Add CloudFlare JS Challenge message template

* emacs.d/mail.org (Correspondence / CloudFlare): Added
2016-07-09 22:22:25 -04:00 · 2016-07-09 22:22:25 -04:00 · a643713a83
parent cc4aa0bf29
commit a643713a83
1 changed files with 50 additions and 0 deletions
--- a/emacs.d/mail.org
+++ b/emacs.d/mail.org
@ -624,3 +624,53 @@ done.
                (add-hook 'gnus-after-exiting-gnus-hook
                          'save-buffers-kill-emacs))))
 #+END_SRC
+
+* Correspondence
+** CloudFlare
+TODO: CloudFlare rant and rationale.
+
+#+BEGIN_SRC snippet :tangle emacs.d/snippers/message-mode/cloudflare-js
+  # -*- mode: snippet -*-
+  # name: Message to webmaster of CloudFlare JS-only verification
+  # key: cloudflare-js
+  # --
+  I recently tried to view ${1:an article} on ${2:your website} at
+  ${3:foo.com}.  For reasons of privacy, I and many others use Tor for all
+  Web traffic; unfortunately, CloudFlare often recognizes Tor exit nodes as a
+  threat[0], and so invokes its DDoS mitigation.
+
+  Normally, the default behavior for CloudFlare---that I've noticed---is
+  to display a CAPTCHA to the user.  This works without JavaScript enabled
+  and allows the user to pass once it has been answered correctly.  This
+  isn't a pleasant experience, but it's surmountable.
+
+  But ${4:$2 has} chosen to enable CloudFlare's JavaScript-only DDoS
+  protection (which they call a "JavaScript Challenge").
+
+  There are a number of reasons why users may choose to disable
+  JavaScript:  There are a host of security concerns (including attacks
+  that have de-anonymized Tor users; malware distribution; user spying;
+  and more).  There is also the issue of software freedom: most websites
+  serve proprietary JavaScript programs that deny users the right to study,
+  share, and modify them.[1]  This is antithetical to a free Web and is
+  used to exert control over users.
+
+  I understand that ${5:$2} is likely not willing to disable
+  CloudFlare's DDoS mitigation services, but would you please consider
+  using the CAPTCHA-based approach so that all users---including those
+  that disable JavaScript for privacy, security, and ethical
+  considerations---have access to the articles and information that
+  $4 provides?  Otherwise, some users may choose to access the web page
+  without Tor, potentially endangering their anonymity, or may choose to
+  accept non-free programs that could compromise their freedom and security.
+
+
+  [0]: https://support.cloudflare.com/hc/en-us/articles/203306930
+  [1]: https://www.gnu.org/philosophy/javascript-trap.html
+
+
+  Please help us work our way back toward a Web that is free for everyone to
+  access with the software their choose and trust.
+
+  Thank you for your consideration,
+#+END_SRC