this is just globalist

master
Jeff Cliff 1 year ago
parent b89f36b73b
commit 8dab480aa6

21
FAQ

@ -1,21 +0,0 @@
Q) This is a text directory! There's no code here
A) actually this is officially a code directory. See [here](globalist.txt)
Q) It's inevitabble that Cloudflare is going to take over the web. We can't stop them. Small website providers
will be strongarmed into using them via DDOScoin[2] and that's that.
A) There is always hope in resistance. Resistance is fertile[1]. Even some of the darker outcomes
( unfriendly AI takeover, coopting of the www, NSA MiTMing everything) comes to be, the very act of resistance trains us
to continue to destabilize the dystopic status quo that results. Resist!
Q) I have an idea of a project of how to use this data!
A) Fantastic! But using the data on these lists is outside of the scope of
this repository. Tell us what you use this data for, and we will link to your
project!
Sources
[1] http://infoshop.org/AnarchistFAQSectionJ1
[2] https://www.usenix.org/system/files/conference/woot16/woot16-paper-wustrow.pdf

@ -1,23 +0,0 @@
# The Great Cloudwall
The Great Cloudwall is [CloudFlare](https://www.cloudflare.com). It is called this in reference to the [Great Firewall of China](http://www.greatfirewallofchina.org/) which does a comparable job of filtering out *some* people from seeing web content(ie everyone in mainland china and some people outside) while at the same time those not affected to see a dratically different web, a web free of censorship of such images as ["tank man"](https://en.wikipedia.org/wiki/Tank_Man). Cloudflare similarly prevents those in southeast asia and elsewhere who have poor internet connectivity from accessing the websites behind it(for example, they could be behind 7+ layers of NAT) unless they solve a CAPTCHA.
This repository is a list of websites that are behind The Great Cloudwall,
websites who human beings have tried to access and have been [either](merely-using-cloudflare.txt) [blocked](cloudflare-list.txt) [from](cloudflare-tor-hostile-list.txt) or [suspect they will be](cloudflare-tor-hostile-list.txt). Or [Cloudflare's competitors](non-cloudflare-list.txt).
There is more details of why what they are doing is wrong available [here](cloudflare-philosophy.txt).
See [FAQ](FAQ) for Frequently Asked Questions
# What can you do?
* see [list instructions](instructions)
* see [our list of recommended actions](what-to-do.txt).
There are [other](https://trac.torproject.org/projects/tor/wiki/org/doc/ListOfServicesBlockingTor) [lists](https://github.com/pirate/sites-using-cloudflare), but this one is one where every entry on the list a human being has actually tried
to go to, and has been blocked.
# Who uses this list?
At least one search engine / searx [instance](http://searxes.danwin1210.me/).

File diff suppressed because it is too large Load Diff

@ -1,213 +0,0 @@
= Productivity and safety through the CloudFlare!
= Torblocks Philosophy
1) Have fun!
2) What is the darknet if not the (parts of the?) net that doesn't like to be accessed? That would make Cloudflare (and its competitors with similar business practices) and all their customers (ie everyone on this list) part of the dark net.
3) Read these tickets
https://trac.torproject.org/projects/tor/ticket/18361
https://trac.torproject.org/projects/tor/ticket/24351
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=831835
one guy, marek apparently from Clownflare, utters unapologetic remarks that should come as no surprise.
"I will restrain myself and not comment on the political issues Jacob raised. I'll keep it technical."
hey, in times of mass surveillance, technology is political. money is political. therefore Clownflare's policy is political. so?
discussion is on. with "marek" and "jgrahamc" of Clownflare. last I looked they were unapologetic & attempting to snark Tor developers into building expensive client/Tor/TBB-side functionality to suit them. meanwhile stalling and offering minor workarounds (on the bright side, jgrahamc promised to make tor blocking optional for "free-" tier sites. (opt-out though)).
BTW someone quickly wrote a (unhelpful & biased & not in-depth researched, rather "he said this and then the other guy said that" style) article about the discussion on the ticket for "TheRegister", which at first I couldn't read because it was behind ... TADA: a clownflare CAPTCHAwall. Luckily there's archive.is and they don't block that.
There's also the rather amusing fact that Tor trac bugtracker also required CAPTCHAs (which was commented on several times) and the less amusing fact that these came from freakin' Google.
