I hear that both CloudFlare is privacy respectful and that it spies on site visitors (with their CDN). What’s your thoughts on this matter?
Unprivacy service
One of the issues is that Cloudlflare is hostile towards Tor users.
https://gitlab.com/crimeflare/cloudflare-tor/-/blob/master/readme/en.md
https://www.unixsheikh.com/articles/stay-away-from-cloudflare.html
https://hacktivis.me/articles/blocking cloudflare IP-range be like
It is by no means privacy friendly. Read up on these threads: https://teddit.net/r/sevengali/comments/8fy15e/dns_cloudflare_quad9_etc/ https://teddit.net/r/privacy/comments/d52kop/eli5_why_cloudflare_is_depicted_as_evil_and_whats/
Must say I get a few complaints from people about that aspect of Cloudflare when I link to articles on websites using it. I can’t control where others put good content though.
The issue seems to be with Cloudflare acting as a man-in-the-middle, supposedly breaking the SSL and re-encrypting it with their SSL. For normal sites that may be OK but this is not a good idea at all if that SSL is expected to carry passwords or login info or other private info that should arrive intact at the destination site.
So I’ll also be interested to hear what others think and what the solutions are.
supposedly breaking the SSL and re-encrypting it with their SSL
There is no doubt here, this is how basically all CDNs work. You need to see the plaintext request in order to perform caching and most other features that they provide.
I agree, if the content is very sensitive then you shouldn’t trust a third party. However in practice most companies trust third parties whether that is a hosting provider, analytics or any number of functions that it is easier to outsource.
I think the concern arises because Cloudflare is big. This has benefits and drawbacks.
- Generally larger companies have more resources to invest in security.
- Covering such a large portion of the web gives them a lot of possible tracking data if they want to use it maliciously (for whatever your personal definition of malicious is).
You can use archiving services since a lot of time ago to avoid redirecting people to Cloudflared stuff.
There are some which are fully FLOSS-based like https://conifer.rhizome.org which you even can self-host to avoid the limit they put for accounts there.
Isn’t Conifer more like The Internet Archive service? I was understanding Cloudflare was really being used to help manage massive volumes of web traffic ie. more the network management side?
I think I didn’t explain myself at all.
The idea is that you can share the clones of the website in Conifer or any other web archive to avoid the issues with Cloudflare that people could have.
It was hilarious when r/firefox banned me for 6 months for criticising use of Cloudflare DNS few days ago here https://np.reddit.com/r/firefox/comments/mkig88/_/gtlj3hl?context=10000
The moderator there is likely evangelised, beware. Always debloat Firefox or Ungoogled Chromium or Pale Moon and use it, and use these over any Chromium forks.
It’s entirely on you. You brought some valid points about how awful Cloudflare is, but that’s not what got you banned. Your baseless claim of Cloudflare DoH somehow MITM SSL is. You are indeed spreading some FUD, even here by strawmanning what exactly you got banned for
flare in the name says all
So you believe Cloudflare is a good company with a good intent? That seems like corporate apologia, since you want to twist my argument into muh FUD.
In this reply,
- You imply that they believe something they never said
- You say without evidence that it is likely corporate apologia, and
- then accuse THEM off twisting YOUR words.
Very impressive.
In their reply,
- They implied that they think I believe a narrative that I never promoted
- They imply without evidence that Cloudflare has good intentions when its basis of existence is as Project Honeypot
- then create a FUD strawman and justify ban when the voting ratio on the comments and in the post indicate a different kind of dialogue
- totally ignore that my job is privacy and security advocacy, and make it a point to leverage Cloudflare over all the historical and current concerns that loom around them
Awesome. I can play these pony tricks all day.
So you believe Cloudflare is a good company with a good intent?
Thanks for putting words in my mouth despite me explicitly agreeing that Cloudflare is awful.
If that’s how you argue with everyone no wonder you are getting banned. The Mod that argued with you on Reddit had a patience of saint
Do not give me this false equivalence spaghetti argument crap. Supremacists do the same thing of “I hate these X people but I love all Y people”.
You should check that moderator’s history of censoring Firefox critics, but I am probably hoping uselessly. https://old.reddit.com/r/firefox/comments/msscqv/the_messages_from_firefox_subsection_now_shows/ Use removeddit and feel free to look around.
ehm, is it just me or teddit openned this context properly?
I may not have used teddit in the past few weeks, they handle it correctly now. Thanks.
Firefox dev team are jerks, I use Librewolf that is a more secure and private fork of firefox.
Any fork will lack behind in updates, that includes security updates. This can really affect your security when a zero-day vulnerability is discovered and the development team hasn’t pushed the latest patch yet.
Does that mean that you shouldn’t use FF forks? Not at all. Firefox is neither the most private, nor secure web browser out-of-the-box, anyone claiming such a thing does not know what they’re talking about.
Recommending Librewolf to someone that wants to take their privacy seriously is a great idea in my opinion, but claiming that it is more secure than Firefox is sort of misleading.
Just use UXP based browsers.
Librewolf is essentially a Firefox with user.js tweaks , and the fork will not last forever compared to the main thing. That is why I prefer modifying Firefox myself.
Bold of you to assume that Firefox will last forever.
I think it will, not just because the source code is open and free, but because of Tor Project and because there exists no government or plutocratic entity behind developing it, but a global open community.
