[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] 12.7 percent of the domains I visit are intercepted by CloudFlare



> My guess is it is set by abc.com, but the " name" of the cookie involves
"cloudflare?"

Keep in mind that Cloudflare is essentially a glorified bunch of reverse
proxies. Because Cloudflare terminates your TCP connection to abc.com,
they're in a position to set cookies _as_ abc.com. So I'd fully expect the
site name to be abc.com, though it's naughty of them. The browser won't
consider it thirdparty, because it isn't - it was set by abc.com. This does
seem to be the case (picking a site that uses cloudflare randomly from a
list):

$ GET -Ssed  http://absolutewealth.com | grep Set-Co
Set-Cookie: __cfduid=dfcadd8517f9edb7f6fd202c7152da9861461451390;
expires=Sun, 23-Apr-17 22:43:10 GMT; path=/; domain=.absolutewealth.com;
HttpOnly


What it does mean, though, is when you visit xyz.com, the browser won't
present the cookie set earlier by abc.com. So it's use in tracking across
domains is incredibly limited. Pretty useful for tracking return visits to
abc.com (and it's subdomains) though

Ben

On Sat, Apr 23, 2016 at 11:21 PM, Joe Btfsplk <joebtfsplk@xxxxxxx> wrote:

> On 4/23/2016 2:54 PM, Rob van der Hoeven wrote:
>
>> On Sat, 2016-04-23 at 14:03 -0500, Joe Btfsplk wrote:
>>
>>> On 4/23/2016 8:15 AM, Rob van der Hoeven wrote:
>>>
>>>> Hi,
>>>>
>>>> Today I got an idea of how to measure "The CloudFlare problem". It turns
>>>> out that every time you visit a website that's behind CloudFlare a
>>>> cookie is set with the name __cfduid
>>>>
>>>> If you use Firefox these cookies end up in a SQLite database which can
>>>> be queried with the SQLite Manager add-on. My total number of cookies is
>>>> 2523 (I disable third-party cookies by default). CloudFlare cookies:
>>>> 321. So 321/2523 *100 = 12.7% of the domains I have visited are
>>>> monitored by CloudFlare. Quite shocking I think.
>>>>
>>>> Rob.
>>>> https://hoevenstein.nl
>>>>
>>>>
>>> Are you saying using TBB, cloudflare sets cookies withOUT either
>>> checking "accept cookies from sites;"
>>> or entering an exception for their domain in TBB's cookie exceptions;
>>> or when in Options > Privacy - "Accept 3rd party cookies" = Never?
>>>
>>> I am not using TBB. Sorry I was not clear about this. I use the normal
>> Firefox, enhanced with NoScript, AddBlockPlus etc. I changed the privacy
>> settings so that "Accept cookies from sites" is allowed, but "Accept
>> third-party cookies" is set to "Never"
>>
>> Now the interesting (nasty) properties of CloudFlare cookies are:
>>
>> 1) They are not coming from the CloudFlare domain, but from the domain
>> you are visiting. If you surf to abcdef.com and that site uses
>> CloudFlare then the CloudFlare cookie is set for the abcdef.com domain.
>> CloudFlare clearly is a third-party, but their cookies can not be
>> disabled by refusing third-party cookies.
>>
>> 2) Many of *my* CloudFlare cookies have an expiration date of 23 dec
>> 2019. These are clearly ment to be tracking cookies.
>>
>>
>> Technically, this isn't a Firefox discussion or support list, but...
> My guess is it is set by abc.com, but the " name" of the cookie involves
> "cloudflare?"
> What does it show under the "site" column - viewing the cookies? Does it
> show it came from Cloudflare site?
> Post the name of site & cookie name.
>
> You can check in about:config for pref:
> network.cookie.thirdparty.sessionOnly.  It should be set to False to reject
> 3rd party cookies.
>
> On Disney.com, they set a cookie named
> "HumanClickSiteContainerID_88830415" but the SITE name shown for it is
> Disney.com.
> It's true - there's always a 1st for everything.
>
> --
> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>



-- 
Ben Tasker
https://www.bentasker.co.uk
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk