BitcoinFX (OP)
Legendary
Offline
Activity: 2646
Merit: 1722
https://youtu.be/DsAVx0u9Cw4 ... Dr. WHO < KLF
|
|
April 25, 2016, 02:50:40 PM |
|
The Trouble with Tor - https://blog.cloudflare.com/the-trouble-with-tor/The Trouble with Cloudflare - https://blog.torproject.org/blog/trouble-cloudflare/ - #DontBlockTor" Posted March 31st, 2016 by mikeperry in abuse access cloudflare privacy security
Wednesday, CloudFlare blogged that 94% of the requests it sees from Tor are "malicious." We find that unlikely, and we've asked CloudFlare to provide justification to back up this claim. We suspect this figure is based on a flawed methodology by which CloudFlare labels all traffic from an IP address that has ever sent spam as "malicious." Tor IP addresses are conduits for millions of people who are then blocked from reaching websites under CloudFlare's system.
We're interested in hearing CloudFlare's explanation of how they arrived at the 94% figure and why they choose to block so much legitimate Tor traffic. While we wait to hear from CloudFlare, here's what we know:
1) CloudFlare uses an IP reputation system to assign scores to IP addresses that generate malicious traffic. In their blog post, they mentioned obtaining data from Project Honey Pot, in addition to their own systems. Project Honey Pot has an IP reputation system that causes IP addresses to be labeled as "malicious" if they ever send spam to a select set of diagnostic machines that are not normally in use. CloudFlare has not described the nature of the IP reputation systems they use in any detail.
2) External research has found that CloudFlare blocks at least 80% of Tor IP addresses, and this number has been steadily increasing over time.
3) That same study found that it typically took 30 days for an event to happen that caused a Tor IP address to acquire a bad reputation and become blocked, but once it happens, innocent users continued to be punished for it for the duration of the study.
4) That study also showed a disturbing increase over time in how many IP addresses CloudFlare blocked without removal. CloudFlare's approach to blocking abusive traffic is incurring a large amount of false positives in the form of impeding normal traffic, thereby damaging the experience of many innocent Tor and non-Tor Internet users, as well as impacting the revenue streams of CloudFlare's own customers by causing frustrated or blocked users to go elsewhere.
5) A report by CloudFlare competitor Akamai found that the percentage of legitimate e-commerce traffic originating from Tor IP addresses is nearly identical to that originating from the Internet at large. (Specifically, Akamai found that the "conversion rate" of Tor IP addresses clicking on ads and performing commercial activity was "virtually equal" to that of non-Tor IP addresses).
CloudFlare disagrees with our use of the word "block" when describing its treatment of Tor traffic, but that's exactly what their system ultimately does in many cases. Users are either blocked outright with CAPTCHA server failure messages, or prevented from reaching websites with a long (and sometimes endless) loop of CAPTCHAs, many of which require the user to understand English in order to solve correctly. For users in developing nations who pay for Internet service by the minute, the problem is even worse as the CAPTCHAs load slowly and users may have to solve dozens each day with no guarantee of reaching a particular site. Rather than waste their limited Internet time, such users will either navigate away, or choose not to use Tor and put themselves at risk.
Also see our new fact sheet about CloudFlare and Tor: https://people.torproject.org/~lunar/20160331-CloudFlare_Fact_Sheet.pdf "
|
|
|
|
Wilikon
Legendary
Offline
Activity: 1176
Merit: 1001
minds.com/Wilikon
|
|
April 25, 2016, 03:01:14 PM |
|
The Trouble with Tor - https://blog.cloudflare.com/the-trouble-with-tor/The Trouble with Cloudflare - https://blog.torproject.org/blog/trouble-cloudflare/ - #DontBlockTor" Posted March 31st, 2016 by mikeperry in abuse access cloudflare privacy security
Wednesday, CloudFlare blogged that 94% of the requests it sees from Tor are "malicious." We find that unlikely, and we've asked CloudFlare to provide justification to back up this claim. We suspect this figure is based on a flawed methodology by which CloudFlare labels all traffic from an IP address that has ever sent spam as "malicious." Tor IP addresses are conduits for millions of people who are then blocked from reaching websites under CloudFlare's system.
We're interested in hearing CloudFlare's explanation of how they arrived at the 94% figure and why they choose to block so much legitimate Tor traffic. While we wait to hear from CloudFlare, here's what we know:
1) CloudFlare uses an IP reputation system to assign scores to IP addresses that generate malicious traffic. In their blog post, they mentioned obtaining data from Project Honey Pot, in addition to their own systems. Project Honey Pot has an IP reputation system that causes IP addresses to be labeled as "malicious" if they ever send spam to a select set of diagnostic machines that are not normally in use. CloudFlare has not described the nature of the IP reputation systems they use in any detail.
2) External research has found that CloudFlare blocks at least 80% of Tor IP addresses, and this number has been steadily increasing over time.
3) That same study found that it typically took 30 days for an event to happen that caused a Tor IP address to acquire a bad reputation and become blocked, but once it happens, innocent users continued to be punished for it for the duration of the study.
4) That study also showed a disturbing increase over time in how many IP addresses CloudFlare blocked without removal. CloudFlare's approach to blocking abusive traffic is incurring a large amount of false positives in the form of impeding normal traffic, thereby damaging the experience of many innocent Tor and non-Tor Internet users, as well as impacting the revenue streams of CloudFlare's own customers by causing frustrated or blocked users to go elsewhere.
5) A report by CloudFlare competitor Akamai found that the percentage of legitimate e-commerce traffic originating from Tor IP addresses is nearly identical to that originating from the Internet at large. (Specifically, Akamai found that the "conversion rate" of Tor IP addresses clicking on ads and performing commercial activity was "virtually equal" to that of non-Tor IP addresses).
CloudFlare disagrees with our use of the word "block" when describing its treatment of Tor traffic, but that's exactly what their system ultimately does in many cases. Users are either blocked outright with CAPTCHA server failure messages, or prevented from reaching websites with a long (and sometimes endless) loop of CAPTCHAs, many of which require the user to understand English in order to solve correctly. For users in developing nations who pay for Internet service by the minute, the problem is even worse as the CAPTCHAs load slowly and users may have to solve dozens each day with no guarantee of reaching a particular site. Rather than waste their limited Internet time, such users will either navigate away, or choose not to use Tor and put themselves at risk.
Also see our new fact sheet about CloudFlare and Tor: https://people.torproject.org/~lunar/20160331-CloudFlare_Fact_Sheet.pdf " An opportunity to create another solution, away from cloudflare.
|
|
|
|
BitcoinFX (OP)
Legendary
Offline
Activity: 2646
Merit: 1722
https://youtu.be/DsAVx0u9Cw4 ... Dr. WHO < KLF
|
|
April 25, 2016, 03:19:06 PM Last edit: April 25, 2016, 03:37:09 PM by BitcoinFX |
|
An opportunity to create another solution, away from cloudflare.
Indeed. As a Tor Browser user, Tor relay exit node operator and as someone who has used Cloudflare to 'secure' websites in the past - I now personally refuse to use Cloudflare and will also actively look to avoid websites that are 'protected' by Cloudflare. Cloudflare is a 'black-box' (closed source) technology that is effectively performing a MITM censorship 'attack' against regular internet users. Any webmaster using Cloudflare is in fact centralizing the internet. ~ I don't think that any Bitcoin users need to be told why centralization is certainly not a good thing. #DontBlockTor
|
|
|
|
BitcoinFX (OP)
Legendary
Offline
Activity: 2646
Merit: 1722
https://youtu.be/DsAVx0u9Cw4 ... Dr. WHO < KLF
|
|
April 25, 2016, 03:28:21 PM |
|
- Source: https://wikipedia.org/wiki/CloudFlare" ... Controversies
CloudFlare was ranked in the 7th rank among the top 50 Bad Hosts by Host Exploit. The service has been used by Rescator, a website that sells payment card data.
Two of ISIS' top three online chat forums are guarded by CloudFlare but U.S. law enforcement has not asked them to discontinue the service.
