CloudFlare Watch
crimeflare.comSo... judging by the titles, what this website is suggesting is basically that free speech only applies if you agree with it, and since they don't agree with CloudFlare's decision to host everything, CloudFlare is bad?
Honestly, the only thing I don't like about CloudFlare is their treatment of Tor users, which I don't see being mentioned anywhere in here.
We're making a lot of changes to how we handle Tor: https://support.cloudflare.com/hc/en-us/articles/203306930
I missed this! This is great news and frankly deserves a mention on CF's really nice company blog so that as many site owners as possible learn about the new granularity for Tor.
As a Tor relay operator and CF customer, I've been really split on the effects of CF's power. After all, blocking heuristics is just what I need.
Part of my job is maintaining a bunch of viral WordPress sites on a small budget. In addition to the crazy bandwidth and responsiveness a CF pro subscription buys you, the service really is a small biz secops dream machine. I can actually focus on writing when I just put sites behind CF.
Maybe it's Appelbaum's fate to be the Stallman of any tech with mass surveillance potential. That's not an insult and it's good to have immutable critics of centralized infrastructure. But it's certainly a bit tiresome sometimes.
The options presented by CF seem to hit a nice balance. Making blanket Tor blocking an enterprise-only feature is a nice touch. In the spirit of that, it'd maybe make sense to also make JS challenge the default for new Cloudflare domains?
Now, if there only was some magic beyond keyless ssl to get rid of the MiTM aspect...
We are going to blog about Tor soon.
It's funny how Often a real space concept (country) which is used to model business logic ends up morphing into a abstract configuration knob.
i believe Conway's law applies here.
What's the point in restricting this to enterprise users? I can make access rules for every other country except 'T1' on a the entry-level paid plan?
It's only the "country level block" bit that is limited to enterprise.
But then again, if you're using Nginx something like the following may work (gah, have not tested):
Assumes you have enabled the GeoIP stuff, which again... I've not tested whether it sends Tor through as a country identifier... I shall ask.http { map $http_cf_ipcountry $allow_country { default yes; T1 no; } server { if ($allow_country = no) { return 403; } } }Or you could do the opposite and restrict access unless someone is accessing via Tor ;)
The move to the new reCAPTHA alone has made it a lot more usable for tor users.
No, it really hasn't. In most cases the new reCAPTCHAs actually take longer to solve than the old ones.
The old variant which makes you read street numbers is pretty quick and painless - type in 3 or 4 digits and you're done. With the new one, first you have to figure out what it wants you to identify (street signs? storefronts? lakes? mountains? food?), and then scan through a bunch of small, poorly focused images. Even if you get it right, many times it asks you to complete two or three separate challenges before it lets you through.
The only time the new version is more usable is when you run into the one old variant which is virtually unsolvable.[1] I actually wonder if some of these even have solutions. There have been countless times where it's rejected an answer I was sure was correct.
[1]https://2.bp.blogspot.com/---dJJOn8n9c/U1rZNDiWG1I/AAAAAAAAO...
Before the switch, 80% of the time I would get the unsolvable ones.
As far as I can tell, this is by Daniel Brandt - previously of (now defunct) Google Watch and a bunch of other similar projects over the past 27+ years: http://www.leavegooglebehind.com/news/2012/02/google-critic-...
(Based on the IRS letter posted on the site at http://www.crimeflare.com/gifs/irslet.gif which mentions "Public Information Research Inc", Brandt's organization)
Update: confirmed, here's a page on the site which Daniel signs his name to: http://www.crimeflare.com/cfs.html
I'm ignorant of who this man is; is there a particular reason his character should be known in the context of this website?
Archived WP page:
https://web.archive.org/web/20060819151043/http://en.wikiped...
Partial postmortem edit log:
https://web.archive.org/web/20120204052201/http://en.wikiped...
Daniel Brandt? I googled that name and, whoa, those results!
Some people do some pretty nasty things using the Internet and may be protected by CloudFlare. But there's also some pretty amazing things that happen because of it.
Some people say mean, false, and hurtful things. But others can say kind, insightful, and truthful things.
Some religious traditions are honestly rather disturbing to me. But others are a part of who I am.
I would much prefer to live in a world where everyone is free to use the Internet, speak, and believe as they desire, even if that has some negative consequences, than to live in a world where someone else dictates what I or anyone else can publish, say, and believe.
I don't understand your last paragraph. CloudFlare isn't a necessary service for publishing stuff online. If they tightened up their rules, that wouldn't be a world where someone else dictates what you can say or believe.
