privacyguides/privacytools.io
Archived
1
0
Fork 0
Code Issues 304 Pull Requests 47 Activity

CloudFlare #96

New Issue
Closed
opened 2016-11-18 17:43:04 +00:00 by ghost · 12 comments
ghost commented 2016-11-18 17:43:04 +00:00 (Migrated from github.com)
Copy Link

CloudFlare is a major privacy issue to the users of a site protected by it.

Is there a good reason to use it for privacytools.io?

CloudFlare is a major privacy issue to the users of a site protected by it. Is there a good reason to use it for privacytools.io?
ghost commented 2016-11-21 15:24:53 +00:00 (Migrated from github.com)
Copy Link

Also, CF SSL is not very friendly.

╭─samuel@ROG  ~  
╰─$ python
Python 2.7.6 (default, Jun 22 2015, 17:58:13) 
[GCC 4.8.2] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> from urllib2 import urlopen
>>> urlopen("https://privacytools.io")
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib/python2.7/urllib2.py", line 127, in urlopen
    return _opener.open(url, data, timeout)
  File "/usr/lib/python2.7/urllib2.py", line 404, in open
    response = self._open(req, data)
  File "/usr/lib/python2.7/urllib2.py", line 422, in _open
    '_open', req)
  File "/usr/lib/python2.7/urllib2.py", line 382, in _call_chain
    result = func(*args)
  File "/usr/lib/python2.7/urllib2.py", line 1222, in https_open
    return self.do_open(httplib.HTTPSConnection, req)
  File "/usr/lib/python2.7/urllib2.py", line 1184, in do_open
    raise URLError(err)
urllib2.URLError: <urlopen error [Errno 1] _ssl.c:510: error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error>
>>>
Also, CF SSL is not very friendly. ``` ╭─samuel@ROG ~ ╰─$ python Python 2.7.6 (default, Jun 22 2015, 17:58:13) [GCC 4.8.2] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> from urllib2 import urlopen >>> urlopen("https://privacytools.io") Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/usr/lib/python2.7/urllib2.py", line 127, in urlopen return _opener.open(url, data, timeout) File "/usr/lib/python2.7/urllib2.py", line 404, in open response = self._open(req, data) File "/usr/lib/python2.7/urllib2.py", line 422, in _open '_open', req) File "/usr/lib/python2.7/urllib2.py", line 382, in _call_chain result = func(*args) File "/usr/lib/python2.7/urllib2.py", line 1222, in https_open return self.do_open(httplib.HTTPSConnection, req) File "/usr/lib/python2.7/urllib2.py", line 1184, in do_open raise URLError(err) urllib2.URLError: <urlopen error [Errno 1] _ssl.c:510: error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error> >>> ```
privacytoolsIO commented 2016-12-18 05:59:51 +00:00 (Migrated from github.com)
Copy Link

The reason i decided to use CloudFlare was the fact that it's easy to setup, and nice to have a free ssl certificate. To be honest to have https for privacytools.io is totally optional, since we're not dealing with any user date whatsoever. We had some discussion about CloudFlare before: https://www.reddit.com/r/privacytoolsIO/search?q=CloudFlare&restrict_sr=on&sort=relevance&t=all

I don't think this is a priority at the moment.

The reason i decided to use CloudFlare was the fact that it's easy to setup, and nice to have a free ssl certificate. To be honest to have https for privacytools.io is totally optional, since we're not dealing with any user date whatsoever. We had some discussion about CloudFlare before: https://www.reddit.com/r/privacytoolsIO/search?q=CloudFlare&restrict_sr=on&sort=relevance&t=all I don't think this is a priority at the moment.
👎 3
ghost commented 2016-12-18 10:45:32 +00:00 (Migrated from github.com)
Copy Link

Note: HTTPS is faster, trustworthy (this site doesn't deal with user data, but it's a good practice and feels much more trustworthy for users), and looks better.

Note: HTTPS is faster, trustworthy (this site doesn't deal with user data, but it's a good practice and feels much more trustworthy for users), and looks better.
👍 1
bakku commented 2016-12-18 11:17:23 +00:00 (Migrated from github.com)
Copy Link

Plenty of reasons to use https even for a static site. Some here: https://www.bitballoon.com/blog/2014/10/03/five-reasons-you-want-https-for-your-static-site

Personally I would move away from cloudfare and use let's encrypt to get a free certificate.

Plenty of reasons to use https even for a static site. Some here: https://www.bitballoon.com/blog/2014/10/03/five-reasons-you-want-https-for-your-static-site Personally I would move away from cloudfare and use let's encrypt to get a free certificate.
👍 1 👎 1
ghost commented 2016-12-18 11:25:47 +00:00 (Migrated from github.com)
Copy Link

https://www.troyhunt.com/i-wanna-go-fast-https-massive-speed-advantage/

https://www.troyhunt.com/i-wanna-go-fast-https-massive-speed-advantage/
privacytoolsIO commented 2016-12-19 01:21:24 +00:00 (Migrated from github.com)
Copy Link

I can't switch to Let's Encrypt at the moment, because I'd have to change the DNS servers of the domain and that would reveal my server location. I agree with you that Let's Encrypt is first choice, but CloudFlare still makes privacytools.io faster, hides my server location and provides a free SSL certificate. Again, we're not handling any user data.

I can't switch to Let's Encrypt at the moment, because I'd have to change the DNS servers of the domain and that would reveal my server location. I agree with you that Let's Encrypt is first choice, but CloudFlare still makes privacytools.io faster, hides my server location and provides a free SSL certificate. Again, we're not handling **any user data.**
👍 1
Hillside502 commented 2018-01-01 21:59:55 +00:00 (Migrated from github.com)
Copy Link

@privacytoolsIO
You can hide your server location via a VPN static IP address.

@privacytoolsIO You can hide your server location via a VPN **static** IP address.
beerisgood commented 2018-01-01 23:21:22 +00:00 (Migrated from github.com)
Copy Link

Read this comment from Moonchild (Pale Moon dev) why Lets Encrypt isnt good:
https://forum.palemoon.org/viewtopic.php?f=17&t=13216&p=97307#p97307

Read this comment from Moonchild (Pale Moon dev) why Lets Encrypt isnt good: https://forum.palemoon.org/viewtopic.php?f=17&t=13216&p=97307#p97307
Hillside502 commented 2018-01-02 11:01:58 +00:00 (Migrated from github.com)
Copy Link

@beerisgood
That was 14 months ago. Does that still apply?

@beerisgood That was 14 months ago. Does that still apply?
ghost commented 2018-01-03 02:05:06 +00:00 (Migrated from github.com)
Copy Link

@privacytoolsIO

Hide server location? Then why not rental hosting server?

Try https://danwin1210.me/ .
You'll receive:

  1. Access log without IP address (all IP address replaced to 0)
  2. Let's encrypt certificate
  3. Can host with your own domain
  4. Hosted in Germany, not in USA like Cloudflare
  5. Can have .onion domain. You'll automatically receive onion domain!
  6. Free
  7. He's friendly.

Just try it. Better than Cloudflare.

@privacytoolsIO Hide server location? Then why not rental hosting server? Try https://danwin1210.me/ . You'll receive: 1. Access log without IP address (all IP address replaced to 0) 2. Let's encrypt certificate 3. Can host with your own domain 4. Hosted in Germany, not in USA like Cloudflare 5. Can have .onion domain. You'll automatically receive onion domain! 6. Free 7. He's friendly. Just try it. Better than Cloudflare.
beerisgood commented 2018-01-03 11:44:04 +00:00 (Migrated from github.com)
Copy Link

@Hillside502 Yes. I got this answer from Moonchild:

Nothing has changed about the way Let's Encrypt does things because all of those bad things are "by design" for them

@Hillside502 Yes. I got this answer from Moonchild: > Nothing has changed about the way Let's Encrypt does things because all of those bad things are "by design" for them
ghost commented 2018-01-03 18:37:16 +00:00 (Migrated from github.com)
Copy Link

@Hillside502 @beerisgood
It is getting even worse https://letsencrypt.org/2017/07/06/wildcard-certificates-coming-jan-2018.html

And they are sticking with their fragile/questionable verification process

We will initially only support base domain validation via DNS for wildcard certificates

This opens the door wide for abuse. Wondering how Mozilla is going happily along, but perhaps not any more since Mozilla is also actively sponsoring this MitM provider CF.

https://www.robtex.com/dns-lookup/www.mozilla.org

cname | www.mozilla.org.cdn.cloudflare.net

That from an organization supposedly promoting privacy and freedom of the internet and asking for donations of that cause... well bon chance

@Hillside502 @beerisgood It is getting even worse https://letsencrypt.org/2017/07/06/wildcard-certificates-coming-jan-2018.html And they are sticking with their fragile/questionable verification process > We will initially only support base domain validation via DNS for wildcard certificates This opens the door wide for abuse. Wondering how Mozilla is going happily along, but perhaps not any more since Mozilla is also actively sponsoring this MitM provider CF. https://www.robtex.com/dns-lookup/www.mozilla.org > cname | www.mozilla.org.cdn.cloudflare.net That from an organization supposedly promoting privacy and freedom of the internet and asking for donations of that cause... well bon chance
👍 1
This repo is archived. You cannot comment on issues.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
🔍🤖 Search Engines
approved
approved, waiting for a PR
dependencies
Pull requests that update a dependency file
duplicate
feedback wanted
high priority
I2P
The Invisible Internet Project (I2P)
iOS
low priority
OS
Operating Systems
Self-contained networks
Social media
stale
A label for stalebot if it gets added
streaming
Anything related to media streaming.
todo
Tor
Anything covering the Tor network
WIP
active work in progress, do not merge or PR (yet)!
wontfix
Issues or bugs that will not be fixed and/or do not have significant impact on the project.
XMPP
Extensible Messaging and Presence Protocol
[m]
Matrix protocol
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
Browser Extension related issues
enhancement
software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
Correction of content on the website
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
Firefox & forks, about:config etc.
💻 hardware
🌐 hosting
🏠 housekeeping
Anything primarily related to site cleanup.
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
Virtual Private Network
🌐 website issue
*Technical* issues with the website.
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
Domain Name System
🗨️ instant messaging (im)
🇦🇶 translations
Anything covering a translated version of the site
No Label
Milestone
No items
No Milestone
Assignees
Clear assignees
jonah
No Assignees
1 Participants
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: privacyguides/privacytools.io#96
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?