1 files changed, 72 insertions, 25 deletions

diff --git a/cloudflare-philosophy.txt b/cloudflare-philosophy.txt
index 3f5a16db..87a3b06e 100644
--- a/cloudflare-philosophy.txt
+++ b/cloudflare-philosophy.txt
@@ -1,16 +1,13 @@
-from the wiki:
+= Productivity and safety through the CloudFlare!
+ 
+= Torblocks Philosophy
 
-Torblocks Philosophy
+1) Have fun!
 
-What is the darknet if not the (parts of the?) net that doesn't like to be accessed?
+2) What is the darknet if not the (parts of the?) net that doesn't like to be accessed?  That would make Cloudflare (and its competitors with similar business practices) and all their customers (ie everyone on this list) part of the dark net.
 
-This is the new pad for all tangents and rants from
-https://pad.okfn.org/p/cloudflare-tor
-https://pad.okfn.org/p/noncloudflare-torblocks
+3) Read this ticket https://trac.torproject.org/projects/tor/ticket/18361
 
-Have fun!
-
-0. Read this ticket https://trac.torproject.org/projects/tor/ticket/18361
 one guy, marek apparently from Clownflare, utters unapologetic remarks that should come as no surprise.
   "I will restrain myself and not comment on the political issues Jacob raised. I'll keep it technical."
   hey, in times of mass surveillance, technology is political. money is political. therefore Clownflare's policy is political. so?
@@ -20,12 +17,12 @@ BTW someone quickly wrote a (unhelpful & biased & not in-depth researched, rathe
 
 There's also the rather amusing fact that Tor trac bugtracker also required CAPTCHAs (which was commented on several times) and the less amusing fact that these came from freakin' Google.
 
-0. Lies, damn lies and statistics
+2.1) Lies, damn lies and statistics
 especially if you make up the "ground truth" to suit your own smear campaign ...
 https://blog.torproject.org/blog/trouble-cloudflare
 Cloudflare is a wilfully malicious actor, there can be no more doubt.
 
-1. Unamed's take on the situation:
+2.2) Unamed's take on the situation:
 
 Praise the awesome wisdom of blocking Tor access to websites!!!
 There must be some advantage. Something? Anything? Some rational explanation?
@@ -72,7 +69,6 @@ B: works for me
 
 You see, it all makes sense.
 
-
 Imagined conversation with clownflare management. Dunno if it's entirely fair: there seem to be some genuinely Tor-friendly tech people on their payroll. Anyway, it reflects my perception of clownflare management not giving a shit (the problem started appearing in 2014). So sue me, corporate dinosaurs.
 A: Care to comment on this Tor captcha business?
 C: We're committed to providing best possible service for our customers.
@@ -97,42 +93,43 @@ B: Has anyone ever successfully DDOS'd anything from within tor? outside of hidd
 tor loud and clear.
 The ticket on Tor trac offers some insight. It seems to be about forum spam (the "threat scores" originate with "Project Honey Pot", which labors under the drastic oversimplifying assumption that maintaining long term IP based address scores is somehow a sensible approach - invalidated by communal exit nodes of all stripes and colors and even carrier-grade NATs, as people have pointed out) port scans (how the hell is that abuse? run a public server and expect a "safe space" no matter how bad your security? seriously it's hard to understand why someone who needs to be protected from port scans wants to run their own domain on their own fucking servers. there's lots of hosters that will expertly & gladly solve these problems in-house), SQL injections (again, responsiblity of the guys who made the website!!!) and so on.
 
-2. The wikimedia way
+3) The wikimedia way
 
 Even as a registered user in good standing, exemption from the Tor block has to be requested through a bureaucratic process (even though Wikipedia is "not a bureaucracy") and will be granted under exceptional circumstances only. I completely fail to see the rationale. this is probably an artefact of  the blocking system they use to bar anonymous vandals from editing  Wikipedia, viz. the unblocking process might be messy to perform, behind  the scenes, I don't know. The upshoot for me as a user is that they regard Tor use as  "exceptional" and not a normal thing. The result is that errors I notice on Wikipedia pages while using TBB go uncorrected. They even block paid vpn servers as "open proxies". Seems like they just do not want help. Because in times of NSA they should expect that clever people hide from spying. Precisely. It's a crying shame, though. Maybe the wikipedia of the future will use gnunet-git/freenet/i2p-lafs based backend. I will never donate to wikimedia again unless they come up with a concept for letting users contribute over Tor and other banned proxy networks (not "exceptionally", but casually) OR hell freezes over. Until then, I don't feel they deserve the money. Dear Jimmy, figure this one out first. There's gotta be a good way. This isn't "security". WORST OF ALL, It doesn't even stop rotten people from manipulating Wikipedia. It's not helpful. OK?
 Has anyone seen the greenstadt(?) talk on the value of anonymous contributions yet?
 
