Tor and its DA’s are secretly our people”.

[Or whichever sueable / persecutable / censorable / arrestable
hardly distributed network they choose to sink.]

That day is coming… become unsinkable.