>"Cloudflare's roots go back to 2004 when Mr Prince and Cloudflare co-founder Lee Holloway were working on a computer industry project they called Honey Pot.
>The idea was that people with websites signed up for free, to install software which then tracked people who sent unsolicited emails."
Cloudflare has become much worse over the last 3 years due to increased adoption and default deployments by government services like congress.gov and institutions like science.org. These websites have been effectively blocked for millions of people in a multi-year on-going denial of service by cloudflare. I can't run the required bleeding edge spyware javascript so I don't get to access my own government's sites.
> Cloudflare has become much worse over the last 3 years due to increased adoption and default deployments by government services like congress.gov and institutions like science.org.
> These websites have been effectively blocked for millions of people in a multi-year on-going denial of service by cloudflare.
This is a great way to frame the issue. This is a DoS. But, it is a DoS against the client. And, the operators of sites that choose to front with cloudflare et al, given the choice of DoS against their servers or flipping the bird to a portion of their users, have chosen to make their own lives easier.
It is not just Cloudflare, though. My credit union uses Akamai who for a period of several months would terminate my connection during the TLS handshake, if I tried to connect from a connection tethered to my phone (cloudflare hates tethering/CGNAT too; cloudflare kept me from accessing my health dept's website during the pandemic from a tethered connection [my only Internet access at home]).
I exclusively only touch the internet through Tor or one of a small set of privacy VPNs. Cloudflare drives me crazy over Tor because my preference is to run 'Safer' mode: that web assembly is disabled and javascript is less accelerated. That causes verification loops for cloudflare, and lawyer offices all seem to use the same canned hosting template. I think CF is doing this because it may allow them to grope the device better if webassembly is enabled.
All that's needed is a minimum of 36 independent boolean values to identify you in the global population. 72 is more than enough to gain high confidence in birthday attack problems at 36 bits. How many hardware-unique bits can be siphoned with web assembly and javascript?
>"Cloudflare's roots go back to 2004 when Mr Prince and Cloudflare co-founder Lee Holloway were working on a computer industry project they called Honey Pot.
>The idea was that people with websites signed up for free, to install software which then tracked people who sent unsolicited emails."
Cloudflare has become much worse over the last 3 years due to increased adoption and default deployments by government services like congress.gov and institutions like science.org. These websites have been effectively blocked for millions of people in a multi-year on-going denial of service by cloudflare. I can't run the required bleeding edge spyware javascript so I don't get to access my own government's sites.