/tech/ - Technology★

they blocked tor from half the internet since 2011 or so

>they fixed the annoying captcha problem

no they didn't. only if you imitate tor browsers you wont get the captcha. and VPN will still be blocked if that workaround is only for tor IPs

also this

https://blog.cloudflare.com/why-we-terminated-daily-stormer/

'we censored people but thats ok because we sorta feel bad about it but not really, uwu'

>>988778 (OP)

>they announced their own dns with dns over https

You are aware that all of the anti ddos protection works like a MITM ?

>they encrypted sni so isp couldnt see what site you visit by that

And guess who's between the website you visit and you ?

>they fixed the annoying captcha problem

If you use Tor as much as I do (aka always) this is bullshit.

The rest of this is pasta:

Why cloudflare is cancer to the internet

-cloudflare makes it extremely difficult for Tor users and users who disable javascript. This difficulty was originally just a simple CAPTCHA, that progressed into impossible CAPTCHAs (CAPTCHAs that would reject all answers), and finally outright blocks in the case of archive.is; this effectively bans the most security and privacy-conscious users from your site.

-cloudflare arbitrarily bans whoever they want. Today, it is Tor users who disable javascript. Tomorrow, it could be all Firefox users, Linux users, VPN users, Brazillians, Germans, Snowden supporters, filesharers, anons, children, women, homosexuals, Christians. The exact criteria doesn't matter, because it is completely at the whim of cloudflare.

-cloudflare completely breaks SSL

Standard SSL handshake

User -> website's key -> website

User <- User's key <- website

Only the User and the website can read or write data transferred over the HTTPS connection. Authenticity, integrity, confidentiality guarenteed by cryptography.

cloudflare's SSLmao fuarrrk not

User -> cloudflare's key -> cloudflare -> website's key -> website

User <- User's key <- cloudflare <- cloudflare's key <- website

-cloudflare outright decrypts ALL CIPHERTEXT THAT PASSES THROUGH IT. cloudflare has COMPLETE ACCESS TO ALL PLAINTEXT. In other words, cloudflare in a Man-in-the-Middle (MitM) attack.

-cloudflare (untraceably) conducts internet surveillance

-cloudflare (untraceably) steals passwords: online banking, e-voting, internet connected devices, medical implants. If you have used a web frontend for server admin such as PHPMyAdmin, then cloudflare has your server's login password.

-cloudflare (untraceably) steals data: every file uploaded through cloudflare can be read by cloudflare.

-cloudflare can (untraceably) censor content

-cloudflare can implement an Acceptable Content Policy, denying access to any site that does not conform and censor content.

-Word filter

-Copyright detection

-Deep-packet inspection

-Per-user censorship

-cloudflare can (untraceably) tamper with content

-JS exploit injection

-Altering downloaded executables

-Misattributing words

-Framing users for sending data that they did not send.

Untraceably, because unlike a standard MitM, which can always be detected by saving and comparing public keys between sessions, cloudflare is always in the middle and is always either forging a fake public key or even TAKING YOUR PRIVATE KEY.

-cloudflare centralizes the internet, creating a single point of failure. If cloudflare goes down, every server routing through them goes down.

-cloudflare does not actually protect against hacking. They can be bypassed using any proxy other than Tor, let alone nation-state botnets of hundreds of millions of compromised systems.

-cloudflare costs money. You are paying for the privilege of giving away your domain, SSL key and server traffic to a third party.

The rational conclusion to the above would be that cloudflare is attempting to consume the entire internet, like cancer.

As cloudflare is a US corporation, which appeared out of nowhere with more bandwidth and better hardware than most ISPs and has rapidly spread across the internet, it is highly likely they are an NSA front designed to completely take over the internet. Use cloudflare or be DDoS'd, that is the definition of a protection racket. Do not let them succeed, if you value the internet.

>>988785

thanks for the info. i will look into it more.

>>988778 (OP)

CF is an NSA op.

Encryption became so good they didn't know what to do. So they allowed the DDoS problem to grow unchecked and then came up with a service to sell you for (((protection))). Now they just "Man In The Middle" everything with CF.

Think about it. Every other site that you go to routes you through cloudflare's servers. Cloudflare now knows all the sites you go to, it's like a google analytics you can't block.

On top of that they MITM https. And they fuck with tor. Any cuckflare site basically gives you the shit choices of not using Tor or doing something (eg. captcha, extension) that defeats the anonymity of Tor.

>>988793

Just asking, how does a captcha defeat anonymity? Are there captchas that require your name that I don't know about? As far as I can tell, it's just a pick the three cars game and then you can move on.

