From e883343867a19d3c6a74c77b2905db4767f58a37 Mon Sep 17 00:00:00 2001 From: notc1oudflare Date: Mon, 3 Sep 2018 09:51:10 +0000 Subject: [PATCH 01/11] Update 'what-to-do.md' --- what-to-do.txt => what-to-do.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename what-to-do.txt => what-to-do.md (100%) diff --git a/what-to-do.txt b/what-to-do.md similarity index 100% rename from what-to-do.txt rename to what-to-do.md From ef1f938a18a1f3bc33f47f2fcd57296962d67e2b Mon Sep 17 00:00:00 2001 From: notc1oudflare Date: Mon, 3 Sep 2018 10:17:32 +0000 Subject: [PATCH 02/11] Update 'what-to-do.md' --- what-to-do.md | 48 ++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 46 insertions(+), 2 deletions(-) diff --git a/what-to-do.md b/what-to-do.md index 2facf1f9c..3aed0b3b5 100644 --- a/what-to-do.md +++ b/what-to-do.md @@ -1,6 +1,50 @@ -* see [list instructions](instructions) +##### What you can do to resist Cloudflare? + + +* As a website consumer + +- If the website you like is using Cloudflare, tell them not to use Cloudflare. + +> You are just helping corporate censorship and mass surveillance. +> https://trac.torproject.org/projects/tor/ticket/24351 + +- Try not to use their service. There are many alternatives and opportunites on the internet! + +- If your browser is Firefox, use [Block Cloudflare MITM Attack!](http://ea5faa5po25cf7fb.onion/projects/tor/attachment/ticket/24351/block_cloudflare_mitm_attack-1.0.14.1-an%2Bfx.xpi) add-on. + +- Convince your friends to use [Tor Browser](https://www.torproject.org/) on the daily basis. Anonymity should be the standard of the open internet! + + +* As a website owner / web developer + +- Do not use Cloudflare solution. You are loser if you fall to that easy solution. You can do better than that. + +- Install Web Application Firewall and Fail2Ban on _your_ server and configure it properly. + +- Set up [Tor Onion Service](https://www.torproject.org/docs/onion-services.html.en) if you believe in freedom and welcome anonymous users. + +- Ask for advice from other [Clearnet/Tor dual website operators](https://trac.torproject.org/projects/tor/wiki/org/projects/WeSupportTor) and make anonymous friends! :) + + +* As a software user + + +- If you use Debian GNU/Linux, or any derivative, subscribe to bug #831835 ( https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=831835 ). And if you can, help verify the patch, and help the maintainer come to the right conclusion on whether it should be accepted. + +- Always recommend [Tor Browser](https://www.torproject.org/) or Orfox. Other software's privacy is JUST A ILLUSION. + +- For example, if you really need to use Firefox, pick "Firefox ESR". ESR is developed for company and organizations, thus some spyware code is disabled by default. + +- Remember, Mozilla is [using Cloudflare service](https://www.robtex.com/dns-lookup/www.mozilla.org). They also using Cloudflare's DNS service on their product. + + + + + + + + -* If you use Debian GNU/Linux, or any derivative, subscribe to bug #831835 ( https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=831835 ), help verify the patch, and help the maintainer come to the right conclusion on whether it should be accepted. * If you use one of the websites on this list, contact the webmasters if you still can, and tell them not to use Cloudflare. From 4c177e921758b4b4587c36f95b72166da40cba25 Mon Sep 17 00:00:00 2001 From: notc1oudflare Date: Mon, 3 Sep 2018 10:27:53 +0000 Subject: [PATCH 03/11] Update 'what-to-do.md' --- what-to-do.md | 73 ++++++++++++++++++++++----------------------------- 1 file changed, 32 insertions(+), 41 deletions(-) diff --git a/what-to-do.md b/what-to-do.md index 3aed0b3b5..8845e10d2 100644 --- a/what-to-do.md +++ b/what-to-do.md @@ -1,84 +1,75 @@ ##### What you can do to resist Cloudflare? -* As a website consumer +###### Website consumer - If the website you like is using Cloudflare, tell them not to use Cloudflare. > You are just helping corporate censorship and mass surveillance. > https://trac.torproject.org/projects/tor/ticket/24351 -- Try not to use their service. There are many alternatives and opportunites on the internet! +- Try not to use their service. Remember you are being watched by Cloudflare. + +- Search for other website. There are many alternatives