2.1) Lies, damn lies and statistics
especially if you make up the "ground truth" to suit your own smear campaign ...
https://blog.torproject.org/blog/trouble-cloudflare
Cloudflare is a wilfully malicious actor, there can be no more doubt.
2.2) Unamed's take on the situation:
Praise the awesome wisdom of blocking Tor access to websites!!!
There must be some advantage. Something? Anything? Some rational explanation?
Especially curious: why have so many hacking / OS / security / internet freedom themed websites chosen to go dark?
Is it selection bias because only nerds contribute to the lists?
Let's see. FNORD FNORD FNORD
Torblocks make awesome sense because (imagined conversation)
A: what is Tor anyway? some kind of a darknet?
B: no, it's not. it's an anonymity tool. actually there are parts of the net that have chosen to go dark. want a hint?
A: who uses Tor anyway? everyone knows it's only for freaks and criminals.
B: that's not true. normal people use it too. as a precaution, if nothing else.
A: but you don't need Tor. you can access our site over the clearnet like everybody else.
B: who are you to judge? the internet is a dangerous place. by the way, turns out I can't access it over the clearnet either.
A: you must be up to no good. I don't trust you.
B: actually, I just want to read / contribute / buy / whatever it is, but not in plain sight. in fact, I just lost interest in your site. none of your competitors feel the need to bully Tor users, so it can't be necessary.
hah, at the risk of going off topic but since we're hopefully all privacy-minded here: actually a similar argument is valid (in fact even stronger, since clownflare does offer some measurable protection) against the idiotic spread of gratuitous CCTV recording in modern cities. training optical bugs on one's customers or passengers offers little objective protection for anyone. the main effect is to alienate privacy-minded people, degrade quality of life, offer a false sense of security to gullible people and the illusion of protection for the owner. as businesses that don't do it do just fine (and it presumably doesn't lower insurance fees), it can't be really necessary.
A.1 sometimes there are necessary websites for some degree of necessary. Government websites, public service, etc. How long until those are behind the great cloudwall ?
B: Not long. Our service is competitive and convenient. If public service websites choose to use our service for awesome DDos protection, it's their choice.
A Don't you know it's inevitable that everything is going to be behind the great cloudwall? Might as well get it over with.
B: Just wait until Microsoft takes up the challenge & enters the market. Then at least we can be SURE our data ends up with the NSA, where it belongs. How else can we expect them to know who to drone?
A: it is well known that no one with intent to cause damage, post spam or abuse can circumvent a tor block!1!!
B: actually, that's completely wrong. you'll end up inconveniencing good people too and nurturing a false sense of security.
B1: good thing no one on the clearnet ever posts abusive content, and everyone plays nice together in perfect harmony outside of the tor network
A: so what? if we can't sell your soul to ad networks, we don't want you as a customer. google would be cross and we'd lose revenue that we like to make on our visitor's backs!
B: that's more like it. but are you sure it makes that much of a difference?
A: traffic that would otherwise be used to serve a few pages over Tor can now be allocated to updating blocklists and serving cute error messages instead!!!!!
B: that must be it.
A: outsourcing this to a third party blocklist supplier (or a man in the middle such as clownflare) has the added benefit of centralizing web blocking decisions. surely that's a good thing.
B: You're welcome to check our transparency report: before that vanished behind a CAPTCHAwall, the number of NSLs served by US KGB used to be something between 0 and 249. Cloudflare, no stranger to unwitting irony, has decided to hide its transparency report behind a damp cloudy opaque CAPTCHA fogwall so who knows?
A: is your website just for you or for more people?
B: works for me
You see, it all makes sense.
Imagined conversation with clownflare management. Dunno if it's entirely fair: there seem to be some genuinely Tor-friendly tech people on their payroll. Anyway, it reflects my perception of clownflare management not giving a shit (the problem started appearing in 2014). So sue me, corporate dinosaurs.
A: Care to comment on this Tor captcha business?
C: We're committed to providing best possible service for our customers.
A: You call that service, breaking half the web?
C: It ain't broken, it's a feature. By the way, paying customers (not the ones we lure with so-called free plans, in the Sillycon-Valley meaning of that word) can turn it off.
A: Your captcha's don't even work.
C: Yes, they do.
A: Let's agree to disagree on that one. At least it's a nice reminder of your man in the middle position. Otherwise we might forget that a sizeable fraction of TLS connection terminate at your place.
C: Tough. We have to do it, though, because of DDOS.
A: Yeah, right. You can handle shitloads of traffic, but have to fuck with Tor, which represents a tiny fraction of all the packets that arrive?
C: Clownflare is committed to a free and open internet. And we're so big, we can just sit it out. We're a wannabe Sillycon Valley giant. You are just fly shit to us. By the way, we foster research on internet freedom. And it's not Clownflare, it's "Cloud"flare. as in "Clouded judgment".
A: I can see we're getting somewhere.
point being that they cannot get away with claiming lack of awareness. this is deliberate or so boneheaded as to be indistinguishable from deliberate action. of course they know. they have people well up the hierarchy who know. not fixing this was/is a decision that was made by people inside this corporation.
B: Has anyone ever successfully DDOS'd anything from within tor? outside of hidden services maybe how much unused bandwidth do exit nodes even have? Clearnet botnets have way more bandwidth and if the threat model is DDOS we should be calling them out on
tor loud and clear.
The ticket on Tor trac offers some insight. It seems to be about forum spam (the "threat scores" originate with "Project Honey Pot", which labors under the drastic oversimplifying assumption that maintaining long term IP based address scores is somehow a sensible approach - invalidated by communal exit nodes of all stripes and colors and even carrier-grade NATs, as people have pointed out) port scans (how the hell is that abuse? run a public server and expect a "safe space" no matter how bad your security? seriously it's hard to understand why someone who needs to be protected from port scans wants to run their own domain on their own fucking servers. there's lots of hosters that will expertly & gladly solve these problems in-house), SQL injections (again, responsiblity of the guys who made the website!!!) and so on.
3) The wikimedia way
Even as a registered user in good standing, exemption from the Tor block has to be requested through a bureaucratic process (even though Wikipedia is "not a bureaucracy") and will be granted under exceptional circumstances only. I completely fail to see the rationale. this is probably an artefact of the blocking system they use to bar anonymous vandals from editing Wikipedia, viz. the unblocking process might be messy to perform, behind the scenes, I don't know. The upshoot for me as a user is that they regard Tor use as "exceptional" and not a normal thing. The result is that errors I notice on Wikipedia pages while using TBB go uncorrected. They even block paid vpn servers as "open proxies". Seems like they just do not want help. Because in times of NSA they should expect that clever people hide from spying. Precisely. It's a crying shame, though. Maybe the wikipedia of the future will use gnunet-git/freenet/i2p-lafs based backend. I will never donate to wikimedia again unless they come up with a concept for letting users contribute over Tor and other banned proxy networks (not "exceptionally", but casually) OR hell freezes over. Until then, I don't feel they deserve the money. Dear Jimmy, figure this one out first. There's gotta be a good way. This isn't "security". WORST OF ALL, It doesn't even stop rotten people from manipulating Wikipedia. It's not helpful. OK?
Has anyone seen the greenstadt(?) talk on the value of anonymous contributions yet?
4) Unfortunately the CAPTCHA they use is [NSA/](https://www.facebookcorewwwi.onion/jeff.cliff/posts/10154477661637909)Google's. This poses multiple problems.
For starters, this CAPTCHA does not always work(especially for those with accessability issues), and when it doesn't work there is viritually no way for them to complain.
5) The CAPTCHA's support of languages is very limited, which makes it impossible for those who do not speak whatever default language to access to the content they are looking for. It's also troublesome to the survival of languages worldwide.
6) clownflare vs. non clownflare (homespun or other 3rd party blocklists e.g. against forum spam which overblock tor)
"Overall there seem to be far fewer sites that impede (reading, not posting!) access via Tor without Cloudflare than with Cloudflare. It is of course still a deeply flawed and misguided (and clueless, as the stupid little messages about "security reasons" or "viruses" (how cute ...) etc. show) policy, but unlike Cloudflare which has its tendrils everywhere and MITMs large swathes of the web for the NSA, small-scale blocking alone probably wouldn't drive a lot of would-be casual Tor users back into the arms of mass surveillance. Nevertheless it's annoying and site owners should rethink their approach."
6.1) at least we have technical people marginally friendly to tor within cloudfare...whatever company inevitably buys out/replaces cloudfare we're going to be in rougher shape. What can we do now to save pain later?
change the architecture of the web ...
7) it's censorship and sabotage, plain and simple
(from cloudflare-tor discussion at bottom of pad: once I wrote "Q: Tor blocks amount to (collateral, in -hopefully- rare cases deliberate) censorship (corporate censorship in the Cloudflare case) against users of a network which is amongst other things a censorship circumvention tool. How twisted is that!? I think I'll set up another etherpad for anti-Cloudflare rants (or open pro- contra- debates and fact checking on the role of Cloudflare and their ilk regarding monopolies, surveillance, analytics, censorship, data ownership (just take a passing look at their official policy, you'll see what I mean) and so on) so we can keep this one neutral ... I'm really angry.". now, wanting to substantiate that with an excerpt of their data use terms, was denied request for https://www.cloudflare.com/terms/ . essentially making my other point on my behalf. stupid, stupid corporate dinosaur ...).
nevertheless, the cloudflare captcha walls serve as a nice reminder of their MitM position. if a corporation gets the power to sabotage a sizeable fraction of the web, that's not good.
7.1) Thinking more about jgrahamc's "We have a simple need: our customers pay us to protect their web sites from DoS" -- which we may as well accept as true, since in practice that is what happens. Given that, and that DDOS is speech[6][7] it's pretty clear that they are a censorship vendor at least on that level. Their customers are paying them to "protect" them from their customer's speech. We can call a spade a spade.
Might even call it a sustained DDOS attack on readers, ironically. Distributed? Check. Denial of service? Check.
8) Also its a bit rich to have to prove to robots that we're "not robots". Humans should make machines work, not vice versa.
fits amazon's actual business model perfectly
* Also robots take the test whether we want to or not. As pointed out in the original thread, User agents end up taking the test for us anyway. There is no situation where a human is taking the test that Cloudfare actually cares about, it's turtles all the way down
if I wanted to run a SPAM outfit, I'd find a way to pay humans to do the captchas if OCR can't solve them with enough success chance - I hear this is commonly done. millions and millions of people accept such jobs for want of better alternatives - or build a piece of malware or web trickery to re-route captchas. there goes their main argument.
9) This CAPTCHA trains Google's AI, effectively forcing human beings to train an AI. That AI was is owned by a company that in the past made robots that are designed to kill people(ie Boston Dynamics was purchased by Google, and that is their intent, however Google sold Boston Dynamics in 2017). Even though Google may or may not make Asimov-incompatible[2] robots post 2017, Google still can be counted on to be a poor candidate for friendly AI[3]
Unfriendly AI[4] is an existential risk[5] to mankind and these CAPTCHAs are making it *more* likely that this risk will actually come to be by training.
The data kraken stops at nothing to collect ever more input to fuel and hone its dangerous fake "artificial intelligence".
It is gobbling up our future byte for byte (while claiming to be doing it because it knows best (TM) what's good for everyone). That's a moral yes.
I don't think that the artificial intelligence need stay fake, if it still even is.
This is training unfriendly AI, byte by byte Either way, it's extracting labor from humans. One should avoid feeding the data monster[1].
Better still: avoid feeding it *correct* data.
Google could yet be made to choke on its own omnivorous virulent data voracity.
10)
TIP: to access sites that block tor completely, try using a web archiving service like https://archive.org/web/ (awesome and reliable, but honors robots.txt) or https://archive.is/ (relatively new, run by someone anonymous, does NOT honor robots.txt so it will work with more sites) Nice ... they are officially a museum and thus exempt from some copyright restrictions. Bwahaha ... What also works is startpage.com / ixquick.com "open via proxy" function for a great many pages, for reading it is great but external links get broken and posting is out of question. Or use Tor -> VPN or Tor -> open proxy if the need arises to truly Access a website.
Workaround for the impatient Instead of looking at archived website versions use ixquick.com / startpage.com: They offer a proxy service for search results, apparently returning 403 for some websites. some websites return 403 to them, which is to be expected.
TIP2: Use another proxy between tor and reluctant websites. Usable proxies include https://proxy-nl.hide.me/ and https://www.vpnbook.com/webproxy. thx
11) What can a website do to become more tor friendly user friendly, really?
a) lift the stupid block
b) set up an onion
http://j7652k4sod2azfu6.onion/p/leurity, but it's conflating securty and protectionism. It is, in point of fact, neither. It's prevention of access by the unwashed masses, thus it is the elitism that only the middle class can hope for -- that which is not elite but bears its veneer. That veneer of the gated community. It is as protected as it is grey and faceless. The cookie cutter designs of the securitized state of exception we're all being tossed into.
c) at least be honest and change the HTTP code to 451 or 406 "Not Acceptable" coz that's what tor blocks are ...
12) We want to implement CloudFlare real security, ie one that is not based on a IP-filter
This might be impossible, since Cloudflare itself is the security hole.
Trusted Third Parties are Security Holes[8].
13) Accessibility!
https://toot.cafe/@peter/99398584471715976
14) Cloudflare's reasons for taking websites down so far
http://pleroma.oniichanylo2tsi4.onion/notice/1563
15) Cloudflare is cooperating with the RIAA to silence people the RIAA doesn't like.
https://torrentfreak.com/cloudflare-and-riaa-agree-on-tailored-site-blocking-process-180501/
If they'll do it for the RIAA they'll do it for the MPAA/IFPI/ICE/IIPA/ACE/...
16) Followup / Further research:
See also
https://trac.torproject.org/projects/tor/wiki/org/doc/ListOfServicesBlockingTor
(the purpose of this pad is to provide a more dynamic list)
Tor ticket on broader issues (found it convenient):
https://trac.torproject.org/projects/tor/ticket/18361
It is likely that many of the civil society organizations listed on this page
as the CloudFlare "partners with reference to" use CloudFlare.
https://www.cloudflare.com/galileo/
( https://archive.is/hoLuI )
Cloudflare support pages on the topic:
https://support.cloudflare.com/hc/en-us/articles/200170096-How-do-I-turn-the-CloudFlare-captcha-challenge-page-off-
https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor- the C isne
https://support.cloudflare.com/hc/en-us/articles/200170056-What-is-CloudFlare-s-Ba bysic-Security-Level-
https://support.cloudflare.com/hc/en-us/articles/200170116-What-do-the-Threat-Scores-mean-
17) Sources
[1] http://themusicgod1.deviantart.com/art/the-great-cloudwall-1-595382698
[2] http://www.youtube.com/watch?v=r3yIarp3J2o
[3] https://when.google.met.wikileaks.org/
[4] https://wiki.lesswrong.com/wiki/Unfriendly_artificial_intelligence
[5] https://www.visionofearth.org/future-of-humanity/existential-risks/what-is-an-existential-risk/
[6] http://www.theguardian.com/commentisfree/2013/jan/22/paypal-wikileaks-protesters-ddos-free-speech
[7] https://twitter.com/haq4good/status/703315998523396096
[8] http://nakamotoinstitute.org/trusted-third-parties/

@ -1,8 +0,0 @@
blogs.com <- it does not seem to use the tool blacklist the cloudflare, - no more catpcha, no way to get access to the web - site "the owner of this website (blogs.com) did not forbid a country or region, your ip - address is in ( tor) from access to this site. "
crowdsupply.com
donaldjtrump.com
fbi.gov <- check the source for cloudflare js and rays id
gnuradio.org [flossp] <= mention (the cloudflare implemented) tor's ban on #gnuradio irc / freenode, get kicked out of the channel (the guy in charge of the radio wildebeest former military - the navy, because neoconservatism is not surprising), note that gnuradio was invited fosdem 2017. imo it's a bad idea for fosdem organizers invite tor-hostile projects, because it presents itself as open to all, and not any - the exclusive corporate fenced garden. please complain at fosdem reps on this occasion .. might ppl must send conduct@fosdem.org. in principle, it would be good to have an anti-gnuradio demonstration at fosdem, but i know that the team is not organized against cloudflare enough to pull it off.
humanservices.gov.au
lowendbox.com
medicare.gov.au

@ -1,2 +0,0 @@
qubes-os.org

@ -1,20 +0,0 @@
= Project History
This project was started by Shiro ( @shiromarieke@birdsite ) CryptoParty Berlin ( @cryptopartybln@birdsite ). Shiro handed over support to the greater internet in summer 2016.
It was a text list on okfn.org text pad: ( https://pad.okfn.org/p/cloudflare-tor / https://pad.okfn.org/p/noncloudflare-torblocks )
However it was pointed out that this website itself was on cloudflare, and cloudflare broke tor users access to it.