+4) Unfortunately the CAPTCHA they use is [NSA/](https://www.facebookcorewwwi.onion/jeff.cliff/posts/10154477661637909)Google's.  This poses multiple problems.
+For starters, this CAPTCHA does not always work(especially for those with accessability issues), and when it doesn't work there is viritually no way for them to complain.
+
+5) The CAPTCHA's support of languages is very limited, which makes it impossible for those who do not speak whatever default language to access to the content they are looking for. It's also troublesome to the survival of languages worldwide. 
 
-3. clownflare vs. non clownflare (homespun or other 3rd party blocklists e.g. against forum spam which overblock tor)
+6) clownflare vs. non clownflare (homespun or other 3rd party blocklists e.g. against forum spam which overblock tor)
 
   "Overall there seem to be far fewer sites that impede (reading, not posting!) access via Tor  without Cloudflare than with Cloudflare. It is of course still a deeply flawed and misguided (and clueless, as the stupid little messages about  "security reasons" or "viruses" (how cute ...) etc. show) policy, but unlike Cloudflare which has its tendrils everywhere and MITMs large swathes of the web for the NSA, small-scale blocking alone probably wouldn't drive a lot of would-be casual Tor users back into the arms of mass surveillance. Nevertheless it's annoying and site owners should rethink their approach."
 
-3.1 at least we have technical people marginally friendly to tor within cloudfare...whatever company inevitably buys out/replaces cloudfare we're going to be in rougher shape.  What can we do now to save pain later?
+6.1) at least we have technical people marginally friendly to tor within cloudfare...whatever company inevitably buys out/replaces cloudfare we're going to be in rougher shape.  What can we do now to save pain later?
 
 change the architecture of the web ...
 
-4. it's censorship and sabotage, plain and simple
+7) it's censorship and sabotage, plain and simple
 
 (from cloudflare-tor discussion at bottom of pad: once I wrote "Q: Tor blocks amount to (collateral, in -hopefully- rare cases deliberate) censorship (corporate censorship in the Cloudflare case) against users of a network which is amongst other things a censorship circumvention tool. How twisted is that!? I think I'll set up another etherpad for anti-Cloudflare rants (or open pro- contra- debates and fact checking on the role of Cloudflare and their ilk regarding monopolies, surveillance, analytics, censorship, data ownership (just take a passing look at their official policy, you'll see what I mean) and so on) so we can keep this one neutral ... I'm really angry.". now, wanting to substantiate that with an excerpt of their data use terms, was denied request for https://www.cloudflare.com/terms/ . essentially making my other point on my behalf. stupid, stupid corporate dinosaur ...).
 
 nevertheless, the cloudflare captcha walls serve as a nice reminder of their MitM position. if a corporation gets the power to sabotage a sizeable fraction of the web, that's not good.
   
- 4.1 Thinking more about jgrahamc's "We have a simple need: our customers pay us to protect their web sites from DoS" -- which we may as well accept as true, since in practice that is what happens. Given that, and that DDOS is speech[1][2]  it's pretty clear that they are a censorship vendor at least on that level.  Their customers are paying them to "protect" them from their customer's speech.  We can call a spade a spade.
+7.1) Thinking more about jgrahamc's "We have a simple need: our customers pay us to protect their web sites from DoS" -- which we may as well accept as true, since in practice that is what happens. Given that, and that DDOS is speech[6][7]  it's pretty clear that they are a censorship vendor at least on that level.  Their customers are paying them to "protect" them from their customer's speech.  We can call a spade a spade.
 
 Might even call it a sustained DDOS attack on readers, ironically. Distributed? Check. Denial of service? Check.
 
-[1] http://www.theguardian.com/commentisfree/2013/jan/22/paypal-wikileaks-protesters-ddos-free-speech
-[2] https://twitter.com/haq4good/status/703315998523396096
 
-5. Also its a bit rich to have to prove to robots that we're "not robots". Humans should make machines work, not vice versa.
+8) Also its a bit rich to have to prove to robots that we're "not robots". Humans should make machines work, not vice versa.
 fits amazon's actual business model perfectly  
 * Also robots take the test whether we want to or not.  As pointed out in the original thread, User agents end up taking the test for us anyway.  There is no situation where a human is taking the test that Cloudfare actually cares about, it's turtles all the way down 
 if I wanted to run a SPAM outfit, I'd find a way to pay humans to do the captchas if OCR can't solve them with enough success chance - I hear this is commonly done. millions and millions of people accept such jobs for want of better alternatives - or build a piece of malware or web trickery to re-route captchas. there goes their main argument.
 
