resist1984 @resist1984@social.privacytools.io

@gerowen @bojkotiMalbona I know it works for Alexa, but does that work for Ring? If #Amazon Ring accepts voice commands, then I could skip the laser and just walk up to the door and order stuff.

@jonas @wuwei also note that if whatever strange bias leads to you trust a profit driven corporation more than a privacy driven non-profit, #mojeek would be a better choice than #ddg

@wuwei @jonas #DDG is a US-based /for profit/ corporation that pays privacy abusing surveillance capitalists (VZ, MS, Amazon), which should make you far more uncomfortable than a random guy in a basement working on a project that is likely not for profit.

@jonas @wuwei many searx nodes scrape b/c they tend to be non-profit projects. But Searxes most likely uses an open API to get results from searx nodes.

@wuwei @jonas Like #DDG, all searx instances are inherently meta-search engines. Searxes is a meta-search of searx instances, which you could call a meta-meta-search. Meta-searching does not necessarily imply scraping. A meta-search can be accomplished by scraping &/or using an API. The searx s/w is #freesoftware not designed for corporate protectionism. It's unlikely that Searxes scrapes.

@gerowen #DDG stopped using tracking cookies when they got caught & someone called them out for violating their #privacy policy. The cookie that stores preferences is a conventional cookie, not a #trackingcookie. #Duckduckgo pays #MS for Bing API access. Last I checked it was stated on duck.co.

@wuwei @jonas Searxes is coded to randomly select from a pool of quality searx instances on each query. It then does some post-processing to filter #CloudFlare results. Searxes never says "due to #CAPTCHA there are no results". IDK how it avoids that. Either the source pool is only instances that don't scrape or it jumps to another instance in the background.

@g np. And note there may or may not be a 2nd tunnel between the originating server & CF, but in either case the end user sees a padlock

@g some problems like having visibility on all traffic are shared across all CDNs, so it's best to avoid CDNs entirely if possible. But if you must use a CDN, #CloudFlare is the worst of the worst.. it shelters criminals and harms #humanrights

@g this article covers it in detail: http://cryto.net/~joepie91/blog/2016/07/14/cloudflare-we-have-a-problem/

@g the TLS tunnel terminates at #CloudFlare, so CF sees all traffic. It must work that way. If CF were to simply proxy all encrypted traffic to the origin, then it would fail to relieve the originating server of workload.

@g I could write a book on this. I'll also mention that #CloudFlare uses #Google's #CAPTCHA, & that's a #privacy abuse in itself. Google links your logged in cookie w/the CF site the CAPTCHA is on.

@g so it's crude & reckless to DoS #Tor in an anti-DoS effort. They want ppl to believe Tor is a DoS threat, but they're actually on an anti-bot agenda. Yet not all bots are malicious.

@g also realize that a DDoS attack is impractical from #Tor, b/c the exit nodes are too few & bandwidth is insufficent for that.

@g w.r.t finding off DDoS attacks, note 1st that any CDN will offer that.. no reason to use #CloudFlare. Also, once you have a DDoS attack, CF is no longer gratis. CF will force you to upgrade to premium b/c the attack counts toward your bandwidth allowance.

@g a side-effect of CF DoSing #Tor users is to push ppl off Tor (to escape the #CAPTCHAs). That's disabling ppl of their #privacy protection.

@g #CloudFlare also harms non-Tor users by MitMing the connection. CF sees every username & unhashed password even when a TLS padlock is present.

@g at a high level, #CloudFlare is very similar to #SpamHaus. In both cases you have a vigilante extremist org so fixated on attacking their enemy that they have no regard for collateral damage to harmless users. Ppl cannot protect their own #privacy by running their own mail server b/c of SpamHaus, & ppl cannot protect their own identity b/c CF DoS's *all* #Tor users.

@nikolal @croqaz Using #Tor is not "paranoid", it's smart. #MS #Github treats Tor users badly & pushes 2FA email checks, so privacy enthusiasts aren't reporting bugs on GH projects. #Microsoft also has a long history of #privacy abuse. When you use Github you financially support a privacy abuser. #deleteGithub.

@fireglow two cats is also more entertaining if they play with each other