CloudFlare #96

New Issue

2016-11-18T17:43:04Z

ghost commented

2016-11-18 17:43:04 +00:00

(Migrated from github.com)

CloudFlare is a major privacy issue to the users of a site protected by it.

Is there a good reason to use it for privacytools.io?

CloudFlare is a major privacy issue to the users of a site protected by it. Is there a good reason to use it for privacytools.io?

ghost commented

2016-11-21 15:24:53 +00:00

(Migrated from github.com)

Also, CF SSL is not very friendly.

╭─samuel@ROG  ~  
╰─$ python
Python 2.7.6 (default, Jun 22 2015, 17:58:13) 
[GCC 4.8.2] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> from urllib2 import urlopen
>>> urlopen("https://privacytools.io")
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib/python2.7/urllib2.py", line 127, in urlopen
    return _opener.open(url, data, timeout)
  File "/usr/lib/python2.7/urllib2.py", line 404, in open
    response = self._open(req, data)
  File "/usr/lib/python2.7/urllib2.py", line 422, in _open
    '_open', req)
  File "/usr/lib/python2.7/urllib2.py", line 382, in _call_chain
    result = func(*args)
  File "/usr/lib/python2.7/urllib2.py", line 1222, in https_open
    return self.do_open(httplib.HTTPSConnection, req)
  File "/usr/lib/python2.7/urllib2.py", line 1184, in do_open
    raise URLError(err)
urllib2.URLError: <urlopen error [Errno 1] _ssl.c:510: error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error>
>>>

Also, CF SSL is not very friendly. ``` ╭─samuel@ROG ~ ╰─$ python Python 2.7.6 (default, Jun 22 2015, 17:58:13) [GCC 4.8.2] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> from urllib2 import urlopen >>> urlopen("https://privacytools.io") Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/usr/lib/python2.7/urllib2.py", line 127, in urlopen return _opener.open(url, data, timeout) File "/usr/lib/python2.7/urllib2.py", line 404, in open response = self._open(req, data) File "/usr/lib/python2.7/urllib2.py", line 422, in _open '_open', req) File "/usr/lib/python2.7/urllib2.py", line 382, in _call_chain result = func(*args) File "/usr/lib/python2.7/urllib2.py", line 1222, in https_open return self.do_open(httplib.HTTPSConnection, req) File "/usr/lib/python2.7/urllib2.py", line 1184, in do_open raise URLError(err) urllib2.URLError: <urlopen error [Errno 1] _ssl.c:510: error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error> >>> ```

privacytoolsIO commented

2016-12-18 05:59:51 +00:00

(Migrated from github.com)

The reason i decided to use CloudFlare was the fact that it's easy to setup, and nice to have a free ssl certificate. To be honest to have https for privacytools.io is totally optional, since we're not dealing with any user date whatsoever. We had some discussion about CloudFlare before: https://www.reddit.com/r/privacytoolsIO/search?q=CloudFlare&restrict_sr=on&sort=relevance&t=all

I don't think this is a priority at the moment.

The reason i decided to use CloudFlare was the fact that it's easy to setup, and nice to have a free ssl certificate. To be honest to have https for privacytools.io is totally optional, since we're not dealing with any user date whatsoever. We had some discussion about CloudFlare before: https://www.reddit.com/r/privacytoolsIO/search?q=CloudFlare&restrict_sr=on&sort=relevance&t=all I don't think this is a priority at the moment.

👎 3

ghost commented

2016-12-18 10:45:32 +00:00

(Migrated from github.com)

Note: HTTPS is faster, trustworthy (this site doesn't deal with user data, but it's a good practice and feels much more trustworthy for users), and looks better.

👍 1

bakku commented

2016-12-18 11:17:23 +00:00

(Migrated from github.com)

Plenty of reasons to use https even for a static site. Some here: https://www.bitballoon.com/blog/2014/10/03/five-reasons-you-want-https-for-your-static-site

Personally I would move away from cloudfare and use let's encrypt to get a free certificate.

Plenty of reasons to use https even for a static site. Some here: https://www.bitballoon.com/blog/2014/10/03/five-reasons-you-want-https-for-your-static-site Personally I would move away from cloudfare and use let's encrypt to get a free certificate.

