/mlpol/ - My Little Politics


If you want to see the latest posts from all boards in a convenient way please check out /overboard/


Archived thread


1280px-Cloudflare_logo.svg.png
Cloudflare
Anonymous
eBSw1
?
No.241062
241067 241123 241126
[align=center]What is Cloudflare?[/align]

Cloudflare is a massive global Internet security and infrastructure company, providing CDN, DNS, DDoS protection, and website security. They serve over 12 million websites, have successfully headed off some intense DDoS attacks, and until recently with the 8ch deplatforming, were quite infamous with the MSM and leftists in general for providing their services to le ebil nahzees, which included The Daily Stormer up until 2017.

As for what their alphabet soup of services actually does, I'll try to explain it as simply as I can for the non-technical among us:

[align=center]CDN - Content Delivery Network[/align]
Traditionally, your browser connects directly to a site to download videos, programs, images, scripts, et cetera. mlpol.net does this. A CDN takes over the job of sending all of that data so the actual website itself doesn't have to, acting as the middleman between the website and your browser. CDNs often bleed over into providing security services, as Cloudflare does.

[align=center]DDoS protection[/align]
If you've ever seen a website checking your browser to see if you're a human before, you've encountered Cloudflare's DDoS protection. Again, Cloudflare acts as the middleman between the site and your browser, and with Cloudflare's massive global network of servers, that means they can soak up all of the Internet traffic a DDoS attack creates, protecting the site.

[align=center]DNS - Domain Name Service[/align]
DNS is what translates website names such as "mlpol.net" into IP addresses such as 158.69.26.54. It's a very important part of the Internet, and everyone uses it whether they're aware of it or not. Your ISP runs their own service (which you're probably already using, and is almost certainly terrible), Google runs their own service (8.8.8.8, 8.8.4.4), and of course Cloudflare also runs their own """privacy-first""" DNS service (1.1.1.1, 1.0.0.1). This is important for reasons I'll describe later.

To get an idea of just how far Cloudflare's influence has reached on the Internet, this is just a very short list of the sites that use Cloudflare's services:
4chan
4plebs
Desuarchive
Encyclopedia Dramatica
TVTropes
Voat
Qanon.pub
Mozilla
Pale Moon
Waterfox
Brave Browser
Vivaldi
Bitchute
Steemit
D.tube
Cheekyvideos.net
Pastebin.com
Fimfiction
The Linux Foundation
XDA-Developers
Discord
Microsoft
Sony
Skype
FOX News
Gitlab
Gab.ai
Dissenter
TorrentFreak
Torrentz2
The Pirate Bay
Kickass Torrents
1337x
And that's just as a start.
You can check for yourself if a site is being served with Cloudflare by putting it into a DNS lookup application, such as https://www.robtex.com/dns-lookup/
Every site using Cloudflare services in any capacity is listed in alphabetical order at https://codeberg.org/crimeflare/cloudflare-tor/src/branch/master/cloudflare_users/domains
Also, their "Project Athenian" promises to provide all of their services for free to the United States government's election and voter registration sites.
They're also offering a freemium VPN app called "Warp" now.

[align=center]So, what's the problem?[/align]

Multiple things. I think it's fair to say that about 90% of you know all about the 8ch shutdown. This 'takedown' happened because the 8ch.net domain was pointing to Cloudflare's servers, and when Cloudflare stopped serving them, your browser couldn't find the site. In theory, it could have been put back online by the owner without Cloudflare at all, but he chose not to. I'm also fairly certain Cloudflare's action was a breach of contract as well, but that's pure speculation on my part, so don't quote me on that.

The real issues with Cloudflare, however, are a bit more widespread than just site takedowns.

