CloudFlare #96
Labels
No Label
🔍🤖 Search Engines
approved
dependencies
duplicate
feedback wanted
high priority
I2P
iOS
low priority
OS
Self-contained networks
Social media
stale
streaming
todo
Tor
WIP
wontfix
XMPP
[m]
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
✨ enhancement
❌ software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
💻 hardware
🌐 hosting
🏠 housekeeping
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
🌐 website issue
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
🗨️ instant messaging (im)
🇦🇶 translations
No Milestone
No Assignees
1 Participants
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: privacyguides/privacytools.io#96
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
CloudFlare is a major privacy issue to the users of a site protected by it.
Is there a good reason to use it for privacytools.io?
Also, CF SSL is not very friendly.
The reason i decided to use CloudFlare was the fact that it's easy to setup, and nice to have a free ssl certificate. To be honest to have https for privacytools.io is totally optional, since we're not dealing with any user date whatsoever. We had some discussion about CloudFlare before: https://www.reddit.com/r/privacytoolsIO/search?q=CloudFlare&restrict_sr=on&sort=relevance&t=all
I don't think this is a priority at the moment.
Note: HTTPS is faster, trustworthy (this site doesn't deal with user data, but it's a good practice and feels much more trustworthy for users), and looks better.
Plenty of reasons to use https even for a static site. Some here: https://www.bitballoon.com/blog/2014/10/03/five-reasons-you-want-https-for-your-static-site
Personally I would move away from cloudfare and use let's encrypt to get a free certificate.
https://www.troyhunt.com/i-wanna-go-fast-https-massive-speed-advantage/
I can't switch to Let's Encrypt at the moment, because I'd have to change the DNS servers of the domain and that would reveal my server location. I agree with you that Let's Encrypt is first choice, but CloudFlare still makes privacytools.io faster, hides my server location and provides a free SSL certificate. Again, we're not handling any user data.
@privacytoolsIO
You can hide your server location via a VPN static IP address.
Read this comment from Moonchild (Pale Moon dev) why Lets Encrypt isnt good:
https://forum.palemoon.org/viewtopic.php?f=17&t=13216&p=97307#p97307
@beerisgood
That was 14 months ago. Does that still apply?
@privacytoolsIO
Hide server location? Then why not rental hosting server?
Try https://danwin1210.me/ .
You'll receive:
Just try it. Better than Cloudflare.
@Hillside502 Yes. I got this answer from Moonchild:
@Hillside502 @beerisgood
It is getting even worse https://letsencrypt.org/2017/07/06/wildcard-certificates-coming-jan-2018.html
And they are sticking with their fragile/questionable verification process
This opens the door wide for abuse. Wondering how Mozilla is going happily along, but perhaps not any more since Mozilla is also actively sponsoring this MitM provider CF.
https://www.robtex.com/dns-lookup/www.mozilla.org
That from an organization supposedly promoting privacy and freedom of the internet and asking for donations of that cause... well bon chance