-6. Given the data is going to Alphabet/Google, aren't we training killer robots (formerly owned by Google/Alphabet) to kill people?
+9) This CAPTCHA trains Google's AI, effectively forcing human beings to train an AI.   That AI was is owned by a company that in the past made robots that are designed to kill people(ie Boston Dynamics was purchased by Google, and that is their intent, however Google sold Boston Dynamics in 2017).  Even though Google may or may not make Asimov-incompatible[2] robots post 2017, Google still can be counted on to be a poor candidate for friendly AI[3]
 
-Formerly Google owned Boston Dynamics which meant that such training was more directly going towards military use.
-While Google/Alphabet no longer owns *that* company they are stilll involved in the US military industrial complex.
+Unfriendly AI[4] is an existential risk[5] to mankind and these CAPTCHAs are making it *more* likely that this risk will actually come to be by training.
 
 The data kraken stops at nothing to collect ever more input to fuel and hone its dangerous fake "artificial intelligence". 
 It is gobbling up our future byte for byte (while claiming to be doing it because it knows best (TM) what's good for everyone). That's a moral yes.
@@ -141,9 +138,59 @@ I don't think that the artificial intelligence need stay fake, if it still even
 
 This is training unfriendly AI, byte by byte Either way, it's extracting labor from humans. One should avoid feeding the data monster[1]. 
 Better still: avoid feeding it *correct* data. 
-Suggest an experiment: let's write and spread a bot that feeds it consistent but wrong classifications. 
-Will that degrade the success rate of bona fide solving attempts? 
 
 Google could yet be made to choke on its own omnivorous virulent data voracity.
 
+10) 
+
+TIP: to access sites that block tor completely, try using a web archiving service like https://archive.org/web/ (awesome and reliable, but honors robots.txt) or https://archive.is/ (relatively new, run by someone anonymous, does NOT honor robots.txt so it will work with more sites) Nice ... they are officially a museum and thus exempt from some copyright restrictions. Bwahaha ... What also works is startpage.com / ixquick.com "open via proxy" function for a great many pages, for reading it is great but external links get broken and posting is out of question. Or use Tor -> VPN or Tor -> open proxy if the need arises to truly Access a website.
+Workaround for the impatient  Instead of looking at archived website versions use ixquick.com / startpage.com: They offer a proxy service for search results, apparently returning 403 for some websites. some websites return 403 to them, which is to be expected.
+TIP2: Use another proxy between tor and reluctant websites. Usable proxies include https://proxy-nl.hide.me/ and https://www.vpnbook.com/webproxy. thx
+
+11) What can a website do to become more tor friendly user friendly, really?
+
+a) lift the stupid block
+
+b) set up an onion
+http://j7652k4sod2azfu6.onion/p/leurity, but it's conflating securty and protectionism. It is, in point of fact, neither. It's prevention of access by the unwashed masses, thus it is the elitism that only the middle class can hope for -- that which is not elite but bears its veneer. That veneer of the gated community. It is as protected as it is grey and faceless. The cookie cutter designs of the securitized state of exception we're all being tossed into.
+
+c) at least be honest and change the HTTP code to 451 or 406 "Not Acceptable" coz that's what tor blocks are ...
+
+12) We want to implement CloudFlare real security, ie one that is not based on a IP-filter
+
+This might be impossible, since Cloudflare itself is the security hole.
+Trusted Third Parties are Security Holes[8].
+
+13) Followup / Further research:
+
+See also
+https://trac.torproject.org/projects/tor/wiki/org/doc/ListOfServicesBlockingTor
+(the purpose of this pad is to provide a more dynamic list)
+
+Tor ticket on broader issues (found it convenient):
+ 
+ https://trac.torproject.org/projects/tor/ticket/18361
+ 
+It is likely that many of the civil society organizations listed on this page
+as the CloudFlare "partners with reference to" use CloudFlare.
+
+   https://www.cloudflare.com/galileo/
+   ( https://archive.is/hoLuI )
+
+Cloudflare support pages on the topic:
+
+    https://support.cloudflare.com/hc/en-us/articles/200170096-How-do-I-turn-the-CloudFlare-captcha-challenge-page-off-
+    https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor- the C isne
+    https://support.cloudflare.com/hc/en-us/articles/200170056-What-is-CloudFlare-s-Ba bysic-Security-Level-
+    https://support.cloudflare.com/hc/en-us/articles/200170116-What-do-the-Threat-Scores-mean-
+
+13) Sources
+
 [1] http://themusicgod1.deviantart.com/art/the-great-cloudwall-1-595382698
+[2] http://www.youtube.com/watch?v=r3yIarp3J2o
+[3] https://when.google.met.wikileaks.org/
+[4] https://wiki.lesswrong.com/wiki/Unfriendly_artificial_intelligence
+[5] https://www.visionofearth.org/future-of-humanity/existential-risks/what-is-an-existential-risk/
+[6] http://www.theguardian.com/commentisfree/2013/jan/22/paypal-wikileaks-protesters-ddos-free-speech
+[7] https://twitter.com/haq4good/status/703315998523396096
+[8] http://nakamotoinstitute.org/trusted-third-parties/