>>988796

>Just asking, how does a captcha defeat anonymity?

Good question. Google-style captcha uses JS and I'm pretty certain it uses mouse/keystroke tracking to attempt to identify users. I can't cite a source for that, but in my opinion they would be crazy not to. The whole premise of the thing is to prove you are a human, and the best way is to find out which human you are.

>>988790

Fuck. I'd believe this.

>they allowed the DDoS problem to grow unchecked

I've seen so many people talk about hacking into insecure IoT devices and patching them to prevent them being added to botnet. Vigilante idea: hack into these devices and brick them. Whatever function they're supposed to perform, disable it. If they have a mic, blast it. DDOS all the other computers on their network. Make the owner's life a living hell, so their only option is to take the device to the manufacturer and demand a refund. The manufacturer would learn pretty quick how to make a secure device. The only problem is that the glows would get you first.

>>988799

>If they have a mic, blast it.

Blast it with education about how these devices will always be hackable. Or else they will just buy the new and improved version

>>988800

You can make an unhackable device. You just need to stop hiring street shitters to do all the coding, and let the devs do serious testing.

>>988797

that's how it works it uses cookies and shit to track you and establish a profile, and records mouse movements and timings now. you used to be able to turn off JS and get a way less gay captcha, haven't tried it recently

>>988796

I never mentioned captcha, but let me spoonfeed you some more.

recaptcha, which sites use now, is loaded directly from jewgle servers so it tells jewgle about your online behavior. It also forces you to enable js which potentially allows more tracking.

Captchas themselves are not inherently bad. You could have a server-side script generate the captcha, which is then displayed as a static image for the user to solve and submit with a simple HTTP POST, no JS or other magic required. Unfortunately this approach went out of style because webdevs are too retarded to make captchas that aren't trivial to solve (I used to write captcha crackers for fun before recaptcha), nobody made a good free server-side captcha that just werks, and normalfags have a retarded fetish for anything jewgle (muh helping digitize books! muh helping train AI!)

However supposedly anonymous sites that give you "captcha vouchers" like 8ch are saving a cookie, which means they potentially assign a pseudonym and track you anyway, but this doesn't really matter since it's trivial for the server to track everything you do captcha or not.

>>988821

i mean you can just use 1 captcha/cookie per post

>>988799

Wouldn't matter unless you can hack millions of new devices every week. You're better off botnetting them and installing miners, then using the proceeds to run a public education campaign. But there are already tons of people trying to make miner swarms.

Normies don't give a fuck about their IoT shit. People will put ip cams in their bedroom and leave it with the default credentials. They're retarded. If you hack their device they'll just throw it out and buy a new one, call it a day. Maybe install Norton Web-Protection(R) 2019 edition. They are beyond hope.

>>988823

>They are beyond hope.

THIS

THIS

THIS

THIS

THIS

People who think any of this can be fixed are fucking delusional. Normies can not and WILL NEVER be saved. Period. CF kikes won, end of story.

>>988790

>>988799

Now that this has come to light, there is nothing we can fucking do to stop it. The NSA fucking won.

>>988785

>Do not let them succeed, if you value the internet.

If you have seen recent trends, you'll realize that it's too fucking late. Everyone can agree that they won, and the internet will become centralized forever.

It's fucking over. We literally can't fight (((them))) anymore.

>>988832

http://magaimg.net/img/6i7y.jpg

>>988839

>he doesn't know how to embed images to posts

Peak newfaggotry.

What's up with the blackpilling in /tech/?

Technology is not yet lost!

Do not believe their lies!

>>988842

>what is tor

>>988842

[tor users can't post images]

>>988823

You might not get all devices, but if someone created some standard software for the job, people could run it on their machines like SETI@home. Once you have devices, they can target more, so your network grows logistically. More importantly, just a couple high profile cases could create large public awareness

>IoT camera takes pictures of you changing

>sends them to you with creepy captions ("you're so pretty")

>posts them on the internet

>sends them to your boss from your email address

You could make national news with this shit. "new technology may be more dangerous than you think" always goes over well with boomers.

>>988845

>what's with all the blackpilling

it's one faggot. report and filter him

>>988845

>What's up with the blackpilling in /tech/?

See >>988823

People are blackpilled for a reason.

>>988827

Can you get me a job at the NSA?

even the people who are saying "blackpill" are samefag. that's not even a thing

>>988846

>>988848

>>988839

Hey Anon!

I would love to see your pic, but it appears that you have linked a website that uses CloudFlare, meaning that I would have to complete A STUPID FUCKING CAPTCHA YOU MENTALLY IMPAIRED ABORTION

>>988912

you can bypass cuckflare by setting your user agent to

Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0

how do you even browse anything if you can't bypass cuckflare?

