Author Topic: PLEASE disable Cloudflare on the forum  (Read 21896 times)

0 Members and 1 Guest are viewing this topic.

Offline Tuck Fheman

#sharebits "karnal" 1 GREATIDEA
#sharebits "karnal" 5 PERCENT
Lucksacks.com - The Largest Cryptocurrency Freeroll Poker Site in the World!

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
Paging @taulant @bitsapphire

Offline dannotestein

  • Hero Member
  • *****
  • Posts: 760
    • View Profile
    • BlockTrades International
  • BitShares: btsnow
http://blocktrades.us Fast/Safe/High-Liquidity Crypto Coin Converter

Offline cass

  • Hero Member
  • *****
  • Posts: 4311
  • /(┬.┬)\
    • View Profile
█║▌║║█  - - -  The quieter you become, the more you are able to hear  - - -  █║▌║║█

Offline karnal

  • Hero Member
  • *****
  • Posts: 1068
    • View Profile
Dear forum admins,

I've brought this up before, many months ago. Cloudflares' quest to eradicate privacy and anonimity online has taken on a whole new level since.

Most users here don't realize there is a company in the middle (Cloudflare) who is scooping all you write, including private messages, since when you connect over TLS to bitsharestalk.org, it's actually to Cloudflare that you're connecting. They own the private key to the certificate and can therefore read everything you do here (including snatching your password and any and all PMs you send).

At the very least I hope that from Cloudflare to the bitshares forum webserver, the connection is TLS-secured, or all your passwords and PMs are transiting parts of the internet in cleartext.

Anyway, this is really mostly an issue for people who use Tor and VPNs, because in their infinite wisdom, Cloudflare has declared that every Tor/VPN user is a criminal or a proto criminal and therefore has to be subjected to endless harassment to be able to read content online.

As someone who browses the internet exclusively through Tor, let me tell you, it is disconcerting how many websites out there use this companys' service, possibly without realizing that they are endagering all of their users' privacy (give all your site data to a US-owned company, great idea these days!!! straight to the NSA..). The situation is becoming a bit like google analytics being ever-present, so Google has a pretty good view of what a large chunk of the internet does.

This forum is no exception;

 (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
  (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
  m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
  })(window,document,'script','//www.google-analytics.com/analytics.js','ga');

  ga('create', 'UA-46762057-4', 'auto');
  ga('send', 'pageview');

But I digress (and it's easy to opt out of this pervasive tracking with extensions such as ghostery and/or RequestPolicy).


Anyhow,
May I give you a very abridged version of the events over the last year or so, from a day-to-day Tor user (and there more than are a few around here):



Rather than straight loading the forum as would happen on an uncensored connection, Tor and VPN users are subjected to extra checks.

In the beginning, it was possible to solve their captchas with javascript off. It was an annoyance, to be sure, but because I'm involved with this community, I endured the pain. Most other sites, though? Can't count how many articles I haven't read because I couldn't be bothered typing yet another captcha.

Things moved on. At some point, the captchas became plain and simply plain impossible for humans to solve with javascript turned off. And Cloudflare knew that, of course. it was by design, I suspect. So now we had to turn javascript on in order to have a chance of solving the captcha, and of course, the captcha is served from google, so now we are being forced to talk to googles' servers too.

It stayed there for awhile, but I guess the endless abuse from pedophiles and terrorists continued, so they upped their game; Now it's gone up to a stage where (I'm serious) there is a matrix of squares, and solving the captcha consists of selecting "all images with pool tables", "all images with pool chairs", "all images with sweets", "all images with bodies of water" (this one is particularly funny, for some fucked up reason when you click a square with a body of water, it'll neatly disappear and reappear, at which point you have to select it again if it's another body of water, sometimes this goes on for 3-6 times in a row).

But once isn't enough, apparently the terrorists have been developing very efficient software to automatically solve the captchas, because you'll be blasted with 2, 3, 4, 5 rounds of these retarded questions, until His Cloudflarianess deems you are worthy of visiting the website (5 minutes later).

And because you might've turned into a pedophile bot since the last captcha, it'll also regularly re-prompt you to solve them as you browse the same website, in the same session.

Oh, and Javascript HAS TO be turned ON. This time they didn't even bother pretending to accomodate, no javascript = images can't be clicked = captcha can't be solved = no website for you!



I used to visit this forum several times a day during work breaks and what not. Now I'm lucky if I come once every 3 days. Sorting flowers and pool tables, I have better use for my time.


So please, one more time, disable this horrible thing from the forum, the user experience is beyond reproachable and also in terms of privacy and freedom, it's a pretty bad move to use them.

Thank you.
« Last Edit: February 28, 2016, 11:53:09 am by karnal »