Disable cloudflare gate

[Kreyren]

[Curve]

@Starz0r

In the mean time you could try to reach the site through https://starz0r.github.io/AreWeAntiCheatYet

[Starz0r]

Cloudflare Gate isn't enabled on the site, nor is Cloudflare currently used in DNS Propagation (this isn't even what Gate looks like…). You might have a third-party proxy or similar that's causing this message to trigger. I would check your home connection and make sure there isn't any bad actors remotely using a device as a botnet.

[Kreyren]

You are missinformed and my connection is fine and monitored in real time.

CF is using this new UI since +- 2 months back and you are not getting it because they are able to fingerprint you. To disable it -> Turn off the DDoS Protection.

If you are concerned about DDoS then set fail2ban (instead of this MITM).

[Starz0r]

I'd rather not go back to managing draconian applications like fail2ban to have a basic functioning setup. Not that fail2ban is even the correct solution here, since that's for intrusion prevention, not stopping someone from sending a mass amount of connections to my server. That's why DDoS protection from providers like Cloudflare are very important, nonobserving fingerprint implications.

Regardless, our server provider seems to have Gate automatically enabled, without exposing any configuration to change this. You “should” be able to reach the site depending on a Round Robin configuration to the GitHub Pages hosted version. Though, I'm unsure if Gate would catch you again before reaching it, though I'd assume you should.

[Kreyren]

What Cloudflare is providing is global mass surveillance that you are helping to be part of with the CL-Gate as it only lets through users that it can fingerprint and track across the internet and bullies into submission those whom it can't..

Use different provider or if it's hosted on GitHub then just set up appropriate redirection on your domain.

See https://developer.mozilla.org/en-US/docs/Web/HTTP/Redirections

You can also do silent redirection in e.g. nginx using the HTTP::header replace Host that once the domain is loaded it changes on the github page without changing the URL in the search bar.

[Starz0r]

What Cloudflare is providing is global mass surveillance that you are helping to be part of with the CL-Gate as it only lets through users that it can fingerprint and track across the internet and bullies into submission those whom it can't..

Please abstain from these baseless accusations. Cloudflare, as far as we've seen, isn't in the business of selling user data, and has no reason to do so as they are far more profitable even without doing so. Saying this, as if it were some confirmed truth, is just inflammatory, and harms your credibility.

I consider not being able to reach the site without JavaScript & Cookies enabled a bug, so I will personally look into this further to see if I can get our provider to disable this. Apologies for the false starts on this, and I will see that this eventually gets solved.

[Kreyren]

Please abstain from these baseless accusations. Cloudflare, as far as we've seen, isn't in the business of selling user data, and has no reason to do so as they are far more profitable even without doing so. -- @Starz0r

Cloudflare is well known global surveillance company[2][3][4] who has no ethics and absolute disregard for user's privacy in selling user data[1][7] including sharing such data with the russian government during the invasion of ukraine[8] and other invasive government agencies[5][6].

I consider not being able to reach the site without JavaScript & Cookies enabled a bug, so I will personally look into this further to see if I can get our provider to disable this. -- @Starz0r

Your website doesn't allow visit without fingerprinting and tracking across the internet, the javascript and cookies are just the tip of the iceberg -> Disable Cloudflare's "DDoS protection" (cloudflare gate) to address this.

References:

1. https://edit.tosdr.org/points/12652
2. https://edit.tosdr.org/points/7101
3. https://edit.tosdr.org/points/23283
4. Security and privacy issues documented on wiki https://en.wikipedia.org/wiki/Cloudflare#Security_and_privacy_issues
5. https://www.cnet.com/news/privacy/at-t-lets-nsa-hide-and-surveil-in-plain-sight-the-intercept-reports/
6. https://en.wikipedia.org/wiki/PRISM
7. https://edit.tosdr.org/points/12637
8. Reaction to war in ukraine by cloudflare https://en.wikipedia.org/wiki/Cloudflare#Reaction_to_the_Russian_invasion_of_Ukraine

[Mysak0CZ]

References:

1. edit.tosdr.org/points/12652
2. edit.tosdr.org/points/7101
3. edit.tosdr.org/points/23283
4. Security and privacy issues documented on wiki en.wikipedia.org/wiki/Cloudflare#Security_and_privacy_issues
5. cnet.com/news/privacy/at-t-lets-nsa-hide-and-surveil-in-plain-sight-the-intercept-reports
6. en.wikipedia.org/wiki/PRISM
7. edit.tosdr.org/points/12637
8. Reaction to war in ukraine by cloudflare en.wikipedia.org/wiki/Cloudflare#Reaction_to_the_Russian_invasion_of_Ukraine

I can't help myself but I find this really funny...
1, 2, 3, 7) are about tracking users... but users of Cloudflare - the website owners themselves on the Cloudflare website. It doesn't apply to users going through Cloudflare DDoS protections to target websites.
4) mentions compromise of CCTV (which has no impact on users using Cloudflare as proxy) and again only leaks about customers - owners of websites using Cloudflare and emails of complaints - again nothing about users actually being proxied, only those who interact with Cloudflare directly.
5, 6) These "Reference"s don't even mention Cloudflare at all... and every single ISP is required to provide data about customers if police/any other agency comes with warrant. That's simply law.
8)

including sharing such data with the russian government during the invasion of ukraine

Please... read that section again. The section says that Cloudflare continued to run CDN service: Simply hosting data from inside russia. It never says anything about Cloudflare providing any data.

Overall you didn't provide any valid argument and all the references you did provide are either misleadingly about close, but not exact topic or simply about completely unrelated topic to Cloudflare itself.
I am personally really privacy-based, but spreading misinformation won't help anything and what you said clearly IS misinformation, as proved above.

Now to the actual impact... In Cloudlfare's privacy policy you liked to link there are two different entities clearly distinguished:

Website Visitors: Those who visit our Websites, including those who may opt to provide an email address or other contact information to receive communications from Cloudflare, fill out a survey, or provide feedback. For the purposes of this Policy, “Websites” refer collectively to www.cloudflare.com as well as any other websites Cloudflare operates for its own behalf and that link to this Policy. For clarity, “Websites” does not include any sites owned or operated by our Customers, including where we serve as Registrar.
End Users: Those who (i) access or use our Customers’ domains, networks, websites, application programming interfaces, and applications, or (ii) Customers’ employees, agents, or contractors, who access or use Services, such as Cloudflare Zero Trust end users.
[...]
Cloudflare processes End Users’ interactions with Customer’s Internet Properties and the Services. [...] The information processed may include but is not limited to IP addresses, traffic routing data, system configuration information, and other information about traffic to and from Customers’ websites, devices, applications, and/or networks.

In my opinion data which is necessary for anti-bot protection.

[Starz0r]

It's been awhile since I've given an update to this.

Extreme hyperbole and sensationalist quoting aside…

There, at the moment, does not exist for me a way to disable Cloudflare Gate. I might be able to get our providers to add an option to turn it off, or even have them disable it on our behalf. But that might take some time, or may not even be possible. Previously, I did make attempts at moving the site over to GitHub Pages, but seeing as the DNS Propagation was slow, and without any feedback on whether it was working. I'm hard-pressed to try that without any intervention from GitHub themselves to move the process along more smoothly. Maybe in the future this feature will get faster and come with more feedback, but at the current moment I'm unwilling to attempt it again.

For right now, this issue unfortunately will have to stay in limbo.