and opportunites on the internet! - If your browser is Firefox, use [Block Cloudflare MITM Attack!](http://ea5faa5po25cf7fb.onion/projects/tor/attachment/ticket/24351/block_cloudflare_mitm_attack-1.0.14.1-an%2Bfx.xpi) add-on. - Convince your friends to use [Tor Browser](https://www.torproject.org/) on the daily basis. Anonymity should be the standard of the open internet! -* As a website owner / web developer +###### Website owner / Web developer -- Do not use Cloudflare solution. You are loser if you fall to that easy solution. You can do better than that. +- Do not use Cloudflare solution. You are loser if you fall to that easy solution. You can do better than that, right? -- Install Web Application Firewall and Fail2Ban on _your_ server and configure it properly. +- Install Web Application Firewall and Fail2Ban on _your_ server and configure it _properly_. - Set up [Tor Onion Service](https://www.torproject.org/docs/onion-services.html.en) if you believe in freedom and welcome anonymous users. - Ask for advice from other [Clearnet/Tor dual website operators](https://trac.torproject.org/projects/tor/wiki/org/projects/WeSupportTor) and make anonymous friends! :) -* As a software user - +###### Software user - If you use Debian GNU/Linux, or any derivative, subscribe to bug #831835 ( https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=831835 ). And if you can, help verify the patch, and help the maintainer come to the right conclusion on whether it should be accepted. -- Always recommend [Tor Browser](https://www.torproject.org/) or Orfox. Other software's privacy is JUST A ILLUSION. +- Always recommend [Tor Browser](https://www.torproject.org/) or [Orfox](). Other software's privacy is JUST A ILLUSION. -- For example, if you really need to use Firefox, pick "Firefox ESR". ESR is developed for company and organizations, thus some spyware code is disabled by default. +Let's talk about _other software's privacy_... -- Remember, Mozilla is [using Cloudflare service](https://www.robtex.com/dns-lookup/www.mozilla.org). They also using Cloudflare's DNS service on their product. +- If you really need to use Firefox, pick "[Firefox ESR](https://www.mozilla.org/en-US/firefox/organizations/)". ESR is developed for company and organizations, thus _some_ spyware code is disabled by default. Portable version is [here](https://portableapps.com/apps/internet/firefox-portable-esr). + +- Remember, Mozilla is [using Cloudflare service](https://www.robtex.com/dns-lookup/www.mozilla.org). They're also using [Cloudflare's DNS service on their product](https://www.theregister.co.uk/2018/03/21/mozilla_testing_dns_encryption/) D'oh! + +- Mozilla officially [rejected this ticket](https://bugzilla.mozilla.org/show_bug.cgi?id=1426618). + +- PaleMoon developer [likes Cloudflare](https://github.com/mozilla-mobile/focus-android/issues/1743#issuecomment-345993097). + +- Chrome is a [spyware](https://www.gnu.org/proprietary/malware-google.en.html). +###### Action +- Tell others around you about the dangers of Cloudflare. +- Help improve this repository, both the lists, the arguments against it and the details. +- Document and make very public where things go wrong with Cloudflare (and similar companies), making sure to mention this repository when you do so +- Get more people using Tor by default so they can experience the web from the perspective of different parts of the world. +- Start groups, in social media and meatspace, dedicated to liberating the world from Cloudflare. +- Where appropriate, link to these groups on this repository - this can be a place for coordinating working together as groups. +- Start a coop that can provide a meaningful non corporate alternative to Cloudflare. -* If you use one of the websites on this list, contact the webmasters if you still can, and tell them not to use Cloudflare. +- Let us know of any alternatives to help at least provide multiple layered defence against Cloudflare. -* If they can't leave CloudFlare(perhaps they are merely tech support at the website, and management has decreed that Cloudflare MUST be used) get them to exercise option to whitelist Tor without changing to the "basic level of security" within Cloudflare's options. CloudFlare customers can use this tool(?) to whitelist