If you're using Cloudflare's DNS services as above, certain sites are flat-out unavailable to you. Archive.is, when resolved by Cloudflare, is inaccessible, instead redirecting to 127.0.0.3, a localhost address that is never exposed to the Internet.
If you've noted the instances where I say Cloudflare's services act as middlemen between you and the websites themselves, this also presents another possible vector of attack:
https://en.wikipedia.org/wiki/Man-in-the-middle_attack
Cloudflare must necessarily be the middleman, so in theory, at any point, Cloudflare could modify anything you see on a website it is protecting. Using HTTPS does not protect you against this, because Cloudflare re-encrypts the traffic using a trusted HTTPS certificate that your browser is all too happy to accept.
Cloudflare, like Google, also provides lots of analytics and tracking capabilities for those using their services.
Amusingly, back when Frederick Brennan (Hotwheels) was running 8ch, any complaints that Cloudflare received about 8ch were forwarded, along with full names, email addresses, and IP addresses, to Hotwheels. Hotwheels then posted these details online. So, if you reported 8ch for any reason, you've been doxxed. I can't help but chuckle at the poetic irony of 8ch's takedown now.
Do you use Tor? If you've ever had to resolve a CAPTCHA over Tor, or on an .onion site, your anonymity is gone. Or, more often than not, you simply cannot access the site at all. This includes both Google ReCAPTCHA and Cloudflare's bot detection. Oh, and Cloudflare actively checks Tor's public exit node lists and blacklists their IPs, and does the same for VPNs as well. Better drop that anonymity if you want to visit our sites, goy!

TL;DR: Cloudflare is the devil, and anyone who uses it deserves whatever happens to them. 8ch paid the idiot tax. Don't be like 8ch, roll your own damn DDoS protection. Tell sites using Cloudflare to stop using Cloudflare.

For more information about Cloudflare beyond my brief little dissertation, take a look at https://codeberg.org/crimeflare/cloudflare-tor
Anonymous
DYW8L
?
No.241065
241066 241084
21038377692_9dcda01e36_b.jpg
you are an idiot.
Anonymous
xZp38
?
No.241066
starlight-glimmer-confused-png-18.png
>>241065
How so?
Anonymous
x+Xc6
?
No.241067
241068 241078
>>241062
I would like to hear about the webpage modification and the doxx CAPTCHA
Like, what kind of info captchas would send?
How would cloudflare modify a webpage without having access to the server? Do you mean redirecting the user to a new identical webpage? Because that's ilegal and it sure is a breach of the ToS
Anonymous
xZp38
?
No.241068
241071 241079
>>241067
>How would cloudflare modify a webpage without having access to the server?
Cloudfare IS the server and own the drives where the sites are hosted. It is called cloud computing.
Anonymous
DYW8L
?
No.241069
241084
That’s why I called him an idiot
Anonymous
DYW8L
?
No.241071
241072
130232443562.gif
>>241068
Cloudflare does not host ANYTHING! the host for the website does. meaning that NT Technology the isp for 8chan hosts and has the drives. cloudflare is a ddos mitigation company.
Anonymous
xZp38
?
No.241072
241074
ashamed-rainbow-dash-by-derpycoltmax63-cartoon.png
>>241071
You are right. Point taken.
Anonymous
DYW8L
?
No.241074
241077 241084
hqdefault.jpg
>>241072
now i perfectly understand people not liking cloudflare for their decision with 8chan. but other ddos mitigation companies would have done the same thing.
i dont know how you would roll you own ddos protection. if i can i will. it just seems like an expensive thing to do because of server costs etc. at the moment there are no *Bullet proof* ddos mitigation companies so i cant see that either.
Anonymous
ollo7
?
No.241077
my-little-pony-rainbow-dash-scootaloo.png
>>241074
>i dont know how you would roll you own ddos protection.
That's an exaggeration.
This site is mainly about horsefuckery and edgy memes and it has nothing to do with 8cuck.
Anonymous
eBSw1
?
No.241078
1074927__safe_artist-colon-flutterthrash_twilight sparkle_alicorn_bed_female_food_mare_pony_quesadilla_quesadilla monster_scared_sleeping_they're jus.png
>>241067
CAPTCHA's are a little tricky to explain, and no two CAPTCHA's or DDoS protection services are the same, so I'll try to give a more general overview of it.

