Hello Cloudflare – A public letter to Cloudflare to fix their snoopy vendor

75
Hello Cloudflare – A public letter to Cloudflare to fix their snoopy vendor

A public letter to CloudFlare to fix their snoopy vendor.

For the last few years, various websites hosted on GitHub Pages and fronted using CloudFlare have been blocked in India due to CloudFlare relying on a upstream network provider with a misconfigured network (Airtel). The network flow looks like this:

User->CloudFlare->Airtel->GitHub Pages

If a website is using “Flexible SSL” or “No SSL” as configured on CloudFlare, the connection between CloudFlare and GitHub isn’t encrypted, and Airtel blocks many such websites. Because CloudFlare terminates the TLS connection at their end, the browser shows a padlock, thus giving more authenticity to this incorrect block.

These are just a few of the many websites blocked. This disproportionately impacts the developer community, and especially older websites that had a reason to use CloudFlare on top of GitHub Pages – TLS support. Now that GitHub Pages natively offers SSL, most of these websites can directly be hosted on GitHub Pages.

Here’s a list of various such reports:

Several of these websites are critical to many developers, and none of these deserve to get blocked in India.

There’s lots more reports on Twitter.

If you got a report about your website being blocked in India, with a message that reads:

The website has been blocked as per order of Ministry of Electronics and Information Technology under IT Act, 2000.

Here’s what you can do:

  1. Switch from CloudFlare to direct GitHub Pages, which supports TLS now.
  2. Enable HTTPS on GitHub pages, and switch the upstream on CloudFlare to get strict SSL instead of flexible.

If you aren’t using CloudFlare, please open an issue.

Hey @CloudFlare, please take care of this. Indian developers have been blocked out various critical websites because your upstream vendor has a misconfiguration. This has been going on for years, with no action or update at your end.

Here’s a few simple requests:

  1. Get Airtel to fix the issue at their end.
  2. Switch to a different upstream if that doesn’t happen.
  3. Publish a transparency report acknowledging the issue and confirming how many websites were incorrectly blocked without a court-order.
  4. Notify Flexible SSL users that use GitHub Pages that their websites are getting blocked in India.

Flexible SSL is a decade-old product that has no place in the modern web. Users should get a big red warning when enabling such a product in today’s times with free SSL certificates.

If you’d like to support the fight to fix the state of internet censorship in India, and bring more transparency to how it works, please Donate to the Internet Freedom Foundation. You will need a valid Indian PAN Card.

Join the pack! Join 8000+ others registered users, and get chat, make groups, post updates and make friends around the world!
www.knowasiak.com/register/
Read More

Vanic
WRITTEN BY

Vanic

“Simplicity, patience, compassion.
These three are your greatest treasures.
Simple in actions and thoughts, you return to the source of being.
Patient with both friends and enemies,
you accord with the way things are.
Compassionate toward yourself,
you reconcile all beings in the world.”
― Lao Tzu, Tao Te Ching