There is a new twist to our
Cloudflare problem:
That’s the message which will be seen when security-conscious users try to visit the Bitcoin Forum whilst using a new
anti-MITM Firefox add-on by “cypherpunks”. (It also works on Tor Browser—as you can see.) A whitelist function is available. I will henceforth be surfing with that; based on what he’s said, theymos may appreciate the suggestion to do likewise.
I noticed that theymos’ well-said complaint about Cloudflare is quoted in the sidebar of the extension’s homepage. Hmmm.
The Internet is seriously flawed if everyone needs to huddle behind these huge centralized anti-DDoS companies in order to survive...
See also
Tor Bug #18361,
Tor Browser Bug #24351 (reported by me),
Debian Bug #831835,
Firefox Focus (mobile) Issue #1743,
Mozilla Bug #1426618, and likely others. People are beginning to wake up and realize exactly this:
[...] a man-in-the-middle in your HTTPS [...]
I especially dislike Cloudflare, which I'm almost certain is basically owned by US intelligence agencies. [...]
The security implications are that Cloudflare can read everything you send to or receive from the server, including your cleartext password and any PMs you send or look at.