So it was moved to systemli.org : ( https://pad.systemli.org/p/noncloudflare-torblocks )
and an onion service ( HTTP://j7652k4sod2azfu6.onion/p/noncloudflare-torblocks / http://j7652k4sod2azfu6.onion/p/cloudflare-tor / http://j7652k4sod2azfu6.onion/p/cloudflare-philosophy )
These systemli pads needed to be updated once in every while (week? month?) or the whole list was scrubbed.
This happened a few times, and there were some attempts at vandalism up to and including june 2016
A fork was made during a multi-day outage at http://git.vola7ileiax4ueow.onion/fuckcloudflare/cloudflare-tor/ (new, not GitHub repo)
However vola7ileiax4ueow's git service went down, so it was moved to github
There used to also be a list of websites that *were* on cloudflare but are no longer. This list has been lost
( it was on https://pad.systemli.org/p/ex-cloudflare-tor )

@ -1,75 +0,0 @@
= Instructions
If you go to a website that gives you a reCAPTCHA
1) check if the blocked page says "one more step" as the title, and has something like
"Ray ID CloudFlare: 299472c7c9783c1d • Your IP: 178.20.55.16 • Performance & Safety by CloudFlare "
at the bottom of the page.
If it does, add to cloudflare-list.txt
(See #6 for format)
2) Some sites use custom page CloudFlare unit.
The only way to detect it is to find CloudFlare JavaScript, or Ray ID as a CAPTCHA in its source code.
3) Some websites use other companies with the CloudFlare business model
add them to non-cloudflare-list.txt ( formerly TorBlocker Hall of Shame Part I)
This is a collection of websites that ban Tor exits, other than through Cloudflare (e.g. showing access denied pages, systematic timing out connections, ...).
(See #6 for format)
4) Find a website that has been removed from Cloudflare(possibly due to our
protest?) Remove it from the list it is on and add it to ex-cloudflare-tor.txt
However! Please sample different exits before doing this. It might have
merely whitelisted a single exit node. ( It is slightly more difficult to
control which exit you use - if there are tickets in bug trackers to
enable making this easier please mention them here )
(See #6 for format)
5) Find a website that outright blocks tor users and is confirmed Cloudflare?
Add to cloudflare-tor-hostile-list.txt
(See #6 for format)
6) List format:
(A domain should only ever be on one of the lists on this project. If you find
it on two, please help keep list accurate by removing it from one of the two
lists.)
domain . The TLD [<- elegant comment (s) ] [ tags ]
Tags:
( helpful to group sites, if we assume that this project is aimed to the black list to make any actions that get results.
For example, free software projects w / ClownFucked web pages can be viewed similarly by "anti-function" tags on various free software directories )
* NEEDSREVIEWp = someone should review the comments/go to this website and report back to us
* FLOSSp = free libre software project with open source
* CFA(action) = action is one of "boycott", "discouragedonations", "petition", "legalaction" followed by a URL if possible
* INSTANTp = service denial is instant/deferred
* DOSBASIS(basis) = basis is one of "anonymous", "IPregion", "datacenterIP", "residentialIP", "anonymoustor", "anonymousi2p", "anonymousvpn"
* CAPTCHAp = has CAPTCHA
* COMMERCIALp(type) = type is one of "true", "false"

@ -1,262 +0,0 @@
Freenode IRC servers (all exits, can result in auto kline)
4chan.org (reCAPTCHA)
abebooks.com (403)
aboutdebian.com (Access denied. Your IP address [185.62.188.14] is blacklisted. If you feel this is in error please contact your hosting providers abuse department.)
adidas.de (Access Denied You don't have permission to access "http://www.adidas.de/" on this server.) / 2016-04-29
Akamai's "An error occurred while processing your request. Reference #97.654e1502.1463601822.94b341" is that Tor specific?
adsabs.harvard.edu (We are sorry to inform you that your access to the ADS services has been denied.)
aidspolicyproject.org (some IPs)
airbnb.com - cannot search, gives 504 error
altcoins.com
amazon.com ("Sorry, we just need to make sure you're not a robot" - easy CAPTCHA, but doesn't work without js) (Service Unavailable - Oops! - http 500)
anarchism.pageabode.com
angel.co (Blank page, won't load anything)
ansible.com (Access denied. You don't have permission ...)
apa.org ("Access to Website Blocked") 2016/07/31 still blocked
apartments.com ("Access Denied")
apps.fcc.gov ("Security Violation INCIDENT ID:()")
army.mil
astrolog.org (The requested URL was rejected. If you think this is an error, please contact the webmaster. Your support ID is: [..])
asos.com (Access Denied. You don't have permission....)
austlii.edu.au
axs.com ("Pardon Our Interruption...As you were browsing, something about your browser made us think you were a bot. There are a few reasons this might happen: ")
bayesian.org ("greylisted", block gets lifted after form sep 24 )
bestbuy.com (Access Denied You don't have permission to access "http://www.bestbuy.com/" on this server. Reference #...)
bet.com ("Access Denied You don't have permission to access ..."
bitbean.org ("Proxy access not allowed")
bitstamp.net (Error code 15)
bitvps.com (403 Forbidden)
blender.org (times out)
bloglovin.com ("One more step")
bloomberg.com ("Terms of Service Violation")
bodhizazen.net (very enlightened policy ...)
forums.bunsenlabs.org
captaintrain.com (403 Forbidden)
cessfull.com (reCAPTCHA)
chronicle.com ("Pardon Our Interruption... As you were browsing www.chronicle.com something about your browser made us think you were a bot. There are a few reasons this might happen:...")
civicrm.org ("Your IP address (46.183.221.231) has been identified as a possible source of suspicious, robotic traffic and has been greylisted by Project Honeypot. If you are an actual human visitor who can read simple instructions, you may try getting whitelisted on https://civicrm.org/httpbl/whitelist. Should you have any further problems, please contact us at info@civicrm.org)
clonezilla.org/ (Access denied. Your IP address [185.62.188.14] is blacklisted. If you feel this is in error please contact your hosting providers abuse department.) Not all exits are blocked.
cmc-math.org
codecogs.com ("... This is because your IP address is listed as a source of suspicious behaviour. ...")
codeexperts.com ("if you feel this is in error ...")
coinatmradar.com ("This request has been denied for security reasons. If you believe this was in error, please contact support.")
cryptocurrencytalk.com ("SpamFireWall is activated for your IP")
cycleworld.com ( "You are receiving this error message because your ip (212.117.180.21) is listed in the StopForumSpam.com database" / 2016-08-15)
www.geocaching.com ( Works fine for viewing the main site, but if you try to log a cache: "403.6 - Forbidden IP address of the client has been rejected.")
geohot.com ("Access denied. Your IP address [77.247.181.162] is blacklisted. If you feel this is in error please contact your hosting providers abuse department.")
cordless-phone-update.com (Access denied. Your IP address [171.25.193.131] is blacklisted. If you feel this is in error please contact your hosting providers abuse department.)
coverhunt.com
craigslist.ca ("This IP has been automatically blocked")
creativebeacon.com ("if you feel this is in error ... ")
crunchbase.com ("Access to Website Blocked") << crunchbase uses http://www.distilnetworks.com/ to block tor >>
cubawiki.com.ar Access denied. Your IP address is blacklisted. If you feel this is in error please contact your hosting provider's abuse department.
croplife.ca (on POST- "Access denied. Your IP address is blacklisted. If you feel this is in error please contact your hosting provider's abuse department.")
davidmburke.com
delivery.acm.org (Who cares. Just treat their URLs as resource identifiers to be used with SCIHUB. Serves them right for defining Privatizing as Publishing and Ignorance as Strength ...)
dl.acm.org
demorgen.be (Access denied. You don't have permission ...)
digicert.com (Connection timeout. I'm running a non-exit relay)
digitalenvelopes.email <- sites promoter denies being tor-hostile in emaildiscussions.com <- don't call people tor-hostile - explain why they shouldn't block tor :)
www.distilnetworks.com (which of course is also available). This "bot detection" equipment. Page Block says that "anomaly detected" and asks for the name and email address / distorted. "The anomaly is detected." Brave New World . made inaccesible by indigogo?
districtsentinel.com ("Access denied. Your IP address [37.130.227.133] is blacklisted. If you feel this is in error please contact your hosting providers abuse department.")
docs.google.com "We're sorry..... but your computer or network may be sending automated queries. To protect our users, we can't process your request right now."
docsis.org
donmontalvo.com (Access denied. Your IP address [...] is blacklisted. If you feel this is in error please contact your hosting providers abuse department.)
