Great news!
#lemmy is receiving a grant by the NLnet.
Read their announcement: dev.lemmy.ml/post/35293

Also, consider donating so that the momentum doesn't stop once the grant money is spent.
Liberapay: liberapay.com/Lemmy/
Patreon: patreon.com/dessalines

#foss #opensource #reddit #fediverse #prismo

@Niquarl both #Liberapay & #patreon are #privacy-abusing #CloudFlare sites. And worse, CF is a centralized #netneutrality abuser which undermines the decentralization #Lemmy hopes to achieve. I would not donate until they move off @Liberapay & Patreon.

@aktivismoEstasMiaLuo Please stop spamming us and our users with unsubstantiated accusations against Cloudflare. It's annoying and you're not convincing anyone.

@Niquarl

@aktivismoEstasMiaLuo Your first link confirms that your claims aren't substantiated: “This is not, of course, evidence or proof.”

Your other links aren't any better. Two of them are from 2016 and are at least partially obsolete.

@Niquarl

@Liberapay @Niquarl I never made the claim that the US gov. has #CloudFlare's view of the data, so I have no need to substantiate the US role. My claim that CF centralizes the web is well-substantiated in those articles. What does CF do differently after 2016 that you believe supports decentralization & #netneutrality?

Follow

@aktivismoEstasMiaLuo You claimed that CF violates privacy, but you haven't provided any evidence that they're collecting and sharing private data.

Net neutrality isn't very relevant since CF isn't a consumer ISP. You haven't explained how CF “works against” net neutrality.

Complaining that CF “centralizes” the web is basically the same as complaining that they're doing their job too well and have too many customers.

@Niquarl

· · Web · 4 · 1 · 2

@Liberapay @Niquarl CloudFlare attacks #Tor users. Attacks on Tor users are an attack on #privacy. This constrains the Tor userbase. CloudFlare is also a MitM who charges no fee to a vast majority of its users-- this is how surveillance capitalism works. Millions of accounts were compromised in #CloudBleed, an artifact of lg.scale centralisation coupled w/a MitM.

@Niquarl @Liberapay #CloudFlare also pushes #Google reCAPTCHA, from which further privacy abuse arises. From CF's mistreatment of #Tor users there is access inequality, attacking the single most important principle of #netneutrality.

@Liberapay @Niquarl It makes no difference to me if CF "does their job well" as they've defined it. It matters what they do. And obviously collateral damage to legit users is no part of any measure that stands behind a claim that CF "does their job well".

@aktivismoEstasMiaLuo You seem to have completely missed the point of what I was saying. Any hosting provider with a significant market share “centralizes” the web. Accusing a company of centralizing the web is accusing it of being too good at attracting and retaining clients. What are they supposed to do? Sabotage themselves?

@Liberapay That's not my problem. If they can't figure out how to secure the web in a decentralized manner, then they can't figure out how to be compatible with the free world. At a minimum they could have designed their system so different 3rd parties are in control of the data centers that compose their network.

What *is* my job, as an activist, is to identify & fight problems like CloudFlare. You seem to imply that corps should get sympathy points for something.

@Liberapay If the shop that sells top hats and pocket watches goes out of business b/c ppl realize they no longer want them, the business has no inherent right in existing and carrying forward.

If the ppl evolve to realize they collectively don't want centralization, CF must adapt or die.

@aktivismoEstasMiaLuo CF has in fact announced just yesterday that some of their customers can now control which data centers are used to process requests: blog.cloudflare.com/introducin

It seems to me that your “job” is just wasting people's time. You're not accomplishing anything other than that.

@Liberapay CF still has oversight of those data centers. I'm not sure how you can claim this is "decentralization". You're conflating "distributed" with "decentralized".

@Liberapay
I don't want to be rude by engaging in this conversation, but I'd also love to see Liberapay not using Cloudflare. I use Liberapay and I like it, but I'd like it even more if it didn't use Cloudflare. Putting Tor users behind a Google reCAPTCHA is enough for me.

@josealberto4444 As previously stated, Cloudflare no longer uses Google's reCAPTCHA, and Tor users who try to access Liberapay usually don't get a CAPTCHA challenge.

