using Tor shows how much sites are hidden behind Cloudflare. Yesterdays DNS problem of them showed even more of this privacy problem.

With the EU making it clear that data transfer to US is not allowed this opens the question if transparent proxying traffic through Cloudflare is illegal now too. Especially where this opens MITM data collecting.

IMHO sites behind Cloudflare should be blocked making them learn that privacy is valued.

Assume based on GDPR it should be illegal. It is sent to Cloudflare on the first request, so no possibility to ask the visitor in advance. Cloudflare will probably not be able to guaranty that data stay within EU. Even if i t is critical because of the MiTM data collection possibility without user consens.


True, but you could say that for each and every router that every IP packet from EU traverses. I think the assumption is privacy of data at rest, not data in motion.

the router has no, or only illegal hack MITM possibility. furthermore the router is visible in traceroute. CF tells the browser they are the site you want to visit but using Tor it looks like its kind transparent proxy in front of the real site.


Good point, but as long as it's a TLS encrypted session, we shouldn't care about the proxying...unless they are doing TLS-interception, then all bets are off. 😉

if using Tor one sees the message, captcha and you are still on the visited domain. will go deeper into this to see how it works.

but to add. it is ok to create service and trying to do business. especially where they look like a US company and for US customers it should be legal. it is a thing of the web site operators to send their user data to 3rd parties without asking the users/visitors. is mainly a problem of people trying to delegate their responsibility to others while ignoring the privacy of their user/visitors. happens too if you add - 1/2

fonts, js, css, whatever from 3rd party sites. it will be interesting to see what this EU decision brings up. @ScottMortimer - 2/2


It sure will. Cloud services have moved so fast that legal frameworks are years behind in their attempts to control technology, and that's without the complications of world-wide national jurisdictions! Interesting times ahead.

@kmj I did not understand what Cloudflare has to do with onion sites. The issue was in DNS as Cloudflare reported and Tor hidden services do not use public DNS, so shouldn't be affected.

@cypherpunk Tor shows you who is behind Cloudflare, at least mostly. Because they present the captcha. Without Tor you do not really see who is sending your data to 3rd party because its kinda transparent.

Melde dich an, um an der Konversation teilzuhaben

Mastodon ist ein soziales Netzwerk. Es basiert auf offenen Web-Protokollen und freier, quelloffener Software. Es ist dezentral (so wie E-Mail!).