As others have mentioned you are going to have a tough time seeing much on the web without it but I guess it would be a good way to see the web with like zero corpo stuff.
Just blocking the domain won’t do you any good. Half the internet is behind Cloudflare. Even some Lemmy servers use it.
This is just turning off your router with extra steps
Lots of stuff breaks when you block cloudflare so a better way to avoid its data collection is to use a vpn and clear your browsing data.
I have the detect cloudlflare firefox extension. I avoid sites that use it. Haven’t tried blocking it completely yet but I could probably manage.
Can you link that extension please? That way I’m getting the right one. Hope its open source too
https://addons.mozilla.org/en-US/firefox/addon/detect-cloudflare/
You can block cloudflare, amazon, etc. with this one: https://addons.mozilla.org/en-US/firefox/addon/cloud-firewall/
If you set up a website with cloudflare, their user interface has a lot of tracking stuff on by default to be injected into it. It also encourages you to use their https service where the traffic is not actually encrypted from the user to your server, but man-in-the-middle’d by cloudflare. But the interface makes it super easy to do and refers to it like a good and normal default option.
So yeah I think they really want your data.
Even if you don’t use Cloudflare’s https they still need the private keys to work. So they can read all traffic either way.
That’s true if you’re proxying your traffic for DDoS protection, but you don’t need to do that to use them as a DNS, if you must.
I’ll be more specific: if you set up a website on your own server, and use Cloudflare as a reverse proxy. If you do SSL yourself, on your own server, then the traffic is encrypted between the client and your server, and therefore Cloudflare cannot read it, they do not have the encryption keys, even though the traffic is passing through them. If you use Cloudflare’s https solution, Cloudflare provides the keys and decrypts the traffic before passing it on.
The former is the more secure way to do it, but they encourage you to do it the way where they get to read all the traffic, which is pretty shady of them, because if a website has https people assume that means it is end to end encrypted to the website itself, but that assumption is being violated here and a user has no way to know.
How can they act as a proxy if they can’t terminate the connection? Or what service does that offer?
I guess they could filter out some connections based on IP addresses. But is that enough for some customers? Or am I overlooking something?
If you are actively blocking Cloudflare and you are still able to use the web services you rely on then I am genuinely jealous of you.
Reminds me of when my stepmother turned off the router because she didn’t want incoming radiation and then couldn’t figure why her emails were not arriving.
I think I’d rather practice other anti-tracking or anti-fingerprinting measures rather than blocking one of the largest CDN’s in the world. But yes, they do track.
Good luck reaching websites 😂
I suggest you also block anyone using AWS.
I don’t think OP would be able to use the modern internet lol
If they still can then goddam please write a tutorial
Well you can use the modern internet. Just not most of it. You would be only looking at the personal indie web at that point.
Privacy policies doesnt mean anything, if it’s a US based company. Doesnt matter if the servers are in the EU. They steal it anyway.
Look US Cloud Act.
They do; foreign companies must comply with the GDPR when processing or storing European citizen’s personal data.
See: GDPR Art. 3
they must first comply with the Patriot Act, the FISA amendment Act, and the Cloud Act, because they are in the same jurisdiction as them… then, maybe the EU GDPR. in that order. always.
Can you provide a source for that? See also: https://www.dataprivacyframework.gov/
https://www.forbes.com/sites/emmawoollacott/2025/07/22/microsoft-cant-keep-eu-data-safe-from-us-authorities/ iirc, this was about EU servers that were not supposed to forward data to the US by contract
well it’s standard “hierarchy of norms” theory of the law, when regulations of different nature piling up…
Also Patriot, FISA-A, and Cloud acts all pretend to be justified by “national security” which times and times again has been considered in the US be a higher imperative in the hierarchy of the norms (in many cases justifying to even bypass the constitution when it comes to spying on US citizens, etc.).
Whichever way you look at it: the NSA and the CIA (and countless other agencies) who have been granted unlimited, unregulated, untraceable access to all data processed by any US company are not subjected to the EU GDPR.
Do you honestly believe the US follows the GDPR?
It’s not about believe. And it depends on the company; though they’re legally required nonetheless.
See also: https://www.dataprivacyframework.gov/
They are also legally required to hand over the data. Do you honestly believe they go against the orange dictator and NSA?
Doesn’t Lemmy go down when Cloudflare goes down? Are you currently blocking CF?
Depends on the Lemmy server. So not all of Lemmy goes down.
I know the server I’m on went offline during the last cf outage. Never occurred to me each server wouldn’t be the case for all of Lemmy.
Depends on your provider.
deleted by creator
