Thread replies: 19
Thread images: 1
Thread images: 1
Anonymous
CloudFlare and "visitor" privacy issues 2016-08-22 22:05:53 Post No. 56216160
[Report] Image search: [Google]
CloudFlare and "visitor" privacy issues 2016-08-22 22:05:53 Post No. 56216160
[Report] Image search: [Google]
File: 1445752650888.png (109KB, 409x233px) Image search:
[Google]
109KB, 409x233px
Has anyone ever actually bothered to read CloudFlare's privacy policy?
https://www.cloudflare.com/security-policy/
Important parts:
>This Policy applies to all (i) visitors to our website, (ii) users of our services (i.e., subscribers to any of our plans), and (iii) information we collect from visitors to the websites of users of our services. Our users’ websites may have their own privacy policies and may not be covered by this Policy. We strongly encourage visitors to these third party websites to make themselves aware of such websites’ separate privacy policies.
Note how they specify the difference between "users" and "visitors," most all the privacy protections they provide only apply to users and not visitors (you).
>INFORMATION COLLECTION:
>CloudFlare is the owner of the service information collected on this site and through any CloudFlare service. As visitors browse our website, or our users’ websites if they are protected by CloudFlare, we normally log these visitors’ interactions in order to provide better services to our users (e.g., using visitor log data in order to detect new threats and malicious third parties).
This allows them to log all of the data that a visitor sends through their service. Considering they strip the SSL off packets for inspection they can collect everything.
>COOKIES:
>As part of our services, CloudFlare may also place cookies on the computers of visitors to your CloudFlare-protected website. We do this to in order to identify malicious visitors, to reduce the chance of blocking legitimate users, and to provide customized services.
This allows them to track you if you are using the same browser to access different websites through different Tor circuits in the same session and combine that data. Only starting an entirely new session will delete cookies and keep CloudFlare from linking your usage of different websites.
>>
>>56216160
continued
>DATA AGGREGATION:
>CloudFlare may aggregate data we acquire about our users and the visitors to their websites. For example, we may assemble data to determine how Web crawlers index the Internet and whether they are engaged in malicious activity. If we assemble this sort of data and provide it to external parties, our users’ personal information will never be attached to or included in such aggregated data. Please note, data that our users provide to us, such as log files of their site’s visitors, may be included in the aggregate data, reports, and statistics.
This allows them to sell the data of visitors to 3rd parties, so long as it's aggregate (which doesn't mean much, as some companies sell their "aggregated" data in 8 user or less bundles for easy segregation by the party the information is being sold to).
>>
All pretty harmless stuff that every website does, really.
>>
>>56216332
Except "every website" doesn't MITM your connection with other websites and only deals with information you give them directly.
>>
>>56216438
And?
When the internet is full of 14 year old gaymergaters willing to shell out their allowance money to hire groups with botnets to DDoS sites that had the audacity to ban them for their bad behavior, there's really no choice but to use a service that can weed this stuff out.
>>
>>56217477
>there's really no choice but to use a service that can weed this stuff out.
There's no other option than using a service that admits to collecting and selling data about your website's visitors?
>>
>>56217526
You don't like it, make your own.
>>
>>56217538
Just because I don't have the money or skills to make an alternative doesn't mean I can't spread information about the problem to at least raise awareness about it.
>>
>>56217924
You're just whining about how the world isn't perfect.
https://en.wikipedia.org/wiki/Nirvana_fallacy
>>
>>56216160
>This allows them to track you if you are using the same browser to access different websites through different Tor circuits in the same session and combine that data.
and why would you use Tor, or similar services/networks, and the open www with the same browser throu tor or otherwise?
and, unrelated:
>4chan
>anonymous
if you really believe there is any anonymity in 4chan, you are retarded. even reddit is more anonymous than this site (allows tor, let's you use throaway accounts).
>>
>>56218420
>and why would you use Tor, or similar services/networks, and the open www with the same browser throu tor or otherwise?
What exactly are you asking?
>4chan
>anonymous
A ton of websites now days use CloudFlare, not just 4chan.
>>
>>56218453
>want privacy
>go out in public and don't do anything to ensure privacy
>expect privacy
>>
>>56218453
>What exactly are you asking?
do you use tor to browser the www? do you also use it to check websites in the tor network? if so, then don't. don't use tor to browse the clearnet (or whatever the fuck people call it), at least not more than 1 specific website at a time (and don't even think about enabling javascript)
>A ton of websites now days use CloudFlare, not just 4chan.
exactly my point. if you use a website that uses cloudflare, google and many other popular third party services/code (even JS libraries), they can look at your bowsing history, and you are fucked
>>
>>56218526
>do you use tor to browser the www? do you also use it to check websites in the tor network?
It's getting more common for people to use Tor just for clearnet and not actually use any of the hidden services.
>at least not more than 1 specific website at a time
Yes, so long as you are only using Tor for one thing per session (possibly using multiple VMs to have additional sessions running at the same time) you would be safe, but not many people think they need to take that level of precautions about it.
At least they can't really do anything if you're blocking scripts/cookies from them.
>>
>>56218748
>At least they can't really do anything if you're blocking scripts/cookies from them.
even without JS/cookies, they can:
- by using their DNS servers, google can geolocate your country
- by downloading files from their servers, they more or less can (could? do?) track you
and I'm probably forgetting lots of things
>>
>>56219423
They're limited to regular browsing fingerprinting techniques though, which aren't very effective if you don't have JS allowed last I checked.
>>
>>56217477
>>>/reddit/
>>
>>56216160
>Has anyone ever actually bothered to read CloudFlare's privacy policy?
CloudFlare is botnet, nothing new. Unless you're a leaky /v/ermin, they always discover something new every day.
>>
>>56220604
I knew they could collect the information, but every time I've seen it get brought up there are anons going on about how they don't and how they'd go out of business if they did.
Thread posts: 19
Thread images: 1
Thread images: 1