@aktivismoEstasMiaLuo
On the point of reCAPTCHA, that's no longer the case. CF recently switched to hCaptcha because Google was going to charge them a massive amount as CF's userbase is so large.

I do agree that CF is a huge problem and absolutely no one should be using their services though. Just wanted to point that one thing out 😉
@Liberapay

@amolith @Liberapay i saw the announcement but didn't realise it took effect. I've experienced serious functionality problems with hCAPTCHA (on Gitlab.com). I'm not sure on the direct privacy implications of hCAPTCHA but in my case it served as an outright block, in which case I was either forced off Tor or forced off the site.

@Liberapay @amolith I just now tried to tick the "I am human" box on a #CloudFlare site after enabling a bunch of j/s, and couldn't even get the puzzle. It says "rate limited or network error. please retry"

@aktivismoEstasMiaLuo
I haven't visited a site behind CloudFlare while using Tor yet but I always have to complete a captcha when I'm behind my personal VPN (which is 99% of the time) and I actually find hCaptcha easier to get by than reCAPTCHA. Still doesn't excuse the use of a MITM though
@Liberapay

@amolith @Liberapay I tried again, and it said click on every image that contains a motorcycle. One box showed just the instrument panel of what's likely a motorcycle - should that be clicked? Another image shows a fancy scooter that has a faring that looks similar to a motorcycle. Does that count? As I was deciding, #hCAPTCHA got tired of waiting for me and killed the window.

@Liberapay @amolith next try w/ #hCAPTCHA: "click on images with a train". Some of these images show a subway, which can pass for a train but generally only get called a "train" when above ground.

@aktivismoEstasMiaLuo
I've been going in circles on the GitLab sign in page for the last 10 minutes because they're uNdEr AtTaCk lol
@Liberapay

@aktivismoEstasMiaLuo
It's just ridiculous. If I'm ever in the situation where I have to choose between putting my services behind an untrustworthy third party or shutting down, adios :ablobcatwave:
@Liberapay

@amolith @Liberapay #Gitlab.com also switched from reCAPTCHA to hCAPTCHA, and it was a disaster. They quickly reverted to reCAPTCHA. Now they're back on hCAPTCHA.

@jeffcliff
You're right, it's hCAPTCHA now (Amolith pointed that out). So Google surveillance is out of the picture, but 2 new problems emerge: the hCAPTCHA discriminates more harshly against disabled ppl (no audible test), and hCAPTCHA uses #PayPal (another evil) to pay CF for the user's labor. So the labor of solving the puzzle directly finances the adversary of the laborer.

@Niquarl @Liberapay

@aktivismoEstasMiaLuo Also hcaptcha breaks even more easily than google's captcha. I think it needs 3rd party cookies enabled by default maybe? not tracked it down yet, but I can't ever make them work. The solution? Register as a disabled user (and we swear we don't track that at all honest). @jeffcliff @Niquarl @Liberapay

@Lux
Like with Google, the j/s is cascading. So you enable one 3rd party host, and that one calls another that must be enabled. So you have to change j/s perms and reload the page 4 times. After the 3rd time, it gives a bogus network congestion error, which ppl will believe b/c of all the reloading they did to get there. So some ppl will walk at that point.

@Niquarl @Liberapay @jeffcliff

@aktivismoEstasMiaLuo Maybe, but trust me, I'm quite adept at rolling back js permissions, refreshing without cache and all the other tricks to get the modern internet to work, but hcaptcha has never worked for me. I've just never visited a site with hcaptcha / cloudfare protection. @Niquarl @Liberapay @jeffcliff

@Lux
The option for disabled ppl to reg. to get different puzzles isn't even presented on the captcha page, so most disabled ppl won't even know that's an option. And indeed it's a lousy option; still discriminates against disabled ppl b/c they have to give up privacy to register.

@Niquarl @Liberapay @jeffcliff

@aktivismoEstasMiaLuo CF doesn't attack Tor users. In fact they've repeatedly tried to improve their service for Tor users: blog.cloudflare.com/cloudflare and blog.cloudflare.com/cloudflare

CF also allows website admins to choose whether requests coming through Tor should be challenged or not.

You haven't provided any evidence that CF is involved in surveillance. The fact that a company provides some services for free doesn't prove anything other than this: they're trying to attract new users.

@Liberapay "CF also allows website admins.." It's #CloudFlare's default setting that has put them in a position of abusing #privacy & #netneutrality. If they had a different default setting they would legitimately be able to point the finger to web admins (most of whome have little clue about how CF works or what Tor is)

@Liberapay Also, your positive claim that CF is not looking at the traffic, not using that data, and not allowing the US to snoop is simply naive. Without proof either way, it's ignorant to extend trust to a corporate tech giant particularly when they lie regularly, like Trump. To be a money service that's so cavalier with trust shows how absolutely reckless your operation is.

@aktivismoEstasMiaLuo I'm not aware of CF having ever lied or done anything else that would justify distrusting them as much as you do.

Your repeated claim that it's particularly dangerous to use CF for financial services doesn't make much sense. They're obviously not going to steal money from people, so I don't know what you're worried about.

If using CF is “reckless”, then every significant platform similar to ours is reckless, including Patreon and Open Collective.

@Liberapay I think I've only ever encountered one bank foolish enough to use #CloudFlare.

#Liberapay, #Patreon, & #openCollective all expect donors to set aside ethics and make a charitable donation, one that gives their financial data to web's most notorious #privacy & #netneutrality abuser. Of course it's reckless.

@Liberapay Many projects using #Liberapay, #Patreon, & #openCollective have privacy, decentralization, or netneutrality as their projects mission goal. It's a total hypocrisy that they direct their donors to patronize an adversary of the cause people are donating to support.

@aktivismoEstasMiaLuo If you think banks are a standard of quality, then you're the one who's foolish.

Cloudflare definitely isn't the “web's most notorious privacy & netneutrality abuser”. The fact that you claim this shows once again how biased you are against this specific company.

@Liberapay Banks have a standard level of security. It's not as high as it should be but it's well above #CloudFlare. Too much money is on the line with banks to trust CloudFlare.

Capital One was foolish enough to trust Amazon AWS, and they got stung for it.

@aktivismoEstasMiaLuo Bullshit. I don't see how you could even argue that banks have a higher level of security than Cloudflare. It's a stupid claim that you could only argue with anecdotal evidence.

For the record, Cloudflare is PCI DSS Level 1 compliant, which means that payment processors are allowed to send card numbers through it.

The Capitol One leak wasn't Amazon's fault, the same thing could have happened if the bank had used another service provider.

@Liberapay If banks had been foolish enough to trust CloudFlare, cloudbleed would have been far more costly than it was.

Saying that "it's legal" to send credit card numbers through CF is a very poor standard of security. Legal standards are low. US consumers are protected by regulation E. This means if fraud happens, the consumer isn't responsible. Credit card networks control who they do business with. If a vendor is compromised, the cc network can revoke their contract.

@Liberapay The fact that you don't think Amazon is responsible for their own contractors is profoundly absurd. Of course they're reponsible for who they hire.

@Liberapay You also neglect that credit card numbers don't tie to consumer liquid assets. It's not a wire transfer. That money can be clawed back. Now find a bank where FDIC-insured money rests on CloudFlare's shoulders.

@Liberapay What's quite alarming about a payment service like #Liberapay blindly trusting CloudFlare and simultaneously saying #Amazon wasn't responsible for its own contractor who leaked data, is that Liberapay naturally wouldn't think they have accountability in the event of a breach. IOW, they're hoping to use finger-pointing and offload accountability for their own poor judgement to use CF.

@Liberapay @aktivismoEstasMiaLuo That specific company *is* the world's most notorious threat on net neutrality and privacy. That is exactly how big of a problem they are

@Liberapay @aktivismoEstasMiaLuo Cloudflare is one of the biggest #IPFS Gateways, so one could claim that they do a lot for a decentralized web (aka #Web3).

blog.cloudflare.com/tag/ipfs/

I agree that it is a problem that too many sites use few service. Same with AWS etc. But i don't think Cloudflare is evil. I distrust Microsoft and Google way more.

I accept when @Liberapay has no other option right now than to use Cloudflare. Donating in a single payment is way more important to me.

@davidak @Liberapay #CloudFlare is the single biggest attack on the decentralized web. They could not possibly do enough w/IPFS to undo the collossal harm of centralizing over 10% of the web then abusing that power by dictating how people access the web.

@aktivismoEstasMiaLuo i agree. but that is not because they are evil, but they are just successful in a capitalistic sense. i think they use unfair methods with attracting users through free services and i agree that that is a method of surveillance capitalists. i would not want to depend on them

but when people need their services, we can only provide alternatives and educate them about the problems. i think that's the only way activism is ethical and effective

@davidak #CloudFlare is evil. Let's be clear: the evil is not in business success. The evil is in their lies and deceptions, their surveillance capitalist business model, and their abuse of power in dictating the tools that may users use to protect their privacy. It's an injustice to make excuses for CF & for CF's users.

@davidak A CF user failing to embrace ethics as they erroneously believe they "need" CF is a case of ignorance that needs correction, not sympathy.

@aktivismoEstasMiaLuo then work out an alternative that get accepted. that's how community projects work. it's not a priority for me or Liberapay right now

we know your opinion now. please do something constructive

@aktivismoEstasMiaLuo Unfortunately, even when you're right, harassing @Liberapay is not the way. Have you convinced them to switch to a different service? Not likely. Because you attacked Liberapay as though they intentionally chose to block Tor users.

Instead, show Liberapay how alternative services can provide what Cloudflare does without the same downsides and you may convince them.

@lnxw37a2
My OP was directed at a user of multiple #CloudFlare sites, not @Liberapay. I have very low expectations of CF patrons. Feel free to coach them on alternatives if you think it will succeed.

I'd rather see the public boycott CF sites, and use Ss (the search engine that filters out CF sites). LP is just a prop in this thread- my audience is the ppl.

@Liberapay @aktivismoEstasMiaLuo

> then every significant platform similar to ours is reckless, including Patreon and Open Collective.

Yes, they are. We keep track of such websites at https://codeberg.org/crimeflare/cloudflare-tor
@Liberapay @aktivismoEstasMiaLuo

> I'm not aware of CF having ever lied or done anything else that would justify distrusting them as much as you do.

Other than making a honeypot and getting a substantial portion of the web on it, then blocking me and millions like me from using half the web, and then coming on the support forums for tor and lying through their teeth and then creating services that are architected just so that they can coopt what resistance we had against them and then putting child porn in our support tickets...yeah nothing at all
@Liberapay @aktivismoEstasMiaLuo

> In fact they've repeatedly tried to improve their service for Tor users: https://blog.cloudflare.com/cloudflare-supports-privacy-pass/ and https://blog.cloudflare.com/cloudflare-onion-service/

These are lies. They have repeatedly tried to attack tor users, both coming on the tor bug tracker and in the public press. They have tried to make tor *browser* users unable to see the attack, while continuing to make life difficult for *to* users generally.
@Liberapay @aktivismoEstasMiaLuo
* The CAPTCHAs themselves contain trackers individually identifying users
* as mentioned elsewhere, CF frustrates and deanonymizes tor users, making tor less useful. They also operate tor nodes helping to deanonymize tor users for their 'customer' the US govt
* CF does not even pretend to protect users from mass surveillance. At their scale that means they are cooperating with it.

@Liberapay @aktivismoEstasMiaLuo @Niquarl Just popping in to say that CF is definitely awful in terms of affecting the internet negatively.

I am with @Lofenyy also. The power that we have given to a single provider is quite scary.

@Liberapay

@selea @Lofenyy Again: how so? What are you worried Cloudflare will do?

@Liberapay

It is not necessary what they do, but what could someone with the power do?
What happends if someone else took the decision to do something malicious?
Giving power to one provider is dangerous.

> Complaining that CF “centralizes” the web is basically the same as complaining that they're doing their job too well and have too many customers.

So can that argument be applied to Facebook aswell? Or Patreon?

@Lofenyy

@selea @Liberapay @Lofenyy this applies not only to privacy but also to practicality. cloudflare can and does have periodic widescale outages
Sign in to participate in the conversation
Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!