tor. Advise them, however, that using CloudFlare(or any Cloudflare-like competitors, see [philosophy](cloudflare-philosophy.txt) and [non-cloudflare list](non-cloudflare-list.txt) ) exposes readers/viewers/customers to a giant supplier MitM. This is a questionable practice, regardless of whitelists. +- Try using [globalist](globalist.txt) to maintain this list. -* Tell others around you about the dangers of Cloudflare. +- If you are in the **United States of America** and the website in question is a bank or an accountant, try to bring legal pressure under the Gramm–Leach–Bliley Act https://en.wikipedia.org/wiki/Gramm%E2%80%93Leach%E2%80%93Bliley_Act and report back to us how far you get. -* Help improve this repository, both the lists, the arguments against it and the details - -* Document and make very public where things go wrong with Cloudflare (and similar companies), making sure to mention this repository when you do so - -* Get more people using Tor by default so they can experience the web from the perspective of different parts of the world. - -* Start groups, in social media and meatspace, dedicated to liberating the world from Cloudflare. - -* Where appropriate, link to these groups on this repository - this can be a place for coordinating working together as groups - -* Start a coop that can provide a meaningful non corporate alternative to Cloudflare - -* let us know of any alternatives to help at least provide multiple layered defence against Cloudflare - -* Try using [globalist](globalist.txt) to maintain this list! - -* If you are in the United States of America - -** If the website is a bank or an accountant - -*** try to bring legal pressure under the Gramm–Leach–Bliley Act https://en.wikipedia.org/wiki/Gramm%E2%80%93Leach%E2%80%93Bliley_Act and report back to us -how far you get - -** if the website is a government site - -*** try to bring legal pressure under the 1st Amendment of the US Constitution - -* For companies that claim to offer service on their website try reporting them as "false advertising" to consumer protection organizations and BBB +- If the website is a government site, try to bring legal pressure under the 1st Amendment of the US Constitution. +- For companies that claim to offer service on their website try reporting them as "false advertising" to consumer protection organizations and BBB. From 1a4a8eebb4fbf22d420e79b3165586c9ee793f38 Mon Sep 17 00:00:00 2001 From: notc1oudflare Date: Mon, 3 Sep 2018 10:29:14 +0000 Subject: [PATCH 04/11] Update 'what-to-do.md' --- what-to-do.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/what-to-do.md b/what-to-do.md index 8845e10d2..4cfd54444 100644 --- a/what-to-do.md +++ b/what-to-do.md @@ -1,6 +1,7 @@ ##### What you can do to resist Cloudflare? + ###### Website consumer - If the website you like is using Cloudflare, tell them not to use Cloudflare. @@ -17,6 +18,7 @@ - Convince your friends to use [Tor Browser](https://www.torproject.org/) on the daily basis. Anonymity should be the standard of the open internet! + ###### Website owner / Web developer - Do not use Cloudflare solution. You are loser if you fall to that easy solution. You can do better than that, right? @@ -28,14 +30,17 @@ - Ask for advice from other [Clearnet/Tor dual website operators](https://trac.torproject.org/projects/tor/wiki/org/projects/WeSupportTor) and make anonymous friends! :) + ###### Software user - If you use Debian GNU/Linux, or any derivative, subscribe to bug #831835 ( https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=831835 ). And if you can, help verify the patch, and help the maintainer come to the right conclusion on whether it should be accepted. -- Always recommend [Tor Browser](https://www.torproject.org/) or [Orfox](). Other software's privacy is JUST A ILLUSION. +- Always recommend [Tor Browser](https://www.torproject.org/) for desktop and [Orfox](https://guardianproject.info/apps/orfox/) for smartphone. Other software's privacy is JUST A ILLUSION. + Let's talk about _other software's privacy_... + - If you really need to use Firefox, pick "[Firefox ESR](https://www.mozilla.org/en-US/firefox/organizations/)". ESR is developed for company and organizations, thus _some_ spyware code is disabled by default. Portable version is [here](https://portableapps.com/apps/internet/firefox-portable-esr). - Remember, Mozilla is [using Cloudflare service](https://www.robtex.com/dns-lookup/www.mozilla.org). They're also using [Cloudflare's DNS service on their product](https://www.theregister.co.uk/2018/03/21/mozilla_testing_dns_encryption/) D'oh! @@ -47,6 +52,7 @@ Let's talk about _other software's privacy_... - Chrome is a [spyware](https://www.gnu.org/proprietary/malware-google.en.html). + ###### Action - Tell others around you about the dangers of Cloudflare. From b8f65eab6e4db378ff6bb95476f58bde9224a37f Mon Sep 17 00:00:00 2001 From: notc1oudflare Date: Mon, 3 Sep 2018 10:31:16 +0000 Subject: [PATCH 05/11] Update 'README.md' --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index e863dd13b..9d7ca5d41 100644 --- a/README.md +++ b/README.md @@ -6,9 +6,9 @@ Cloudflare similarly prevents those in southeast asia and elsewhere who have poo This repository is a list of websites that are behind The Great Cloudwall, and also actively blocking Tor users. -* [domains using Cloudflare](cloudflare-list.txt) -* [hostile to Tor users](cloudflare-tor-hostile-list.txt) -* [not Cloudflare but other filtering company](non-cloudflare-list.txt) +* [Domains using Cloudflare](cloudflare-list.txt) +* [Hostile to Tor users](cloudflare-tor-hostile-list.txt) +* [Not Cloudflare but other filtering company](non-cloudflare-list.txt) There are more details of why what they are doing is wrong available [here](cloudflare-philosophy.txt). Also see [Frequently Asked Questions](FAQ). @@ -33,4 +33,4 @@ flagged for spam and will be deleted. See "List of services blocking Tor" for de At least one. -* [Searxes](http://searxes.danwin1210.me/) meta-search engine +* [Searxes](https://searxes.danwin1210.me/) meta-search engine From 0f5b1011676b3e64813dbe89ff16c622bdd462df Mon Sep 17 00:00:00 2001 From: notc1oudflare Date: Mon, 3 Sep 2018 10:31:46 +0000 Subject: [PATCH 06/11] Update 'README.md' --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 9d7ca5d41..2a37f4a11 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,7 @@ Also see [Frequently Asked Questions](FAQ). # What can you do? * Add domains you found: [list instructions](instructions) -* See [our list of recommended actions](what-to-do.txt). +* See [our list of recommended actions](what-to-do.md). There are other lists, but this one is one where every entry on the list a human being has actually tried to go to, and has been blocked. From 8c10dd27369dab4c7d2f44ac2bd5118e1318a9f5 Mon Sep 17 00:00:00 2001 From: notc1oudflare Date: Mon, 3 Sep 2018 10:33:35 +0000 Subject: [PATCH 07/11] Update 'what-to-do.md' --- what-to-do.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/what-to-do.md b/what-to-do.md index 4cfd54444..e832b6613 100644 --- a/what-to-do.md +++ b/what-to-do.md @@ -13,7 +13,7 @@ - Search for other website. There are many alternatives and opportunites on the internet! -- If your browser is Firefox, use [Block Cloudflare MITM Attack!](http://ea5faa5po25cf7fb.onion/projects/tor/attachment/ticket/24351/block_cloudflare_mitm_attack-1.0.14.1-an%2Bfx.xpi) add-on. +- If your browser is Firefox, use [Block Cloudflare MITM Attack](https://trac.torproject.org/projects/tor/attachment/ticket/24351/block_cloudflare_mitm_attack-1.0.14.1-an%2Bfx.xpi) add-on. - Convince your friends to use [Tor Browser](https://www.torproject.org/) on the daily basis. Anonymity should be the standard of the open internet! From 4283b82e9580eaf3286926031ecb6cf8c055cf38 Mon Sep 17 00:00:00 2001 From: notc1oudflare Date: Mon, 3 Sep 2018 10:36:32 +0000 Subject: [PATCH 08/11] Update 'what-to-do.md' --- what-to-do.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/what-to-do.md b/what-to-do.md index e832b6613..0700cca13 100644 --- a/what-to-do.md +++ b/what-to-do.md @@ -13,7 +13,7 @@ - Search for other website. There are many alternatives and opportunites on the internet! -- If your browser is Firefox, use [Block Cloudflare MITM Attack](https://trac.torproject.org/projects/tor/attachment/ticket/24351/block_cloudflare_mitm_attack-1.0.14.1-an%2Bfx.xpi) add-on. +- If your browser is Firefox, use [Block Cloudflare MITM Attack](https://trac.torproject.org/projects/tor/attachment/ticket/24351/block_cloudflare_mitm_attack-1.0.14.1-an%2Bfx.xpi) add-on. Other alternatives are [Searxes' Third-party Request Blocker](https://addons.mozilla.org/en-US/firefox/addon/tprb/)(can block Cloudflare) and [Detect Cloudflare](https://addons.mozilla.org/en-US/firefox/addon/detect-cloudflare/)(notify only). - Convince your friends to use [Tor Browser](https://www.torproject.org/) on the daily basis. Anonymity should be the standard of the open internet! From 530b8fe719bbb59cb9225d02514733912ba4a43d Mon Sep 17 00:00:00 2001 From: notc1oudflare Date: Mon, 3 Sep 2018 10:41:21 +0000 Subject: [PATCH 09/11] Update 'what-to-do.md' --- what-to-do.