From a643713a83a6e8fe2ab2d8e0644f8314bbe48a1c Mon Sep 17 00:00:00 2001 From: Mike Gerwitz Date: Sat, 9 Jul 2016 22:22:25 -0400 Subject: [PATCH] Add CloudFlare JS Challenge message template * emacs.d/mail.org (Correspondence / CloudFlare): Added --- emacs.d/mail.org | 50 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) diff --git a/emacs.d/mail.org b/emacs.d/mail.org index 1cb726b..5f6e67b 100644 --- a/emacs.d/mail.org +++ b/emacs.d/mail.org @@ -624,3 +624,53 @@ done. (add-hook 'gnus-after-exiting-gnus-hook 'save-buffers-kill-emacs)))) #+END_SRC + +* Correspondence +** CloudFlare +TODO: CloudFlare rant and rationale. + +#+BEGIN_SRC snippet :tangle emacs.d/snippers/message-mode/cloudflare-js + # -*- mode: snippet -*- + # name: Message to webmaster of CloudFlare JS-only verification + # key: cloudflare-js + # -- + I recently tried to view ${1:an article} on ${2:your website} at + ${3:foo.com}. For reasons of privacy, I and many others use Tor for all + Web traffic; unfortunately, CloudFlare often recognizes Tor exit nodes as a + threat[0], and so invokes its DDoS mitigation. + + Normally, the default behavior for CloudFlare---that I've noticed---is + to display a CAPTCHA to the user. This works without JavaScript enabled + and allows the user to pass once it has been answered correctly. This + isn't a pleasant experience, but it's surmountable. + + But ${4:$2 has} chosen to enable CloudFlare's JavaScript-only DDoS + protection (which they call a "JavaScript Challenge"). + + There are a number of reasons why users may choose to disable + JavaScript: There are a host of security concerns (including attacks + that have de-anonymized Tor users; malware distribution; user spying; + and more). There is also the issue of software freedom: most websites + serve proprietary JavaScript programs that deny users the right to study, + share, and modify them.[1] This is antithetical to a free Web and is + used to exert control over users. + + I understand that ${5:$2} is likely not willing to disable + CloudFlare's DDoS mitigation services, but would you please consider + using the CAPTCHA-based approach so that all users---including those + that disable JavaScript for privacy, security, and ethical + considerations---have access to the articles and information that + $4 provides? Otherwise, some users may choose to access the web page + without Tor, potentially endangering their anonymity, or may choose to + accept non-free programs that could compromise their freedom and security. + + + [0]: https://support.cloudflare.com/hc/en-us/articles/203306930 + [1]: https://www.gnu.org/philosophy/javascript-trap.html + + + Please help us work our way back toward a Web that is free for everyone to + access with the software their choose and trust. + + Thank you for your consideration, +#+END_SRC