@wizzwizz4 Feel free to open issues without asking for permission.

@bauglir Cloudflare doesn't know that you're logged in and that your account isn't new.

I've turned off the protection of the search page for now, but I may have to turn it back on if there is abuse, at least until the search feature is modified to be much faster, then it probably won't need this protection anymore.

@bonifartius

@wizzwizz4 @davidak No, phasing out Cloudflare isn't important to our stated mission, which is to facilitate donations. There would be only one benefit if we dropped Cloudflare: it would appease the anti-Cloudflare folks.

You probably can't help unless you have the skills and time to contribute to the Liberapay source code.

@wizzwizz4 @davidak We currently use Cloudflare to block the automated creation of fake accounts through Tor. This is the abuse I was referring to.

@lutindiscret La personne qui paye n'a jamais besoin d'un compte Stripe, elle a juste à fournir son nom et numéro de carte.

Une API permettant de vérifier qu'une personne a payé n'est pas neutre, elle n'est utile que pour fournir quelque chose à cette personne.

@davidak We're aware that some hosting providers can mitigate small DDoS attacks, it doesn't mean that Cloudflare is unnecessary, and it's irrelevant to the issue of providing an onion service that bypasses Cloudflare. (The words “protections against abuse” in my response to @wizzwizz4 didn't refer to DDoS protection.)

@lutindiscret Ce que vous souhaitez est antinomique. Si un paiement permet d'accéder à une chaîne privée ou à toute autre contrepartie, alors ce paiement n'est pas un don, c'est un achat. Liberapay est une plateforme de dons, pas une plateforme de vente.

Si @peertube souhaite permettre aux créateurs d'avoir des chaînes privées, c'est possible en ajoutant la gestion des paiements via Stripe et PayPal dans Peertube.

@agustinh88 It looks like Paypal (one of the backends used by LiberaPay) is working in Argentina, so the answer is likely "yes".

paypal.com/webapps/mpp/country

@wizzwizz4 No, we don't have plans to stop using Cloudflare.

It's possible that someday we'll provide an onion service that bypasses Cloudflare, but first we have to improve our own protections against abuse, and migrate to a hosting provider that charges less for network traffic.

📈 Les dons via Liberapay ont atteint plus de 5000 euros pour la première fois cette semaine, grâce aux 3881 mécènes qui soutiennent 721 créateurs.

liberapay.com/about/stats

📈 Donations through Liberapay have risen to more than €5000 for the first time this week, thanks to the 3881 patrons who are supporting 721 creators.

liberapay.com/about/stats

@el_joa A SEPA transfer isn't simple. You have to go to your bank's website, log in, and input at least an IBAN and the payment amount. That's more complicated than card payments and direct debits.

Moreover, the platform can't automatically confirm that the bank transfer was successful unless it can attribute a different IBAN to each donor, and that's not easy.

@wowaname @icedquinn We use Cloudflare for the three things you mentioned. So far we haven't used any of their paid services.

To replace CF we would need a good anycast hosting provider that doesn't charge its customers for traffic, or at least wouldn't send us a large bill if we were targeted by a DDoS. It probably wouldn't be able to mitigate the largest DDoS attacks like Cloudflare can, but the risk could be acceptable.

@selea @Lofenyy Again: how so? What are you worried Cloudflare will do?

@aktivismoEstasMiaLuo Bullshit. I don't see how you could even argue that banks have a higher level of security than Cloudflare. It's a stupid claim that you could only argue with anecdotal evidence.

For the record, Cloudflare is PCI DSS Level 1 compliant, which means that payment processors are allowed to send card numbers through it.

The Capitol One leak wasn't Amazon's fault, the same thing could have happened if the bank had used another service provider.

@josealberto4444 As previously stated, Cloudflare no longer uses Google's reCAPTCHA, and Tor users who try to access Liberapay usually don't get a CAPTCHA challenge.

@aktivismoEstasMiaLuo If you think banks are a standard of quality, then you're the one who's foolish.

Cloudflare definitely isn't the “web's most notorious privacy & netneutrality abuser”. The fact that you claim this shows once again how biased you are against this specific company.

@aktivismoEstasMiaLuo I'm not aware of CF having ever lied or done anything else that would justify distrusting them as much as you do.

Your repeated claim that it's particularly dangerous to use CF for financial services doesn't make much sense. They're obviously not going to steal money from people, so I don't know what you're worried about.

If using CF is “reckless”, then every significant platform similar to ours is reckless, including Patreon and Open Collective.

Show more
Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!