Drop Cloudflare #223
Comments
Why was this closed and marked "wontfix"? This is a serious issue for the privacy of users. On May 31, 2016 8:50:07 AM EDT, Ed Kellett notifications@github.com wrote:
John M. Harris, Jr. Sent from my Android device. Please excuse my brevity. |
@edk0 To be clear, this is an issue as it is a significant annoyance for Tor users and can make it impossible to use the freenode website without JavaScript. On the ethical side, it's also an issue as it gives control over the website to a third party who is then able to modify the website, deny access to users (which CloudFlare practically does) and collect data about them. |
This is, however, not a website issue that can be fixed on the GitHub. It's also very unlikely to change as Cloudflare provides much needed protection for the website. So the close & wontfix are correct. |
The website is already controlled by several other third parties and we don't have a way to remove cloudflare specifically without giving up https (or freenode.net). Possibly we could mirror the site somewhere that isn't cloudflare'd, and/or disable some of cloudflare's more aggressive protection things; if you think either of those would help, feel free to make an issue and I'll see what staff think. |
CloudFlare doesn't offer any protection, as your server is still easily resolved by services like CrimeFlare. I currently use CrimeFlare's database to map freenode.net to the IP they show for freenode, but this isn't an option for many others. On June 1, 2016 4:05:40 AM EDT, Dr Emenculous Paboory notifications@github.com wrote:
John M. Harris, Jr. Sent from my Android device. Please excuse my brevity. |
It would be trivial to support https using a Let's Encrypt provided certificate, and CloudFlare is not a domain registrar. There is no chance of losing the domain. On June 1, 2016 7:31:44 AM EDT, Ed Kellett notifications@github.com wrote:
John M. Harris, Jr. Sent from my Android device. Please excuse my brevity. |
You misunderstand. Freenode doesn't host the website; GitHub does, and one effect of that is that we can't have freenode.net and https at the same time. |
@edk0 I don't see any reason that HTTPS is even used here: There is no security as it is. CloudFlare is only giving people access to their servers using TLS, then it connects to |
In addition, the certificate used is not secure nor is it only for freenode. Details on the cert here: http://www.crimeflare.com/cgi-bin/cflist2/7516 |
@JohnMHarrisJr browsers are becoming increasingly prejudiced against HTTP :) also, cloudflare keeps the site online if github goes down (due to maliciousness or just github being github), which we quite like. I'm going to lock this issue now, as I don't see any way for it to become productive. |
Cloudflare is a harmful service, which is actively denying my access to the website. I have to use a VPN to get around their literally impossible captchas.
The text was updated successfully, but these errors were encountered: