Delivery-Date: Sat, 23 Apr 2016 18:21:45 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.7 required=5.0 tests=BAYES_00,FREEMAIL_FROM,
	FROM_LOCAL_NOVOWEL,RCVD_IN_DNSWL_MED,T_RP_MATCHES_RCVD autolearn=ham
	version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id E07FA1E04BF;
	Sat, 23 Apr 2016 18:21:43 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 507EB3A77A;
	Sat, 23 Apr 2016 22:21:36 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id D99673A734
 for <tor-talk@lists.torproject.org>; Sat, 23 Apr 2016 22:21:32 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 5pDS9FlArdf8 for <tor-talk@lists.torproject.org>;
 Sat, 23 Apr 2016 22:21:32 +0000 (UTC)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.15])
 (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id 68ACC3A6D9
 for <tor-talk@lists.torproject.org>; Sat, 23 Apr 2016 22:21:31 +0000 (UTC)
Received: from [192.168.2.62] ([99.190.181.188]) by mail.gmx.com (mrgmx003)
 with ESMTPSA (Nemesis) id 0Lg0wl-1bUUL51XY3-00pbdA for
 <tor-talk@lists.torproject.org>; Sun, 24 Apr 2016 00:21:28 +0200
To: tor-talk@lists.torproject.org
References: <1461417342.6149.17.camel@pentium.freedom.box>
 <571BC6FE.5080205@gmx.com> <1461441264.6149.45.camel@pentium.freedom.box>
From: Joe Btfsplk <joebtfsplk@gmx.com>
Message-ID: <571BF566.4010200@gmx.com>
Date: Sat, 23 Apr 2016 17:21:26 -0500
User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:38.0) Gecko/20100101
 Thunderbird/38.7.2
MIME-Version: 1.0
In-Reply-To: <1461441264.6149.45.camel@pentium.freedom.box>
X-Provags-ID: V03:K0:mQltljrY8Kk+M5eqEeiFhmTUgx/vHTmm2u2GWQqpKdKa3ar6nXC
 N1bT59A/oYIXjKk5L+OVqWhy38kJeCpYyKXq8Q17KLIVFdpT+yLGSbr1DNxiK70c78rocUm
 ziidGhbsLryoZEUDNWQqMKWVxz+T3LGwoNUs75U1xuh6PGlgwm4fWQ1k94/2qEv3QmJ2cO1
 E0lEaQ38dQHQ5E0F89dbA==
X-UI-Out-Filterresults: notjunk:1;V01:K0:WnO99j+4d8E=:2k+oiS+KDsg/lQ0d0I2dlG
 F4KIPl7K93MTnd4dBaB7EJ0374/MjnEb4CAupaTgFrKzrv7XRDEKcfp5ksrWpwMU4TCJDCCjw
 IQfddFa1GhfTVUeM9PJgnRBa0aP2/0WmqrWcskLGt9hOrHfN5oSsyxnzRKiAwbsjSTQ3/tn/b
 FU8Ak0ysrtyYjlBi7gI3mr20tmgk6A4BvtF2WQSBR0xdLsUMpFigIGG/wLkIPcxIvw+Z5qv/2
 BE1j4aMNUZsaFPGECn3qHvRwKhlixFThtw8zkWvlb8vHVA/86xd36WHyTbomyuDCaeYSmQ/qt
 ZivWeoMgeFIe07jRHCQfswEcn3uj7QXowTyfQoAxtPeo1ozgYz4nKu4AUZGj5D/pBaDlVKDu6
 VGvAdlQSbrsjiv4MfBMz3Tp9M2s+UlTxnk4xAFMn8bgQhaVuNsj1Bw1DbVb4cENOEk/ZGRHMP
 48qpk3obEuagD1+pbYQKYXvRAkVHnYxGtjVF9RZB5m1WWQ33WxYK3Tb5VCB6uC1K7VddFwfls
 LWUAoJvD9udJc6DK6Z8/Vu1rknUyNteV2l1/IRUFdskgOnBhXIS+/4idxOdr5jj61SNOYaqrw
 3OxwIMxom80mSQrBclf4zDo0vrhnTKXgHnbjw6M6lzMwlrPUzMA1HpeiFSQMM/PBPoM27rIix
 EYXnat/bVCYlkuuzb5PcbHNqIdsyMShaKxbG/GbZcBMpEoUQV9VfRYmRhXBT0M/pSrkCkkojO
 ug2oYEH8HuNvK3wNfgpAV3CWU4o/NAzHxpNLQ+ugrNgvsdBrJRoyYEZPHJ2JoUCAqg5crd2UA
 +72DE/O
Subject: Re: [tor-talk] 12.7 percent of the domains I visit are intercepted
 by CloudFlare
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On 4/23/2016 2:54 PM, Rob van der Hoeven wrote:
> On Sat, 2016-04-23 at 14:03 -0500, Joe Btfsplk wrote:
>> On 4/23/2016 8:15 AM, Rob van der Hoeven wrote:
>>> Hi,
>>>
>>> Today I got an idea of how to measure "The CloudFlare problem". It turns
>>> out that every time you visit a website that's behind CloudFlare a
>>> cookie is set with the name __cfduid
>>>
>>> If you use Firefox these cookies end up in a SQLite database which can
>>> be queried with the SQLite Manager add-on. My total number of cookies is
>>> 2523 (I disable third-party cookies by default). CloudFlare cookies:
>>> 321. So 321/2523 *100 = 12.7% of the domains I have visited are
>>> monitored by CloudFlare. Quite shocking I think.
>>>
>>> Rob.
>>> https://hoevenstein.nl
>>>    
>> Are you saying using TBB, cloudflare sets cookies withOUT either
>> checking "accept cookies from sites;"
>> or entering an exception for their domain in TBB's cookie exceptions;
>> or when in Options > Privacy - "Accept 3rd party cookies" = Never?
>>
> I am not using TBB. Sorry I was not clear about this. I use the normal
> Firefox, enhanced with NoScript, AddBlockPlus etc. I changed the privacy
> settings so that "Accept cookies from sites" is allowed, but "Accept
> third-party cookies" is set to "Never"
>
> Now the interesting (nasty) properties of CloudFlare cookies are:
>
> 1) They are not coming from the CloudFlare domain, but from the domain
> you are visiting. If you surf to abcdef.com and that site uses
> CloudFlare then the CloudFlare cookie is set for the abcdef.com domain.
> CloudFlare clearly is a third-party, but their cookies can not be
> disabled by refusing third-party cookies.
>
> 2) Many of *my* CloudFlare cookies have an expiration date of 23 dec
> 2019. These are clearly ment to be tracking cookies.
>
>
Technically, this isn't a Firefox discussion or support list, but...
My guess is it is set by abc.com, but the " name" of the cookie involves 
"cloudflare?"
What does it show under the "site" column - viewing the cookies? Does it 
show it came from Cloudflare site?
Post the name of site & cookie name.

You can check in about:config for pref: 
network.cookie.thirdparty.sessionOnly.  It should be set to False to 
reject 3rd party cookies.

On Disney.com, they set a cookie named 
"HumanClickSiteContainerID_88830415" but the SITE name shown for it is 
Disney.com.
It's true - there's always a 1st for everything.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