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/what-to-do.md b/what-to-do.md index 0700cca13..d45fb2e52 100644 --- a/what-to-do.md +++ b/what-to-do.md @@ -33,7 +33,7 @@ ###### Software user -- If you use Debian GNU/Linux, or any derivative, subscribe to bug #831835 ( https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=831835 ). And if you can, help verify the patch, and help the maintainer come to the right conclusion on whether it should be accepted. +- If you use Debian GNU/Linux, or any derivative, subscribe to [bug #831835](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=831835). And if you can, help verify the patch, and help the maintainer come to the right conclusion on whether it should be accepted. - Always recommend [Tor Browser](https://www.torproject.org/) for desktop and [Orfox](https://guardianproject.info/apps/orfox/) for smartphone. Other software's privacy is JUST A ILLUSION. From fe422cdb28d434d76e983ccc0e741be44238c954 Mon Sep 17 00:00:00 2001 From: notc1oudflare Date: Mon, 3 Sep 2018 10:48:02 +0000 Subject: [PATCH 10/11] Update 'what-to-do.md' --- what-to-do.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/what-to-do.md b/what-to-do.md index d45fb2e52..b5499690a 100644 --- a/what-to-do.md +++ b/what-to-do.md @@ -73,9 +73,11 @@ Let's talk about _other software's privacy_... - Try using [globalist](globalist.txt) to maintain this list. -- If you are in the **United States of America** and the website in question is a bank or an accountant, try to bring legal pressure under the Gramm–Leach–Bliley Act https://en.wikipedia.org/wiki/Gramm%E2%80%93Leach%E2%80%93Bliley_Act and report back to us how far you get. +- If you are in the **United States of America** and the website in question is a bank or an accountant, try to bring legal pressure under the [Gramm–Leach–Bliley Act](https://en.wikipedia.org/wiki/Gramm%E2%80%93Leach%E2%80%93Bliley_Act) and report back to us how far you get. -- If the website is a government site, try to bring legal pressure under the 1st Amendment of the US Constitution. +- If the website is a government site, try to bring legal pressure under the [1st Amendment of the US Constitution](https://en.wikipedia.org/wiki/First_Amendment_to_the_United_States_Constitution). + +- If you are EU citizen, contact the website to send your personal information under the [General Data Protection Regulation](https://en.wikipedia.org/wiki/General_Data_Protection_Regulation). If they refuse to give you your information, that's a violation of the law. - For companies that claim to offer service on their website try reporting them as "false advertising" to consumer protection organizations and BBB. From 83ff98e785a11df642c80218782bf3d7e04c0246 Mon Sep 17 00:00:00 2001 From: notc1oudflare Date: Mon, 3 Sep 2018 10:49:19 +0000 Subject: [PATCH 11/11] Update 'what-to-do.md' --- what-to-do.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/what-to-do.md b/what-to-do.md index b5499690a..554a629da 100644 --- a/what-to-do.md +++ b/what-to-do.md @@ -79,5 +79,5 @@ Let's talk about _other software's privacy_... - If you are EU citizen, contact the website to send your personal information under the [General Data Protection Regulation](https://en.wikipedia.org/wiki/General_Data_Protection_Regulation). If they refuse to give you your information, that's a violation of the law. -- For companies that claim to offer service on their website try reporting them as "false advertising" to consumer protection organizations and BBB. +- For companies that claim to _offer service on their website_ try reporting them as "_false advertising_" to consumer protection organizations and BBB. Cloudflare websites are served by Cloudflare servers.