>>988778 (OP)

This is what is wrong with kikeflare: http://www.crimeflare.com:82/honeypot.html

>>988925

Didn't work for me. Cuckflare isn't retarded, they don't just trust UA. They look at IP also.

>>989010

Actually for tor IP's they let the tor browser through. Which means you need the exact same useragent, platform agent, javascript oscpu, accept headers, appversion agent, canvas fingerprint, and your browser can't broadcast anything unique like chrome's botnet bullshit in the canvas.id. If you can do all that with a browser that isn't modern chrome/firefox 52+ and isn't the tor browser then you can bypass the capcha. But let's face it, at that point you will need to change your default supported fonts to be whatever the tor browser supports too, that way you perfectly replicate the tor browser except for the backdoors and telemetry portion you skip over.

>>989038

Then again, they could just test for the backdoors and telemetry in the future, which you can fake but it would be difficult as it requires writing functions that return whatever cuckfare/nsa expects from the tor browser user.

>>989038

you don't need JS what are you talking about. just compare your headers to that of Tor Browser for a plain GET request and see what's different

It's literary a MitM service, people are buying into.

Cloudflare is a MITM attack that site owners actually pay for, and if you don't pay they will unleash their botnet on your site.

It's a mafia operation.

>>988796

Timing attacks.

>>989085

lol, and for example with a text captcha different people will read it differently.

>>988827

>wanting to save normie

Literally why

>>988832

Why do you accept to be paid to spread bs all day ?

Don't you have something that you would love to work for instead of this ?

As everyone else has mentioned Cloudflare is a MTM attack, they also store cached site data on their servers possibly including cached logged in accounts for the sites that use them.

The most famous case of misuse of caching services was what happened during a DoS attack on Steam on Christmas of 2015:

https://store.steampowered.com/news/19852/

This was because a service similar to Cloudflare (akamai) fucked up and potentially leaked personal data (including credit card data) to Steam users over a few hour period.

>>989057

No you faggot, all of that is with javascript disabled.

If you enable javascript they can check build dates/times against the official tor browser build and also check your audio setup along with a dynamic javascrip OSCPU there is two of them, platform OSCPU for javascript disable and javascript OSCPU for enabled. If you wanted to enable javascript why would you ever do this? you need to block the audio API from ever being accessed for fingerprinting and change the build date/time to match that of the official tor browser along with changing the javascript enabled oscpu. Then you would be replicating the tor browser enough that cloudfare probably can't see its another browser.

>>989119

literally what info about canvas are you sending when you just do a GET?

here's my headers: (using the built in webdev tools in palemoon so it may be slightly inaccurate)

Host: nigger.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

and this is good enough to bypass cuckflare.

>>989130

I'm talking about when using cuckfare behind tor you niggerfaggot. If you don't want to use the tor browser what I described is how you replicate to bypass the cuckfare checks. If you are accessing cuckfare over the clearweb with JS disabled then yea, your changes work.

The canvas API is always able to be accessed when enabled with firefox, palemoon, icecat, seamonkey, tor browser, etc mozilla fork even with javascript off. Just because the page you visted didn't list the information in the GET doesn't mean it didn't transfer, use wireshark to check with a cuckfare page. But the page has to explicitly request the information via whatever method cuckfare is using which isn't javascript. So spoof or disable the API.

>>989158

$ torsocks ncat -C magaimg.net 80
GET /img/6i7y.jpg HTTP/1.1
Host: magaimg.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 200 OK^M
Date: Sun, 21 Oct 2018 02:00:27 GMT^M
Content-Type: image/jpeg^M
Content-Length: 37468^M
Connection: keep-alive^M
Set-Cookie: __cfduid=d4af05162d6f4f6bd6be37c8d65bd3b501540087227; expires=Mon, 21-Oct-19 02:00:27 GMT; path=/;
domain=.magaimg.net; HttpOnly^M
Cf-Bgj: imgq:100^M
Cf-Polished: origSize=38991^M
ETag: "984f-578a01e580db3"^M
Last-Modified: Sat, 20 Oct 2018 02:53:02 GMT^M
CF-Cache-Status: HIT^M
Expires: Mon, 21 Oct 2019 02:00:27 GMT^M
Cache-Control: public, max-age=31536000^M
Accept-Ranges: bytes^M
Vary: Accept-Encoding^M
Server: cloudflare^M
CF-RAY: 46d02145270c97ec-FRA^M
^M
ÿØÿà^@^PJFIF^@^A^A^A^@H^@H^@^@ÿÛ^@C^@^F^D^E^F^E^D^F^F^E^F^G^G^F^H
etc

This isn't fucking hard.