Every CAPTCHA has a unique ID number attached to it, and when you solve the CAPTCHA, your IP and all of your browser details are, in theory, shipped back to the CAPTCHA server attached to this unique ID. I don't know how Google does this, but Cloudflare does this with RayIDs.

What I'd really like to drive home here is that you can be identified by a whole lot more than just your IP address. I'd like for you, and any other interested anons, to check some of these links out to see exactly what can be tracked in your browsers.
Your IP address is one thing: https://browserleaks.com/ip
But JavaScript (https://browserleaks.com/javascript) can track a lot more details, like your screen size, time zone, operating system, battery life, even what extensions you have installed.
You can track what your graphics card can do: https://browserleaks.com/webgl
You can track your system based on how you display images: https://browserleaks.com/canvas
You can even track if someone is using Tor or an ad blocker! https://browserleaks.com/proxy
Oh, and private mode does absolutely nothing: https://www.nothingprivate.ml/

Want to be super spooked? Look no further than this: https://clickclickclick.click/

Anyways, the point here is that even if you did change your IP address, through either Tor or a VPN, there's a dozen other ways to track you that can be combined and 'triangulated' to break your anonymity. A CAPTCHA is a very easy way of doing this, since they have to be able to phone home to do their jobs, and it would be very easy to embed tracking scripts into it. With all that data attached to that ID number, it would be a cinch to trace you. Tor Browser can only do so much.
If you think ad companies drool over that kind of data, imagine what the Feds must be thinking.
Even if you block the CAPTCHA, well, you just can't access the site. Do that on the Tor browser, and you create a unique browser signature that means you can be tracked more easily everywhere else. That's why they don't include an ad blocker in the Tor browser, by the way.

Pretty crazy, huh?
Anonymous
eBSw1
?
No.241079
1378047__suggestive_rainbow dash_zephyr breeze_bad touch_chris chan_comic sans_filthy casual_meme_pony_stranger danger_triggered.png
>>241068
>Cloudfare IS the server and own the drives where the sites are hosted
No, that's not correct. They work as the middleman between you and the website. They can host parts of your website, like the videos and pictures, but only if you use the CDN part of their services.
In fact, Cloudflare has banned customers who try to use them for hosting.

However, because they are the middleman, they could, in theory, change what you see on the page.
Anonymous
lXyRU
?
No.241080
241096 241123
I disagree with calling Cloudflare "the Devil." They have cucked on at least two important occasions and so cannot be trusted, but any other mainstream service would have done the same for far less. The fact that they are still protecting edgy material despite having dropped a couple of hot potatoes shows that they still are partly sympathetic to internet freedom. Nowadays the standard is to not just refuse service to the "bad apples" but to hunt down and remove anything remotely objectionable. So yes, Cloudflare is a leaky boat but it's not yet sinking like everything else.

I agree wholeheartedly that they have too much power but to our knowledge they have not yet abused it as "the Devil" surely would. Of course, it's only a matter of time and so alternatives must be found or created. If I were a billionaire I would want to create a competitor.
Anonymous
eBSw1
?
No.241084
1543073654172.jpg
>>241065
>>241069
Codemonkey, shouldn't you be fixing 8ch right now?
>>241074
>i dont know how you would roll you own ddos protection
>what is fail2ban
>what is OWASP
Anonymous
VbQdY
?
No.241086
241094
>roll your own damn DDoS protection.
How?
Anonymous
eBSw1
?
No.241094
>>241086
There's no perfect way to prevent attacks, but there are a few ways to go about it.
The first and easiest is to just rangeban every IP associated with flooding attacks. Chinese and Indian IPs are pretty common sources of DDoS attacks. There's plenty of lists out there for that.
Fail2ban is the second standby: it checks server logs for any funny activity, and bans IPs automatically.
Anything more detailed than that will require a Web Application Firewall, such as ModSecurity. And lots of hours of tweaking, debugging, and configuration to get it to work properly.

