The Great Cloudwall

privacy cloudflare cdn tor crimeflare cloud crime captcha honeypot

libBletchley 15dc46ede2 Merge branch 'master' of goxi/cloudflare-tor into master		1 week ago
cloudflare_inc	Update 'cloudflare_inc/cloudflare_members.txt'	1 week ago
cloudflare_users	lgtm	3 weeks ago
globalist	update links	2 months ago
image	Delete 'image/addon_bcma.jpg'	3 weeks ago
not_cloudflare	Merge branch 'httperror' of libBletchley/cloudflare-tor into master	3 weeks ago
pdf	Upload files to 'pdf'	3 months ago
tool	Update 'tool/example.mdn_basedom_list.txt'	2 weeks ago
HISTORY.md	Update 'HISTORY.md'	2 weeks ago
LICENSE.md	Update 'LICENSE.md'	2 weeks ago
PEOPLE.md	Fix a few broken links (I updated my website, so some links changed)	1 week ago
README.md	Update 'README.md'	2 weeks ago
article.txt	update links	2 months ago
instructions.md	Update 'instructions.md'	2 weeks ago
what-to-do.md	Update 'what-to-do.md'	2 weeks ago

The Great Cloudwall

“The Great Cloudwall” is Cloudflare Inc., the U.S. company. It is the world’s largest MITM proxy(reverse proxy). It sits between you and origin webserver, acting like a border patrol agent. The origin webserver administrator allowed the agent to decide who can access to their “web property” and define “restricted area”.

Take a look at the first image posted below. You will think Cloudflare block only attackers. You will think Cloudflare is always online(never go down). However it is not true.

It is called this in reference to the Great Firewall of China which does a comparable job of filtering out many humans from seeing web content (ie everyone in mainland China and people outside) while at the same time those not affected to see a dratically different web, a web free of censorship such as an image of “tank man” and the history of “Tiananmen Square protests”.

Cloudflare also block legit robots/crawlers such as Google, Yandex, Yacy, and API clients.

Cloudflare similarly prevents those in southeast asia and elsewhere who have poor internet connectivity from accessing the websites behind it (for example, they could be behind 7+ layers of NAT or sharing same IP) unless they solve multiple image CAPTCHAs. Many humans are being blocked by Cloudflare every day. There is no way to solve the captcha without enabling Javascript and Cookies. Cloudflare is using them to make a browser signature.

Tor users and VPN users are also a victim of Cloudflare. If you didn’t try Tor until this moment, we encourage you to download Tor Browser and visit your favorite websites. (advice: Do not login to your bank website or government webpage or they will flag your account. Use VPN for those websites.)

You might want to say “Tor is illegal! Tor is criminal’s browser! Tor is bad!”. No. Tor was developed by US Army, but current Tor is developed by the Tor project. There are many people and organizations who use Tor including your future friends. So, if you are using Cloudflare on your website you are blocking real humans. You will lose potential friendship and business deal.

Cloudflare also has a massive harassment problem. Cloudflare shares personal information of those who complain about hosted sites. They sometimes ask you to provide your true ID. If you don’t want to get harassed, assaulted, swatted or killed, you better stay away from Cloudflared websites.

Let’s talk about another harassment problem. Cloudflare is sending spam emails to non-Cloudflare users.

Only send emails to subscribers who’ve opted in.

When the user say "stop", then stop sending email.

It’s that simple. But Cloudflare don’t care. Cloudflare said using their service can stop all spammers or attackers. How can we stop Cloudflare spammers without activating Cloudflare?

And their DNS service, 1.1.1.1, is also filtering out users from visiting the website by returning fake IP address owned by Cloudflare, localhost IP such as “127.0.0.x”, or just return nothing. Cloudflare DNS also break online software from smartphone app to computer game because of their fake DNS answer.

And here you might think, “I am not using Tor or VPN, why should I care?”. If you visit website which use Cloudflare, you are sharing your information not only to website owner but also Cloudflare. It is impossible to analyze without decrypting TLS traffic. Cloudflare knows all your data such as raw password. Cloudbeed can happen anytime.

Do you really want to share your data with Cloudflare, and also 3-letter agency? Internet user’s online profile is a “product” that the government and big tech companies wants to buy.

US Department of Homeland Security said:

Do you have any idea how valuable the data you have is?
Is there any way you would sell us that data?

Cloudflare also offer FREE VPN service called “Cloudflare Warp”. If you use it, all your smartphone connections are sent to Cloudflare servers. Cloudflare can know which website you’ve read, what comment you’ve posted, who you’ve talked to, etc. You are voluntary giving all your information to Cloudflare. If you think “Are you joking? Cloudflare is secure.” then you need to learn how VPN works.

Cloudflare said their VPN service make your internet fast. But VPN make your internet connection slower than your existing connection.

You might already know about the PRISM scandal. It is true that AT&T lets NSA to copy all internet data for surveillance. Let’s say you’re working at the NSA, and you want every citizen’s internet profile. You know most of them are blindly trusting Cloudflare and using it - only one centralized gateway - to proxy their personal website, chat website, forum website, bank website, insurance website, search engine, secret member-only website, auction website, shopping, video website, NSFW website, and illegal website. You also know they use Cloudflare’s DNS service (”1.1.1.1”) and VPN service (”Cloudflare Warp”) for “Secure! Faster! Better!” internet experience. Combining them with user’s IP address, browser fingerprint, cookies and RAY-ID will be useful to build target’s online profile. You want their data. What will you do?