Some good answers already, but I haven’t seen anyone talk about this: Sites “secured” by CloudFlare are almost impossible to use with Tor, some VPNs, or even simply with JavaScript disabled. Their Captcha page that pops up when you use any of these tends to be broken and just redirects back to itself even when you clear the captcha, instead of actually showing you the page itself (and the redirection is happening server side, so there’s also nothing you can change in the URL to get you to the right page).
The article I linked includes all of that.
they host a lot of bigoted content (like 4ch*n)
This comment on GitHub perfectly captures the controversy surrounding CloudFlare
I just wanted to add that recently on firefox if you have resistfingerprinting enabled then some websites will stop working because cloudflare detects as of it was a tor browser. For example you can’t log in to GitLab
Its a man in the middle that recieves every communication to any server that uses it, including ip addresses, signups, passwords, usernames, all in clear text for them. Since so many servers use it, its a giant aggregator as dangerous as a centralized password store.
Just wanna add that it’s impossible for them to have your encrypted messages if you use an HTTPS certificate from another CA.
Meta analysis of encrypted traffic is more powerful than you think. By analyzing things like the length and timing of requests and responses, researchers have been able to determine what search term a user typed, what images and videos are being viewed, which threads on a forum they accessed, among other things, without ever decrypting the HTTPS data.
And they’re American so they absolutely have the NSA/CIA tapping into that data.
Removed by mod