Of course, all of that takes valuable time and effort, so most sites outsource it to companies like, well, Cloudflare. That works right up until the service is terminated for political differences.
The simple truth of the matter is that sticking it out and suffering through the DIY approach is going to be a better long-term investment than trusting it to a company that can and does pull their service whenever they feel like it.
Anonymous
eBSw1
?
No.241096
1574671__safe_artist-colon-anontheanon_fluttershy_pinkie pie_rarity_twilight sparkle_animated_casket_catacombs_crypt_disneyland_phantom manor_pillar_si.gif
>>241080
>I disagree with calling Cloudflare "the Devil." They have cucked on at least two important occasions and so cannot be trusted, but any other mainstream service would have done the same for far less.
That's true, and I won't argue with that. However,
>The fact that they are still protecting edgy material
"Protecting" is a strong word. In my observations, Cloudflare takes more or less the same approach that Google does to platforms like YouTube: ignoring it as long as their customers (or the ads) pay, right up until the pressure of hosting it matters more than their customer's shekels.
They're just opportunistic. Nothing more, nothing less.
>So yes, Cloudflare is a leaky boat but it's not yet sinking like everything else.
That 'yet' is going to be coming pretty soon. With a massive precedent like 8ch's deplatforming set, future deplatforming is going to come much faster. Censorship is a very real slippery slope, especially for tech giants.
>If I were a billionaire I would want to create a competitor.
Sure, but only to fill a market void. When it comes down to it, the bottom lines almost always matter more than the principles of the matter. The underlying problem isn't fixed, all you've done is jump ship to delay it's onset.
Fixing the problem would require owners of 'edgy' sites to DIY their protection measures.
Anonymous
rSaZJ
?
No.241101
soon.jpg
Mocking Bird internet.

Unless convenient decentralisation is sorted out, which is hard when many will be on phones/tablets.

https://gnunet.org/en/ ??
Anonymous
ctm6F
?
No.241123
241127
FSedit.png
>>241062
>Archive.is, when resolved by Cloudflare, is inaccessible
IDK what the faggots in this thread are on about, this is extremely damning on its own.

>webpage modification
CF receives pageload/post from you.
CF can modify that before sending it through to 8c

8c sends page to CF, for purposes of forwarding to you
CF can modify the page before doing so.

>that's illegal
it isn't. and if it's a breach of ToS you can't prove it happened anyway so good luck.

>capcha doxxing
capchas are analogous to a retina scan of your computer. Together with the extremely accurate temporal corralation CF can do (because of how many sites they serve), you should certainly fear it like a dox.

>roll your own ddos
it has two components:
1. the ability to soak up attacks by virtue of massive bandwidth
2. the ability to reduce attacks with smart blocking strategies (one of which is introducing capchas)

>>241080
>CF only shits in some of their customers' mouths, while it's standard nowadays to shit in the mouths of all your customers
gr8 argument
Anonymous
ovvkM
?
No.241126
>>241062
>Archive.is, when resolved by Cloudflare, is inaccessible
I believe that's the main reason why many post are with page' screenshots and not archived with Archive.is.
Anonymous
lXyRU
?
No.241127
>>241123
>capchas are analogous to a retina scan of your computer. Together with the extremely accurate temporal corralation CF can do (because of how many sites they serve), you should certainly fear it like a dox.

Good thing I use a VPN that's outside the States so they get only a generic IP instead.
Anonymous
Ws+0K
?
No.242561
242562
We should get Cloudflare to drop some of these other sites too. The less business for them, the more for competitors, the more butthurt at them. Encyclopedia Dramatica engages in doxing of minors for example.
Anonymous
KqeGB
?
No.242562
>>242561
That's a terrible idea. We don't need to help the enemy censor us.
;