Nearly every website today seems to be hosted behind Cloudflare which is really concerning for the future of privacy on the internet.

Cloudflare no doubt logs, stores, and correlates network telemetry that can be used for a wide array of deanonymization attacks. Not only that, but Cloudflare acts as a man-in-the-middle for all encrypted traffic which means that not even TLS will prevent Cloudflare from snooping on you. Their position across the internet also lends them the ability to conduct netflow and traffic correlation attacks.

Even my proposed solution to use as a proxy is not a valid solution since I found out today that is also hosted behind Cloudflare… edit: i was wrong

So what options do we even have? What privacy concerns did I miss, and are there any workaround solutions?

    How do I find out if a website I use is hosted over cloudflare? The noscipt javascript blocker extension shows in some cases I blocked some cloudflare javascript. For example on the instance it shows a script labeled that I block. That apparently provides visitor analytics

    According to them on insights:

    Our edge sees all requests made to a website, regardless of whether it’s cached or uncached, the user has adblock, or they turned off JavaScript. This enables us to […]

    On other sites it shows a “confirm you are human” check-box labeled with the cloudflare brand (if I activate javascript for that site) – according to cloudflare wikipedia that service is known as Cloudflare Turnstile. This is how I currently see if cloudflare is involved.

    Another interesting thing I noticed on stackoverflow is email protected which confirms to me stackexchange also uses cloudflare somehow.

    I guess you could detect a Reverse Proxy by cloudflare based on its IP-Adress ~ but I do not really know how to look that up perhaps the following stack overflow answer might help using the tools nslookup and whois… Any other hints on this?

    nslookup whois -h n <IP-Adress from prev command> | egrep 'Organization'