An October 2015 report found that CloudFlare provisioned 40% of SSL certificates used by phishing sites with deceptive domain names resembling those of banks and payment processors.
On November 2015, Anonymous discouraged the use of CloudFlare's services, following the ISIS attacks in Paris and renewed accusation of providing help to terrorists. CloudFlare responded by calling their accusers "15-year-old kids in Guy Fawkes masks" and saying that they consult "actual anti-terrorism experts" and that they "abide by the law". "
|
|
|
|
TECSHARE
In memoriam
Legendary
Offline
Activity: 3318
Merit: 2008
First Exclusion Ever
|
|
April 26, 2016, 06:02:09 PM |
|
I am also not a big fan of the fact that the captcha service Cloudflare forces you to use when it is blocking IPs for VPN's is Goggle based, kind of defeating the purpose of having a VPN to begin with by forcing you to use Google products that track you everywhere you go.
|
|
|
|
Krayshock
Member
Offline
Activity: 84
Merit: 10
|
|
April 27, 2016, 10:51:14 PM |
|
I am also not a big fan of the fact that the captcha service Cloudflare forces you to use when it is blocking IPs for VPN's is Goggle based, kind of defeating the purpose of having a VPN to begin with by forcing you to use Google products that track you everywhere you go.
Damn, that's an absurd way of Google making some money lmao I guess Tor needs to go with a different solution then
|
|
|
|
BitcoinFX (OP)
Legendary
Offline
Activity: 2646
Merit: 1722
https://youtu.be/DsAVx0u9Cw4 ... Dr. WHO < KLF
|
|
April 27, 2016, 11:23:47 PM |
|
I am also not a big fan of the fact that the captcha service Cloudflare forces you to use when it is blocking IPs for VPN's is Goggle based, kind of defeating the purpose of having a VPN to begin with by forcing you to use Google products that track you everywhere you go.
Damn, that's an absurd way of Google making some money lmao I guess Tor needs to go with a different solution then Tor is not using Cloudflare! Cloudflare is a website 'protection' company used by webmasters to supposedly help in preventing 'abuse' issues against websites. Cloudflare has increasingly started 'screening' Tor Exit node / VPN traffic (using captchas by google), and incorrectly assuming that a few 'bad' actions from a single IP address = all traffic from said IP address being 'bad', by default. This is deeply flawed and simplistic methodology, as thousands of individuals can potentially be using a single IP address at any one time. Cloudflare has blogged that 94% of the requests it sees from Tor are "malicious." - which is highly unlikely indeed. Quite simply any website currently using Cloudflare is most certainly annoying its regular visitors and at worst blocking them outright or censoring them completely.
|
|
|
|
alyssa85
Legendary
Offline
Activity: 1652
Merit: 1088
CryptoTalk.Org - Get Paid for every Post!
|
|
April 28, 2016, 12:19:38 AM |
|
If bad actors hadn't ruined things for everyone by DDOSing sites, sites wouldn't be using CloudFlare. P.s. Project Honey Pot is usually pretty reliable and finds IP addresses that usually try to repeatedly log into sites via bots, using different password combinations. So it is understandable that CloudFlare uses that service. Project Honey Pot is online and you can check if the IP you are using is clean or not: https://www.projecthoneypot.org/search_ip.php
|
|
|
|
BitcoinFX (OP)
Legendary
Offline
Activity: 2646
Merit: 1722
https://youtu.be/DsAVx0u9Cw4 ... Dr. WHO < KLF
|
|
April 28, 2016, 10:17:43 AM |
|
If bad actors hadn't ruined things for everyone by DDOSing sites, sites wouldn't be using CloudFlare. P.s. Project Honey Pot is usually pretty reliable and finds IP addresses that usually try to repeatedly log into sites via bots, using different password combinations. So it is understandable that CloudFlare uses that service. Project Honey Pot is online and you can check if the IP you are using is clean or not: https://www.projecthoneypot.org/search_ip.phpI fully recognize that malicious activity and 'hacking' attempts against websites are a real and everyday occurrence. Project Honey Pot is a very useful data resource in this regard, to protect against forum SPAM and other known nasties. The CEO & Co-Founder of Cloudflare, Inc. is also the Co-Creator of