On Sat, 2016-04-23 at 14:03 -0500, Joe Btfsplk wrote:
On 4/23/2016 8:15 AM, Rob van der Hoeven wrote:
Hi,
Today I got an idea of how to measure "The CloudFlare problem". It turns
out that every time you visit a website that's behind CloudFlare a
cookie is set with the name __cfduid
If you use Firefox these cookies end up in a SQLite database which can
be queried with the SQLite Manager add-on. My total number of cookies is
2523 (I disable third-party cookies by default). CloudFlare cookies:
321. So 321/2523 *100 = 12.7% of the domains I have visited are
monitored by CloudFlare. Quite shocking I think.
Rob.
https://hoevenstein.nl
Are you saying using TBB, cloudflare sets cookies withOUT either
checking "accept cookies from sites;"
or entering an exception for their domain in TBB's cookie exceptions;
or when in Options > Privacy - "Accept 3rd party cookies" = Never?
I am not using TBB. Sorry I was not clear about this. I use the normal
Firefox, enhanced with NoScript, AddBlockPlus etc. I changed the privacy
settings so that "Accept cookies from sites" is allowed, but "Accept
third-party cookies" is set to "Never"
Now the interesting (nasty) properties of CloudFlare cookies are:
1) They are not coming from the CloudFlare domain, but from the domain
you are visiting. If you surf to abcdef.com and that site uses
CloudFlare then the CloudFlare cookie is set for the abcdef.com domain.
CloudFlare clearly is a third-party, but their cookies can not be
disabled by refusing third-party cookies.
2) Many of *my* CloudFlare cookies have an expiration date of 23 dec
2019. These are clearly ment to be tracking cookies.