[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] 12.7 percent of the domains I visit are intercepted by CloudFlare



On 4/23/2016 5:44 PM, Ben Tasker wrote:
My guess is it is set by abc.com, but the " name" of the cookie involves
"cloudflare?"

Keep in mind that Cloudflare is essentially a glorified bunch of reverse
proxies. Because Cloudflare terminates your TCP connection to abc.com,
they're in a position to set cookies _as_ abc.com. So I'd fully expect the
site name to be abc.com, though it's naughty of them. The browser won't
consider it thirdparty, because it isn't - it was set by abc.com. This does
seem to be the case (picking a site that uses cloudflare randomly from a
list):

$ GET -Ssed  http://absolutewealth.com | grep Set-Co
Set-Cookie: __cfduid=dfcadd8517f9edb7f6fd202c7152da9861461451390;
expires=Sun, 23-Apr-17 22:43:10 GMT; path=/; domain=.absolutewealth.com;
HttpOnly


What it does mean, though, is when you visit xyz.com, the browser won't
present the cookie set earlier by abc.com. So it's use in tracking across
domains is incredibly limited. Pretty useful for tracking return visits to
abc.com (and it's subdomains) though

Ben

I know little about Cloudflare's actual operation. What's the implication / danger of one entity setting cookies on multiple or 1000's of sites? I've also read (true or not) that lots of sites sell customer / member data on cookies & IPa's to tracking companies or advertisers. Maybe not names or credit cards, but...

Years ago, lots of sites didn't require cookies just to browse. Now many do - just to take a peek, or it won't work right. Maybe that's because the cookies can be turned into cash?
I'm startin me some websites.  Yee-haw!


--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk