• Fur Affinity Forums are governed by Fur Affinity's Rules and Policies. Links and additional information can be accessed in the Site Information Forum.

Cloudflare privacy implications, anyone knowledgable?

Infurmountable

New Member
Hi. Just curious if anyone has meaningful knowledge (i.e. not just rumors and "i heard..." statements) about the privacy policy of cloudflare and the implications of its use with FA? Obviously there is now another group with access to our information, postings, communications. From what I've found in a brief search, they are very secretive about their funding sources, thus it would seem we really don't know what other third (fourth?) party might have an interest in our data.

Yes, I could read their policy documents, but I probably can't stay awake for that. Maybe someone in IT or security has already done research regarding this for another site or for work and would be willing to share some insights.

Thanks!
 
Last edited:

Vo

Member
The privacy policy is written in quite accessible language: https://www.cloudflare.com/security-policy

Important part: "As visitors browse our web site, or our user's websites if they are protected by CloudFlare, we sometimes log these visitors' interactions in order to provide a better service (e.g., using visitor log data in order to detect new threats). For some examples of the types of information we collect, please see our blog post here."
 

DrkKaiser

New Member
Looks to me as though there's been multiple attempts at malware introduction through this cloudflare system implemented. It's all over twitter; Use your malware scanner and track down any new malware that's been implemented since you've seen that- Guarantee you'll find some from this new "Safety" feature by FA admins.
 

Kalmor

Banned
Banned
The privacy policy is written in quite accessible language: https://www.cloudflare.com/security-policy

Important part: "As visitors browse our web site, or our user's websites if they are protected by CloudFlare, we sometimes log these visitors' interactions in order to provide a better service (e.g., using visitor log data in order to detect new threats). For some examples of the types of information we collect, please see our blog post here."
This. I wish people people would do more of their own research and come to their own conclusions rather than jumping on with what some random person said on twitter of all places and acting like it's gospel.
 

yak

Site Developer
Administrator
Looks to me as though there's been multiple attempts at malware introduction through this cloudflare system implemented. It's all over twitter; Use your malware scanner and track down any new malware that's been implemented since you've seen that- Guarantee you'll find some from this new "Safety" feature by FA admins.

Can you provide at least one example of malware installation attempt, with a bit more information on what was trying to be installed and how?
Whatever software's telling this, it should provide this information.
 

Vo

Member
Looks to me as though there's been multiple attempts at malware introduction through this cloudflare system implemented. It's all over twitter; Use your malware scanner and track down any new malware that's been implemented since you've seen that- Guarantee you'll find some from this new "Safety" feature by FA admins.

I tried to reproduce this when someone was going on about it on Twitter and was unable to turn up any unexpected or suspicious activity via the browser (or any unexpected processes after (procexp, not task manager)).

http://www.twitlonger.com/show/n_1sj7bkg
 

kayfox

Member
I know this is a month late, but I found this about CloudFlare: https://storify.com/sadcrow/cloud

I think its pretty clear to anyone reporting stuff to CloudFlare that they just forward the reports to the site they are proxying. In this case it appears that the people sending the report didn't note two things:
1. The DMCA is not for stuff you dont like, its for stuff you own that is being distributed without your consent.
2. The DMCA policy at CloudFlare is to forward the report to the customer.

As for CloudFlare injecting malware, um, no. CloudFlare is a large anti-DDoS provider who is not just catering to your gaming or art site but to large corporations and banks. So they are not going to do any such thing.
 
Top