👍 1 👎 1

ghost commented

2016-12-18 11:25:47 +00:00

(Migrated from github.com)

https://www.troyhunt.com/i-wanna-go-fast-https-massive-speed-advantage/

privacytoolsIO commented

2016-12-19 01:21:24 +00:00

(Migrated from github.com)

I can't switch to Let's Encrypt at the moment, because I'd have to change the DNS servers of the domain and that would reveal my server location. I agree with you that Let's Encrypt is first choice, but CloudFlare still makes privacytools.io faster, hides my server location and provides a free SSL certificate. Again, we're not handling any user data.

I can't switch to Let's Encrypt at the moment, because I'd have to change the DNS servers of the domain and that would reveal my server location. I agree with you that Let's Encrypt is first choice, but CloudFlare still makes privacytools.io faster, hides my server location and provides a free SSL certificate. Again, we're not handling **any user data.**

👍 1

Hillside502 commented

2018-01-01 21:59:55 +00:00

(Migrated from github.com)

@privacytoolsIO
You can hide your server location via a VPN static IP address.

@privacytoolsIO You can hide your server location via a VPN **static** IP address.

beerisgood commented

2018-01-01 23:21:22 +00:00

(Migrated from github.com)

Read this comment from Moonchild (Pale Moon dev) why Lets Encrypt isnt good:
https://forum.palemoon.org/viewtopic.php?f=17&t=13216&p=97307#p97307

Read this comment from Moonchild (Pale Moon dev) why Lets Encrypt isnt good: https://forum.palemoon.org/viewtopic.php?f=17&t=13216&p=97307#p97307

Hillside502 commented

2018-01-02 11:01:58 +00:00

(Migrated from github.com)

@beerisgood
That was 14 months ago. Does that still apply?

@beerisgood That was 14 months ago. Does that still apply?

ghost commented

2018-01-03 02:05:06 +00:00

(Migrated from github.com)

@privacytoolsIO

Hide server location? Then why not rental hosting server?

Try https://danwin1210.me/ .
You'll receive:

Access log without IP address (all IP address replaced to 0)
Let's encrypt certificate
Can host with your own domain
Hosted in Germany, not in USA like Cloudflare
Can have .onion domain. You'll automatically receive onion domain!
Free
He's friendly.

Just try it. Better than Cloudflare.

@privacytoolsIO Hide server location? Then why not rental hosting server? Try https://danwin1210.me/ . You'll receive: 1. Access log without IP address (all IP address replaced to 0) 2. Let's encrypt certificate 3. Can host with your own domain 4. Hosted in Germany, not in USA like Cloudflare 5. Can have .onion domain. You'll automatically receive onion domain! 6. Free 7. He's friendly. Just try it. Better than Cloudflare.

beerisgood commented

2018-01-03 11:44:04 +00:00

(Migrated from github.com)

@Hillside502 Yes. I got this answer from Moonchild:

Nothing has changed about the way Let's Encrypt does things because all of those bad things are "by design" for them

@Hillside502 Yes. I got this answer from Moonchild: > Nothing has changed about the way Let's Encrypt does things because all of those bad things are "by design" for them

ghost commented

2018-01-03 18:37:16 +00:00

(Migrated from github.com)

@Hillside502 @beerisgood
It is getting even worse https://letsencrypt.org/2017/07/06/wildcard-certificates-coming-jan-2018.html

And they are sticking with their fragile/questionable verification process

We will initially only support base domain validation via DNS for wildcard certificates

This opens the door wide for abuse. Wondering how Mozilla is going happily along, but perhaps not any more since Mozilla is also actively sponsoring this MitM provider CF.

https://www.robtex.com/dns-lookup/www.mozilla.org

cname | www.mozilla.org.cdn.cloudflare.net

That from an organization supposedly promoting privacy and freedom of the internet and asking for donations of that cause... well bon chance

@Hillside502 @beerisgood It is getting even worse https://letsencrypt.org/2017/07/06/wildcard-certificates-coming-jan-2018.html And they are sticking with their fragile/questionable verification process > We will initially only support base domain validation via DNS for wildcard certificates This opens the door wide for abuse. Wondering how Mozilla is going happily along, but perhaps not any more since Mozilla is also actively sponsoring this MitM provider CF. https://www.robtex.com/dns-lookup/www.mozilla.org > cname | www.mozilla.org.cdn.cloudflare.net That from an organization supposedly promoting privacy and freedom of the internet and asking for donations of that cause... well bon chance

👍 1

This repo is archived. You cannot comment on issues.