Project Honey Pot - https://www.linkedin.com/in/mprinceIt is to my understanding that Cloudflare was established / accelerated when various three letter agencies leveraged just how 'valuable' the Project Honey Pot was to them. ... Most websites do not suffer DDoS attacks, do not have databases or login areas to be 'hacked', or comment sections or forums to be harvested or spammed and yet they continue to enable cloudflare - blocking regular internet users who most likely just want to read web pages. - https://www.projecthoneypot.org/harvester_useragents.php- https://www.projecthoneypot.org/comment_spammer_useragents.php- https://www.projecthoneypot.org/robot_useragents.phpMost problematic useragents / bots and 'abuse' issues can actually be filtered out by using a good Anti-SPAM script, such as Bad-Behavior (without using a Project Honey Pot API key or enabling Cloudflare); - http://bad-behavior.ioerror.us/about/Basic DDoS protection can be achieved by using Fali2ban or Mod Security instead; - https://modsecurity.org/- http://www.fail2ban.org/wiki/index.php/Main_Page#DontBlockTor
|
|
|
|
alyssa85
Legendary
Offline
Activity: 1652
Merit: 1088
CryptoTalk.Org - Get Paid for every Post!
|
|
April 28, 2016, 01:11:44 PM |
|
Most websites do not suffer DDoS attacks, do not have databases or login areas to be 'hacked', or comment sections or forums to be harvested or spammed and yet they continue to enable cloudflare - blocking regular internet users who most likely just want to read web pages.
Actually, every single website that uses the content management system Wordpress, suffers daily attempts to log into the site and inject malware. You might not see the log in link on the website - but because all Wordpress CMS is accessed online, with a standard log in url, it's vulnerable to bots attacking it trying to log in. And about 90% of sites online use wordpress - you might not realise it, because most remove the badge at the bottom in an attempt to evade the hackers, but that is the case.
|
|
|
|
BitcoinFX (OP)
Legendary
Offline
Activity: 2646
Merit: 1722
https://youtu.be/DsAVx0u9Cw4 ... Dr. WHO < KLF
|
|
May 20, 2016, 12:04:55 AM |
|
Most websites do not suffer DDoS attacks, do not have databases or login areas to be 'hacked', or comment sections or forums to be harvested or spammed and yet they continue to enable cloudflare - blocking regular internet users who most likely just want to read web pages.
Actually, every single website that uses the content management system Wordpress, suffers daily attempts to log into the site and inject malware. You might not see the log in link on the website - but because all Wordpress CMS is accessed online, with a standard log in url, it's vulnerable to bots attacking it trying to log in. And about 90% of sites online use wordpress - you might not realise it, because most remove the badge at the bottom in an attempt to evade the hackers, but that is the case. I'm aware of this, however, only utilizing centralized services is certainly not the best or only way to do web security.
|
|
|
|
BitcoinFX (OP)
Legendary
Offline
Activity: 2646
Merit: 1722
https://youtu.be/DsAVx0u9Cw4 ... Dr. WHO < KLF
|
|
May 20, 2016, 12:24:02 AM |
|
This is potentially a browser fingerprinting issue and is worse than it appears. Even with the TBB > Privacy and Security Settings... on High - the following about:config fingerprinting issues exist; clipboard.autocopy ; true ( false) - http://kb.mozillazine.org/Clipboard.autocopydom.event.clipboardevents.enabled ; true ( false) - https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/Preference_reference/dom.event.clipboardevents.enabled"dom.event.clipboardevents.enabled lets websites get notifications if the user copies, pastes, or cuts something from a web page, and it lets them know which part of the page had been selected. The emitting of the oncopy, oncut and onpaste events are controlled by this preference."... Cloudflare (Google) Captcha Quote; Copy this code and paste it in the empty box below
This code is valid for 2 minutes... It's not only what one copies, but also how one copies it !?! - SWIMTBB Firefox about:config settings that have potentially serious privacy implications - https://bitcointalk.org/index.php?topic=331077.msg10804048#msg10804048
|
|
|
|
|