Some online #Covid19 vaccination sites are forcing Google #reCAPTCHA on those trying to schedule appointments; some are blocking Tor; some are simultanously snooping & blocking Tor (using #CloudFlare); some sites are broken unless you run non-free Google js. Even sites that are centralized by the state governor are Tor hostile. Some Tor-hostile pharmacies refuse phone scheduling.
#RiteAid's Tor hostile website is blocking appointments even to non-Tor users if the site believes the browser is too old, redirecting users to a page that says "Upgrade browser for the best Rite Aid experience". These assholes are going to be persnickety about browser versions during a pandemic.
Those trying to schedule a #covid19 vaccine by phone are refused by #WalMart & forced to use the website (so WalMart makes healthcare conditional on having internet access). *After* walmart.com collects your personal details, it then forces a #reCAPTCHA. If you refuse the #CAPTCHA, you don't get your shot but WalMart gets to keep the data you supplied to them.
@resist1984 what’s the threat of a CAPTCHA?
@gritnot I boycott #Google's #reCAPTCHA & also #hCAPTCHA. Paragraphs 2, 4, & 6 of this article cover hCAPTCHA well: https://git.disroot.org/cyberMonk/liberethos_paradigm/src/branch/master/rap_sheets/cloudflare.md reCAPTCHA has the same issues + the additional problem of feeding Google, which amplifies Google's privacy abuses.
Wow that article is scary :/
What's the best way to mitigate privacy issues with Cloudflare? I'm using a VPN, so I assumed all the traffic is encrypted; but can Cloudflare still see my usernames and passwords like that article says?
just asking out of curiosity; I'm not entirely sure how DNS, HTTPS or proxies work.
@mesh4545 A VPN does not protect you from #CloudFlare. CF sits at the end of the HTTPS tunnel, so it sees all traffic (incl. uid & pw) in the clear. There are some tools to counter CF: https://codeberg.org/crimeflare/cloudflare-tor/src/branch/master/addons The docs are in Esperanto, but you don't need the docs. I suggest installing all of them. You can enable/disable to see what each does
@mesh4545 If you install bcmaFX on #Firefox, it will detect when you are visiting a #CloudFlare site & automatically divert you to the archive.org #WaybackMachine for the page you are visiting. Then you can see the content without connecting to CloudFlare. You wouldn't want to login through there, but really it's better to never login to a CF site. I never create accounts on CF sites.
@mesh4545 ismitmlinkFX is an addon for #Firefox that will tag dodgy CF / anti-tor links on the page you are viewing, so you know even before you click if it's a #CloudFlare site. You can see the effect of it if you do a search on Ss (https://sercxi.nnpaefp7pkadbxxkhz2agtbv2a4g5sgo2fbmv3i7czaua354334uqqad.onion/)
@mesh4545 BTW, Ss is the top most privacy-respecting search engine I've ever encountered. It hides #CloudFlare search results at the bottom. And tor-hostile or dodgy in some way have a red strikethrough and a red cop car light.
@resist1984
Wow thank you for your detailed reply. I'm need to look up and try all these things... This is all new to me. I follow several privacy related blogs and youtubers and I'm surprised that I've never heard of this.
Just one more thing if you don't mind; does this have anything to do with the 1.1.1.1 cloudflare DNS? Even privacytools.io seems to recommend it
@mesh4545 the DNS is a separate matter than the reverse proxy. But that still sounds like bad advice. #CloudFlare is not trustworthy and you wouldn't want them to be able to keep track of your DNS resolutions.
@mesh4545 If you want a mainstream addon there is #CloudFirewall which simply blocks tech giants: https://web.archive.org/web/20210215185858/gitlab.com/gkrishnaks/cloud-firewall You get switches to toggle whether to block #CloudFlare, #Amazon, #Microsoft, etc. I've noticed that it has false negatives though. And it's a bit embarrassing that the repo for the app is a CF site: #Gitlab.com