Cloudflare is a honeypot. Free honey for everyone. Some strings attached. Cloudflare sits between you and origin web server. You are not able to connect to your chosen destination. You are connecting to Cloudflare and all your information is being decrypted and handed over to them.

submitted by In-the-clouds from blog.ononoki.org

all 27 comments
sorted by:
top
newinsightfulfun

[–]Tarrock 15 insightful - 3 fun15 insightful - 2 fun16 insightful - 3 fun -  (0 children)

I believe the theory that cloudflare is a government op. They came out of no where and offered ddos protection cheaper than all of their competitors and are now top of the industry where they pretty much have a monopoly. Plus Matthew Prince is regularly seen with intel agents.

[–][deleted] 13 insightful - 3 fun13 insightful - 2 fun14 insightful - 3 fun -  (6 children)

Yeah, they break SSL/TLS encryption to inspect packets, this should not exist

[–]notafed 5 insightful - 3 fun5 insightful - 2 fun6 insightful - 3 fun -  (0 children)

This is how pretty much every DDoS firm works.

[–]HiddenFox 3 insightful - 2 fun3 insightful - 1 fun4 insightful - 2 fun -  (2 children)

Not trying to be a dick but can you show proof of how they break SLL/TLS encryption?

[–][deleted] 6 insightful - 1 fun6 insightful - 0 fun7 insightful - 1 fun -  (1 child)

Not trying to be a dick but can you show proof of how they break SLL/TLS encryption?

Quoted from cloudflare:

"Cloudflare Gateway can perform SSL/TLS decryption in order to inspect HTTPS traffic for malware and other security risks. When you enable TLS decryption, Gateway will decrypt all traffic sent over HTTPS, apply your HTTP policies, and then re-encrypt the request with the Cloudflare certificate."

https://developers.cloudflare.com/cloudflare-one/policies/filtering/http-policies/tls-decryption/

[–]Pantypicker 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

every user in this thread is a software bot.

[–]HongBongPhooey 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

This guy in this video describes several ways to find information about sites that hide behind cloudflare..

https://youtu.be/UBZBL65Dv1w

[–]The_Lear_Bluce_Ree 9 insightful - 3 fun9 insightful - 2 fun10 insightful - 3 fun -  (0 children)

Interesting I just assumed it was a massive super cookie type of thing to track users as they move between each cloudflare hosted site. I should've known it was much more nefarious, it always is.

[–]jw329 9 insightful - 3 fun9 insightful - 2 fun10 insightful - 3 fun -  (0 children)

99% of the big global companies are deep state owned. They own the banking system and buy up any important company out there. They have been doing this since the beginning of time. So I'm not surprised

[–]BISH 4 insightful - 4 fun4 insightful - 3 fun5 insightful - 4 fun -  (0 children)

We're fucked.

[–]LynchTheGroomers 5 insightful - 2 fun5 insightful - 1 fun6 insightful - 2 fun -  (3 children)

Y'all be cowardly. You have no privacy just accept it. Now unless you wanna blow a building up CIA niggas don't give a shit about you. You think you're on some watch list somewhere just because you said there are only two genders? You think the CIA is onto you because you think Zionist Jews run the world? PEOPLE SAY THIS ON INTERVIEWS ON YOUTUBE. MAN UP. ALL THIS FLUORIDE YOU'VE BEEN GUZZLING HAS MADE YOU A FEARFUL COWARDLY CUCK. THERE ARE PEOPLE ON YOUTUBE SHOUTING WHAT YOU SAY. STOP HIDING AWAY LIKE A PENIS THAT HAS BEEN EXPOSED TO COLD WATER. MORE YOU HIDE AND BITE YOUR TONGUE MORE THEY CAN GET AWAY WITH OPPRESSING YOU.

[–]Alphix 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 1 fun -  (2 children)

The U.N. is drafting a LAW (I know, I know!) that will make it a CRIME to express "misinformation" or to "sow dissent". It will also make "extremist" positions a crime.

Take that.

[–]LynchTheGroomers 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (1 child)

Cool. Then we are extremists. So what? Should I live in fear because I believe in objective facts about gender? They felt bold enough to do that because they saw niggas is afraid to speak. They didn't come out one day and say "IT IS NOW ILLEGAL TO CALL A MAN A MAN", they tested the waters, saw a bunch of pussies and then decided to do it.

[–]Alphix 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

Oh, no. I never advocate fear, not any more than I would advocate hiding one's head in the sand.

[–][deleted] 4 insightful - 1 fun4 insightful - 0 fun5 insightful - 1 fun -  (1 child)

deCloudflare

[–]In-the-clouds[S] 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

It looks like the link you provided is the same content as on the link I shared, word for word, with more images. I searched and see the same post has been duplicated in many sites. I do not know who the original author might be.

[–][deleted] 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

I'd love to see a DIY Cloudflare alternative. Even if it were 95% less powerful than the real thing, it would provide an alternative for site admins who feel guilty using Cloudflare. It's basically monitoring for servers being unable, and re-routing traffic to another server, like some kind of round robin DNS setup. 8kun had to figure out their own DDOS protection service, because no one would provide it to them. You could maybe even have it not act as a MITM and not break SSL security.

[–]ID10T 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (8 children)

They get a certain amount of information, like IP address and the sites you like to visit. They do not decrypt the data you send and receive over SSL.

Edit: I stand corrected. The own the SSL cert so they decrypt the traffic and pass it on to the websites.

They can scrape public pages like these to see what you read, and if they really cared they could scrape multiple pages you visit frequently and figure out your usernames from when you leave comments. However this would violate laws in many countries if they did so without notifying you, so this is not happening. They can read the get parameters that end up in URLs, like if you search in a search engine on cloudflare, they can associate your query string with your IP address. You can use a VPN if your really concerned about privacy. Cloudflare is pretty low down on the list of companies and organizations you should be concerned about slurping your info.

[–][deleted] 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 1 fun -  (0 children)

They do not decrypt the data you send and receive over SSL.

That isn't actually true

"Cloudflare Gateway can perform SSL/TLS decryption in order to inspect HTTPS traffic for malware and other security risks. When you enable TLS decryption, Gateway will decrypt all traffic sent over HTTPS, apply your HTTP policies, and then re-encrypt the request with the Cloudflare certificate."

https://developers.cloudflare.com/cloudflare-one/policies/filtering/http-policies/tls-decryption/

However this would violate laws in many countries if they did so without notifying you, so this is not happening.

Lmao

[–]In-the-clouds[S] 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 1 fun -  (4 children)

They do not decrypt the data you send and receive over SSL.

What you say directly contradicts what is on Cloudflare's own website:

Cloudflare must decrypt traffic in order to cache and filter malicious traffic.

Screenshot

[–]ID10T 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (2 children)

Damn that's kind of fucked up. Whelp I stand corrected. Thanks

[–]In-the-clouds[S] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (1 child)

Haha, well it is strange to me, too, that a middleman is allowed to decrypt all the traffic.

I respect you for coming back, humbling yourself a bit, and coming into agreement with us.

[–]ID10T 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

There should never be any shame in admitting when you're wrong. How else can you learn? I like learning things.

[–]notafed 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

There's no way to peform "application layer" filtering if you can't decrypt the data, and if any one entity can decrypt the data, then anyone can and the system is completely broken.

[–][deleted] 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (1 child)

Look at the SSL cert for this site. You are interacting with cloudflare directly, and saidit only indirectly.

[–]In-the-clouds[S] 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

That was a good suggestion. I just now clicked on the lock in the address bar. Sure enough, the SSL certificate belongs to Cloudflare.