Free speech doesn't require private entities to host or publish regardless of content, and it's totally consistent to both advocate for free speech and advocate that entities not make certain kinds of speech. For example, I think the KKK should be allowed to say all the hateful things they say, and I also think the KKK should close up shop and stop bothering everybody.
I was drawing parallels; Cloudflare's open support for all websites is meritorious in the same way that freedom of speech and religion are meritorious. The temptation to regulate it has consequences which are analogous to limiting speech or religion.
And no, it wouldn't dictate what you could say or believe, but it can help you say it. And if you need to say something that a powerful entity doesn't want said, they can protect you from DDoS and other attacks.
It's one thing to advocate that entities not make certain kinds of speech - by all means, please advocate away! But CloudFlare is an assistant to speech, not just an advocate. The moment you start making rules and decisions about what you enable, you open yourself up to the human possibility of making wrong rules and decisions. And that means it's better to not make the rules in the first place. "Better that ten guilty persons escape than that one innocent suffer" and all that.
I don't get this at all. Why shouldn't CloudFlare make rules? So what if they get it wrong sometimes? There are plenty of alternatives. Not having any rules about what you'll host seems crazy.
Free speech means that you can say whatever you want, but it does not mean that you can get others to help you say it. If they want to help then fine, but if they don't want to help you that's not a free speech issue.
They should consider what it would be like to live in an alternate universe where they were a consumer of their service. Not just being a customer themselves (that would be "give the customer everything, and pay him for the privilege"), but what would the rest of the world look like - would the company be in business, would there be negative externalities, etc.
For the reasons described, the thought experiment would (in my mind) suggest that there should be no speech restrictions, so that's the action they should take. Or you could describe it as "do unto others as you would have them do unto you".
It's hard to host a website if you don't have the support of CloudFlare or something similar, DoS attacks get you off hosting providers pretty quickly.
Not only are the alternatives to CF as you acknowledge but the number of sites hit by DOS attacks is low in the grand scheme of things.
The sites most in need of free speech protection probably also need more DoS protection (see DoSes of GitHub, for example).
It seems weird to target them because their services can be abused for illegal purposes like terrorism. One can use Bic pens also for terrorist purposes, but I don't recall people setting up bic watch websites.
And on http://www.crimeflare.com/cfs.html you can see he accepts payments through Paypal, why rally against CloudFlare but don't mind getting money through Paypal?
The Silicon Valley is the opium of the people quote just makes it feel all in all very goofy, combined with the nineties website, comic sans and under construction gifs just seem to lack.
If the web development skills on display here are any indication, I think this personal lacks a fundamental understanding about how all this tech works.
I do not agree with what you have to say, but I'll defend to the death your right to say it.
karma be damned: the 90s called and they want their website back!
Heh, I recently discovered that one of the first "websites" (and I use that term loosely) I ever made is still online, unmodified since 1997. I'm leaving it up and not touching it, just so I can celebrate its 20th birthday next year.
I'm curious if the person created the website to look dated and unattractive to add more of a grungy.. aka underground info feel? I love CloudFlare all, but haters gone hate, and everyone is free to express their views.
I halfway expected to find a CF-Cache-Status:HIT Response Header. He doesn't use caching at all.
1 point for consistency. -100000 points for advocating censorship.
"It costs $22 USD a day to keep CloudFlare Watch online"
What the hell?!? He pays 600 bucks a month for some shitty HTML? What kind of hosting is this?
That also includes all the web scraping it's doing. As it says, there's a lot of churn in the data, and it tries to keep it all updated.
Of course, that's still way too much. I don't believe that's an honest figure, or the owner is being ripped off.
Seems to be the same guy who made cloudflare-watch.com which was actually using cloudflare for a while.
G, they make me like cloudflare by creating a site to complain. How did they do it?
This is like the argument that Doctors Without Borders facilitates violence. Utterly ridiculous.
Good on CloudFlare.
smh
Shameless plug / full disclosure: I work at Kloudsec
In case you're looking for alternatives, Kloudsec [1] is a minimal CDN platform made for programmers. And I think we make a good alternative because:
a) You get to keep your nameservers, just point the relevant domain to our CDN's IP
b) Auto LetsEncrypt SSL cert provisioning (and renewing too)
c) Every plugin is optional (WAF, Pagespeed, Analytics). Just toggle them on and off. You can also build/bring your own (nginx) plugin onto our CDN network.
Shameless plugs are great, but are you saying you take active effort to keep undesirable people from using your service? Because I'm not sure (at least on this forum) why you'd want to say that you do, and you're not differentiating yourself for the purposes of this article if you're not. :)