>The canvas API is always able to be accessed when enabled with firefox, palemoon, icecat, seamonkey, tor browser

No it can't.

>even with javascript off

No it fucking can't. Fucking ncat doesn't implement canvas api, and it works fine.

https://addons.mozilla.org/en-US/firefox/addon/bcma/

it blocks and redirects the site that uses cloudflare to internet archive. i gotta whitelist 8chan though since it uses cloudflare as it can be seen by this addon

https://addons.mozilla.org/en-US/firefox/addon/cloudflare-claire

>>989158

>I'm talking about when using cuckfare behind tor you niggerfaggot

s-so am I? im using palememe over tor and i never get the cuckflare captcha page

>If you don't want to use the tor browser what I described is how you replicate to bypass the cuckfare checks.

literally all i had to do is set the user agent to

Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0

and to make embedded images load, in palememe you need to set image.http.accept to */*

>Just because the page you visted didn't list the information in the GET doesn't mean it didn't transfer, use wireshark to check with a cuckfare page.

okay, i ran nc -l -p 80 and connected top 127.0.0.1, and got this:

GET / HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

>The canvas API is always able to be accessed when enabled with firefox, palemoon, icecat, seamonkey, tor browser, etc mozilla fork even with javascript off

literally how? you're doing a single GET without ever having loaded anything from their page. the whole problem about cuckflare's captcha gate is only related to the initial visit

>>989175

> im using palememe over tor and i never get the cuckflare captcha page

Some addons can make that happen. Check your addons m8 some of them can be botnet it happened to me a few months ago.

>>989179

i dont use addons

>>989088

That's not the kind of timing I mean.

>>988832

>If you have seen recent trends

yes, I have seen the recent blackpilling campaign, jew. you arent fooling anyone here.

Pirate bay uses Cloudflare, as do most of the big name sites.

Cloudflare also makes it difficult for Tor users to use their sites.

I don't know much about how they work, but I don't like it.

>>990460

Very soon there will not be a single website that doesn't use CF.

NO ESCAPE

>>990460

I only know this because whenever I visit they have the big cloudflare server error page. Works fine over onion though.

>>990460

uj3wazyk5u4hnvtk.onion

>>990462

>it's that blackpill shill

I figure this poster is actually a bot.

>>990462

>what are authoritarian non-Western countries

So uh, has it ever been explained how the internet ran just fine without cloud 10 years ago? why is this being pushed because of muh ddos?

>>998262

More bandwidth available than before and people don't want to mitigate DDoS attacks on their services themselves, I would assume.

>>990460

torrents are public anyway, sites like this aggregating information about regime critical users and the option to create virtual realities for user by serving them a certain kind of website and censoring them could be an issue. not so much now, but shutting internet discourse down is a top priority since trump happened, and centralized frontends like facebook are not as powerful as they thought before.

>>998262

They started pushing that cloud shit like around 2006 or so. That's also facebook got big, and the nasty web 2.0 shit was rolled-out all over the place. Seems like a push from the top industry bigwigs to take over control of everything. So now you've got this cloudflare and amazon cloud shit that accounts for a large portion of all the corporate servers. And on the individual side the facebook, google, and related social media crap have taken over a lot of what used to be smaller sites and services.

>>998276

Also now they're showing their true colors with all the political bias and censorship, so I think this reinforces the idea that everything was planned to be taken over, when they realized the Internet gave plebs too much freedom.

>>988778 (OP)

>http://www.crimeflare.com/

This is why kikeflare is bad

>>988778 (OP)

>>988969

Can someone explain to me why the crimeflare site uses both port 80 and 82(same situation for both TLDs)? They go to different pages but I don't see why they need to differentiate between "crimeflare.org" and "crimeflare.org:82". What purpose does this serve? Why not just link to the different pages?

>>989084

==THIS== , major DDoS and really most cyber-threats are from nation-states, not script kiddies. Isreal basically DDoS sites they (and their ISPs) lack oversight on and the only solution for these sites is to adopt Cloudflare who are APPARENTLY the only company that is successful at mitigating these attacks.. pure coincidence. It's basically a 'if they won't join you, beat them until they will' kind of situation.

>>998277

>>998276

And (((they))) will win. They always do.

>>998283

>Why not just link to the different pages?

assuming the admin is shit, they could be running different server software. Each server just listens on a different port, rather than needing some fancy reverse proxy to connect them together.

>>998287

>muh nation-states

good job america. really teaching your citizens well.