Even ignoring the privacy issues, Lemmy is really lightweight and can deal with the load just fine. We just had to make some adjustments in the nginx config.
It gets all the data that is sent between the user and the server in plaintext. So they can easily track everything and even sell the data (in theory). Not to mention that they block Tor users.
Try browsing the web using Tor or a VPN. You will spend the day doing Google recaptchas for like 90% of the websites you visit, I guarantee it. All thanks to Cloudflare. Recaptchas are also an issue in itself, because what solving recaptchas does is it teaches Google’s AI to better perform at image recognition without the user’s consent, but this is never pointed out to the user. Users are basically doing Google’s work for them without even knowing it.
Then there was the whole Cloudbleed fiasco. Private messages, credit card info, passwords, etc. All kinds of stuff was leaked online, which was not a good look.
Then there’s their uptime. It’s not great. How many times have you seen this image? Your PC’s fine, the website you’re trying to reach is fine, but Cloudflare is down. Thus, no website for you.
I’m sure there’s more, this is just off the top of my head. If Cloudflare is the answer, I’d rather have the problem, honestly.
Yes, in the Cloudflare dashboard you can either make a Firewall setting to “Allow” access to 0.0.0.0/0 or you can set your security options to “Essentially Off”… or both
I’ve just tried it against my site and haven’t seen a captcha prompt
I believe no one ever bothers to configure these which is why Tor users run into so much trouble with captchas on CF sites
I’m sure theres a difference between the security setting “Essentially Off” and “Off” (which is reserved for enterprise customers only). It could possibly mean that there are still some ip ranges or ASNs which are still forced to have a captcha displayed to them with the “Essentially Off” setting, but I haven’t encountered any.
Also I may have been mistaken about the Firewall 0.0.0.0/0 setting, it seems that Cloudflare’s “security level” is its own version of Firewall rules that apply even before the customer’s rules. So, for example if I set my site’s security setting to “I’m under attack” then I will be displayed with a javascript challenge even if I have the Allow all from 0.0.0.0/0 firewall rule enabled
yeah, as u/onlooker pointed out, it’s very hostile against Tor users, though it became slightly less problematic after CF switched from recaptcha. There’s also a ton of ethical and security problems. I was trying to find a github gist that summarized and elaborated on it nicely, but it appears i’ve lost it.
If anyone can find it, please link to it.
not the one that i originally meant, but here’s another one, suggested by u/ajz
it’s very hostile against Tor users, though it became slightly less problematic after CF switched from recaptcha
I guess the pragmatic option is to provide a tor-hosted service for them. I imagine it is also protected against DoS-attacks, or if not, then it only impacts tor users.
Wouldn’t it be a good idea to put the whole site behind Cloudflare?
Even ignoring the privacy issues, Lemmy is really lightweight and can deal with the load just fine. We just had to make some adjustments in the nginx config.
What issues are there with Cloudflare?
It gets all the data that is sent between the user and the server in plaintext. So they can easily track everything and even sell the data (in theory). Not to mention that they block Tor users.
oh, damn. i’ll find ways to avoid Cloudflare services then.
deleted by creator
deleted by creator
deleted by creator
deleted by creator
that would be a horrible idea (i’m hoping it’s just a weirdly framed joke…)
Why is it a horrible idea?
Try browsing the web using Tor or a VPN. You will spend the day doing Google recaptchas for like 90% of the websites you visit, I guarantee it. All thanks to Cloudflare. Recaptchas are also an issue in itself, because what solving recaptchas does is it teaches Google’s AI to better perform at image recognition without the user’s consent, but this is never pointed out to the user. Users are basically doing Google’s work for them without even knowing it.
Then there was the whole Cloudbleed fiasco. Private messages, credit card info, passwords, etc. All kinds of stuff was leaked online, which was not a good look.
Then there’s their uptime. It’s not great. How many times have you seen this image? Your PC’s fine, the website you’re trying to reach is fine, but Cloudflare is down. Thus, no website for you.
I’m sure there’s more, this is just off the top of my head. If Cloudflare is the answer, I’d rather have the problem, honestly.
Hum I did not know that the captchas were because of Cloudflare!
deleted by creator
Yes, in the Cloudflare dashboard you can either make a Firewall setting to “Allow” access to 0.0.0.0/0 or you can set your security options to “Essentially Off”… or both
I’ve just tried it against my site and haven’t seen a captcha prompt
I believe no one ever bothers to configure these which is why Tor users run into so much trouble with captchas on CF sites
deleted by creator
I’m sure theres a difference between the security setting “Essentially Off” and “Off” (which is reserved for enterprise customers only). It could possibly mean that there are still some ip ranges or ASNs which are still forced to have a captcha displayed to them with the “Essentially Off” setting, but I haven’t encountered any.
Also I may have been mistaken about the Firewall 0.0.0.0/0 setting, it seems that Cloudflare’s “security level” is its own version of Firewall rules that apply even before the customer’s rules. So, for example if I set my site’s security setting to “I’m under attack” then I will be displayed with a javascript challenge even if I have the Allow all from 0.0.0.0/0 firewall rule enabled
yeah, as u/onlooker pointed out, it’s very hostile against Tor users, though it became slightly less problematic after CF switched from recaptcha. There’s also a ton of ethical and security problems. I was trying to find a github gist that summarized and elaborated on it nicely, but it appears i’ve lost it.
If anyone can find it, please link to it.not the one that i originally meant, but here’s another one, suggested by u/ajz
I guess the pragmatic option is to provide a tor-hosted service for them. I imagine it is also protected against DoS-attacks, or if not, then it only impacts tor users.
deleted by creator
That “codeberg” repository reads similar to a 5G conspiracy theorist blog
yeah, it’s written in a somewhat weird style, but most of the stuff mentioned there you can literally verify yourself…