With Chromium, you have all these faults. Small blobs, Google plutocratic corporation and its ad network interests, DARPA/NSA interests and the Google developers being largely pro bourgeois capitalist slaves from the mind, who run for bread (money capital).
That’s a tad bit too optimistic.
If Firefox were to truly die out, to the point where it makes no sense to continue funding it from a business perspective, I highly doubt it will continue to thrive as “the most private browser”.
The fact that Google keeps funding Mozilla for the right of being the default search engine proves to two points. 1) Google doesn’t see Mozilla nor Firefox as a threat to the chromium revolution. 2) It makes more money profiting off Firefox users who are naïve enough to believe that installing the browser and using it out-of-the-box is all you need for privacy.
To expand on point number two, the privacy communities are such a small niche, it has no relevancy in the grand scheme of things. If we keep directing non-techy friends and family to Firefox with no configuration, we are sending them off to a privacy nightmare. I’d love to be proven wrong, but I would much rather recommend Brave to non-techies around me, or Librewolf for the ones a tad bit more technologically knowledgeable.
deleted by creator
He is spreading a bunch of FUD, and calling me a FUD spreader. Beware of this user, shilling Chromium monopoly, crypto scam, crippled ad blocker, Tor that does not work properly and a bunch of terrible stuff.
this user's comments look bizarre here
- Familiar interface for everyone. Since Chrome owns 70% of the market share, migrating to a privacy friendly clone won’t make the slightest difference since Brave runs on Chromium.
- Built in ad-blocker and tracker blocker.
- Built in Tor. (NOTE: This is not a replacement for the Tor browser, even Brave states this. This is purely an extra layer of privacy when needed.)
- Excellent fingerprinting resistance. (Fingerprint.JS does not work on Brave).
- New ad-system which rewards you for your attention.
- It’s the browser that phones home the least out of the box.
- No telemetry out of the box.
- Since it runs on Chromium, it supports all Chrome extensions which do not exist on all other browsers.
- Excellent security, since it is built on Chromium and de-googled patches get pushed out extremely fast, it is an overall secure browser.
There’s probably more that I didn’t mention but these are the ones off the top of my head.
Brave is incomparable to Firefox in terms of privacy violations and other issues. It has broken Tor routing, apart from the following:
Brave Browser is funded by DoD: https://np.reddit.com/r/privatelife/comments/fe34ls/exclusive_brave_browser_funded_by_dod_contractor/
Brave traffic detected with Cryptocompare despite BAT rewards disabled: https://removeddit.com/r/privacytoolsIO/comments/gr8nue/
Brave also has a known history of whitelisting Facebook and Twitter trackers, and has a crippled adblocker that does not work on Brave’s “acceptable” advertisements.
Brave Browser hardcoded their crypto partner Binance referral links (https://twitter.com/cryptonator1337/status/1269201480105578496) alongwith Ledger and soon-to-be-compromised Coinbase (https://decrypt.co/31461/coinbase-wants-to-identify-bitcoin-users-for-dea-irs)
Where do I begin? You’re like a FUD machine.
“It has broken Tor routing” I’m assuming this refers to the DNS leaks, which have been fixed already. (https://www.theregister.com/2021/02/22/in_brief_security/)
“Brave Browser is funded by DoD” No, it is not. Just because the founders of Palentir were angel investors, does not mean that Brave has any connections with DoD. It’s not even implied. There is no proof of this. Just more of your FUD.
“Brave traffic detected with Cryptocompare despite BAT rewards disabled” This is because of their Crypto Wallets feature, even tho you don’t use Brave Rewards, you can still use Crypto Wallets which triggers this request. Here’s the thread explaining this, but I’m assuming doing proper research and spreading FUD about everything you don’t stand for is much easier, huh? https://teddit.net/r/brave_browser/comments/f3e27q/why_is_brave_constantly_connecting_to/
“Brave also has a known history of whitelisting Facebook and Twitter trackers” Yet again, either you are unable to do research or you’re spreading FUD on purpose. These “trackers” make both Facebook and Twitter usable. Since Brave is trying to be a usable browser for all, whilst still preserving user privacy, these “trackers” were whitelisted. Since then, Brave has improved their ad-block to get around this.
“and has a crippled adblocker that does not work on Brave’s “acceptable” advertisements.” Brave blocks all advertisements by default. Unless you opt into Brave Rewards or turn off your shield, you should not see ads. There are no such thing as “acceptable” ads in Brave, unless you opt into Brave Rewards, that is bullshit and I would be shocked if you linked a source, which you obviously did not due to this being a completely made-up point.
“Brave Browser hardcoded their crypto partner Binance referral links” This was a mistake on Brave’s part, note that only Binance redirected and no other referral link did, which were all implemented at the same time. This has been fixed and Brave has apologized. It is opt-in.
“https://decrypt.co/31461/coinbase-wants-to-identify-bitcoin-users-for-dea-irs” I don’t know if you live under a rock but any crypto exchange with KYC tracks you, including Coinbase. The ability to trace Bitcoin transactions and users (who have given up their PII due to KYC) is not something new.
I am not surprised that you seem to be banned or heavily downvoted (on what seems to be) the entire internet for spreading FUD. I have absolutely no interest in entertaining you for any longer. I highly advise you to read up on topics, do your own research and not spreading half of a story, when the other easily explainable half could be searched up in less than 20 seconds.