[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] 12.7 percent of the domains I visit are intercepted by CloudFlare
On 4/23/2016 5:44 PM, Ben Tasker wrote:
I know little about Cloudflare's actual operation. What's the
implication / danger of one entity setting cookies on multiple or
1000's of sites?
I've also read (true or not) that lots of sites sell customer / member
data on cookies & IPa's to tracking companies or advertisers. Maybe not
names or credit cards, but...
My guess is it is set by abc.com, but the " name" of the cookie involves
Keep in mind that Cloudflare is essentially a glorified bunch of reverse
proxies. Because Cloudflare terminates your TCP connection to abc.com,
they're in a position to set cookies _as_ abc.com. So I'd fully expect the
site name to be abc.com, though it's naughty of them. The browser won't
consider it thirdparty, because it isn't - it was set by abc.com. This does
seem to be the case (picking a site that uses cloudflare randomly from a
$ GET -Ssed http://absolutewealth.com | grep Set-Co
expires=Sun, 23-Apr-17 22:43:10 GMT; path=/; domain=.absolutewealth.com;
What it does mean, though, is when you visit xyz.com, the browser won't
present the cookie set earlier by abc.com. So it's use in tracking across
domains is incredibly limited. Pretty useful for tracking return visits to
abc.com (and it's subdomains) though
Years ago, lots of sites didn't require cookies just to browse. Now
many do - just to take a peek, or it won't work right. Maybe that's
because the cookies can be turned into cash?
I'm startin me some websites. Yee-haw!
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to