Re: [tor-talk] 12.7 percent of the domains I visit are intercepted by CloudFlare

[Joe Btfsplk <joebtfsplk@xxxxxxx>]

On 4/23/2016 5:44 PM, Ben Tasker wrote:
> > My guess is it is set by abc.com, but the " name" of the cookie involves
> "cloudflare?"
>
> Keep in mind that Cloudflare is essentially a glorified bunch of reverse
> proxies. Because Cloudflare terminates your TCP connection to abc.com,
> they're in a position to set cookies _as_ abc.com. So I'd fully expect the
> site name to be abc.com, though it's naughty of them. The browser won't
> consider it thirdparty, because it isn't - it was set by abc.com. This does
> seem to be the case (picking a site that uses cloudflare randomly from a
> list):
>
> $ GET -Ssed  http://absolutewealth.com | grep Set-Co
> Set-Cookie: __cfduid=dfcadd8517f9edb7f6fd202c7152da9861461451390;
> expires=Sun, 23-Apr-17 22:43:10 GMT; path=/; domain=.absolutewealth.com;
> HttpOnly
>
>
> What it does mean, though, is when you visit xyz.com, the browser won't
> present the cookie set earlier by abc.com. So it's use in tracking across
> domains is incredibly limited. Pretty useful for tracking return visits to
> abc.com (and it's subdomains) though
>
> Ben
I know little about Cloudflare's actual operation.  What's the 
implication / danger of one entity setting  cookies on multiple or 
1000's of  sites?
I've also read (true or not) that lots of sites sell customer / member 
data on cookies & IPa's to tracking companies or advertisers.  Maybe not 
names or credit cards, but...

Years ago, lots of sites didn't require cookies just to browse.  Now 
many do - just to take a peek, or it won't work right.  Maybe that's 
because the cookies can be turned into cash?
I'm startin me some websites.  Yee-haw!


--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk