@resist1984 You could also use e.g. Decentraleyes or LocalCDN to serve the CloudFlare scripts locally (which is what I do, since so many sites I use even casually require CloudFlare).

@chiraag i appreciate the tip about Decentraleyes or LocalCDN. At 1st glance I don't see how they can prevent CloudFlare from seeing the traffic, but they look useful anyway. If I understand correctly, they reduce dependency on 3rd party js.

@resist1984 Yes, so instead of CloudFlare serving the script from their servers (which would help them know that you're visiting the site), the scripts and CSS get served locally, bypassing CloudFlare entirely.

Obviously there's nothing that can be done if they're using CloudFlare for hosting, say, assets like images.

@chiraag
Small steps toward a saner, decentralized web. Thanks for the hint
@resist1984

@chiraag i'm trying to do the xfer w/out logging in, & it has turned into a battle.

@resist1984 Yeah, I'm not sure how that would ever work, since you need to authenticate yourself to your registrar!

Last-resort: sandboxed browser running in a VM through Tor 😉

@chiraag in principle a pw reset doesn't require login creds, so the registrare is being lazy & trying to save a buck, which is perhaps why they opted for CF.

@resist1984 But even once you reset the password, wouldn't you have to login in order to transfer the domain? Maybe I'm mistaken, since I've never transfered a domain...lol

@chiraag once the registrar is confident they are talking to their client, they supply a token which is then given to the new registrar. The pw reset obviously can't rely on me having login creds, so if they trust my email address for that then it'd be no different than simply emailing the transfer token to the email address on file.

@resist1984 Hmmm, got it.

I mean, honestly? If I were in this position, I would rely on Decentraleyes/LocalCDN along with uMatrix to determine which connections the browser is allowed to make and to ensure too much info isn't sent to CloudFlare.

At this point, too many sites run on CloudFlare to avoid it entirely, unfortunately. Even domains which may not _use_ CloudFlare may use CloudFlare for DNS registration (for example). I really admire your strong stance on this, though!

Good luck :)

@chiraag I'm willing to view CF sites via archive.org b/c that doesn't require me connecting to CF, but CF sites that need me to HTTP POST are SOL. And most importantly, no service that gets my money is a CloudFlare site. My domain registrar took my money & then switched to CF (#BaitAndSwitch), so I have a moral obligation to fight for a refund.

@resist1984 I mean, I agree with you, but I suspect it's going to be a hard sell to get them to refund you for this. Most likely, buried within TOS is a clause saying they're allowed to make changes to best provide services to their customers.

btw, which registrar is this?

@resist1984

Wow, how did you get your domain registration services provider to contractually agree that they wouldn't force you to transact with them via Cloudflare or some other equal invasive CDN?

@chiraag
randomTemp17266819677394536015.…

@tallship @chiraag they simply forgot to put it in the ToS & PP a clause that I agree to share info with or transact with CloudFlare on their behalf.