discussions.apple.com (most exit nodes)
support.apple.com (Access Denied - You don't have permission to access "http://support.apple.com/" on this server.)
dluat.com ("You don't have permission to access /on this server. Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.")
drbl.org/ (Access denied. Your IP address [5.9.36.66] is blacklisted. If you feel this is in error please contact your hosting providers abuse department.)
dslreports.com
element14.com
foro.elhacker.net (reCAPTCHA)
ello.co ("Your recent actions have triggered our force field to protect Ello from online attacks. ")
entomologicalphilosopher.com ( Access denied. Your IP address [35.0.127.52] is blacklisted. )
emeraldinsight.com ( The IP address of 5.135.158.101 has not been recognised to access this page.)
ericerfanian.com
ethicalhacking.com
europa.eu ("HTTP status code: 403")
expedia.de ("Access Denied") (probably some nodes only)
expedia.com ("access denied")
expedia.fr ("You don't have permission to access ..." 2017-03-17)
experts-exchange.com
expo2015.org (403, text about "security rules") <-- wow, accessible from all? exits as of 2016/01/25!!!
ezinearticles.com ("It appears that you are using Tor anonymizing software. No problem! We just need you to enter a Captcha so we can confirm that you're not a person and not a bot") (need to enable javascript or captcha won't work)
fahrkarten.bahn.de (connection interrupted) <-- was glauben die bringt denen das? ist das die neue service-offensive?
fbi.gov (This site has determined a security issue with your request.)
ff3dp.com (Access denied. Your IP address [94.242.228.187] is blacklisted. If you feel this is in error please contact your hosting providers abuse department.)
firefoxfacts.com ("security reasons")
flif.info (Access denied. Your IP address [192.42.116.16] is blacklisted. If you feel this is in error please contact your hosting providers abuse department.)
forums.freebsd.org/ (Almost all exit nodes, main page is available, but reading a thread results in 403.)
forum.pfsense.org/ (Almost all exit nodes, main page is available, but reading a thread results in 403.) Example: forum.pfsense.org/index.php?topic=99128.0
forums.whirlpool.net.au/ (Access to whirlpool.net.au from this location has been restricted due to suspicious activity)defectivebydesign.org
foxnews.com (blocks all exits, as well as archive.is. you can use archive.org/web/ to take a snapshot if you really want to read foxnews )
cc.gatech.edu (timeout. baseline?)
gchq.gov.uk (timeout)
geizhals.at ("Sorry - 429 Too Fast, you are temporarily banned An automated system has detected atypical patterns in traffic originating from from you or the network you are using. To be able to provide our service to all users, your access will be temporarily denied." / 2017-04-15)
gemal.dk ("Access denied. Your IP address is blacklisted. If you feel this is in error please contact your hosting provider's abuse department.")
godlikeproductions.com ("your ip address is banned from this website")
google.com (some exits sometimes, sometimes with solvable captchas, sometimes with unsolvable captchas) <= also more disclosure required for signups (e.g. mobile number submission cannot be skipped)
images.google.com (when doing a reverse image search)
gutenberg.org ("Error 403 ... Don't use anonymizers, open proxies, VPNs, or TOR to access Project Gutenberg") loop this insane, wilful stupidity goes on 2016/06. I can only imagine good old Gutenberg rotating in his grave
hackedbellini.org
harbin.org ("blacklisted" sep 24)
adsabs.harvard.edu (project Honeytrap)
hot-topic.co.nz (403 on tor "You do not have permission to access this server. Before trying again, run anti-virus and anti-spyware software and remove any viruses and spyware from your computer." 2015-09-15)
hotel.de ("You don't have permission to access "http://www.hotel.de/" on this server." / 2017-04-07)
hrs.de (You don't have permission to access "http://www.hrs.de/" on this server. / 2016-08-11)
hubpages.com/ ("403 Forbidden" / 2015-09-10)
ietf.org/ (Error 1006 Ray ID: 2323edfb980c23d2 • 2015-10-08 18:32:38 UTCAccess denied \r What happened? The owner of this website (www.ietf.org) has banned your IP address (209.66.119.150).) (This IS cloudflare, but not the usual CAPTCHA wielding block. seems to work as of 10/23) still happens as of 2016/02/24 from 158.130.0.242 in this instance
indiatimes.com ("Access Denied")
ioerror.us
informationclearinghouse.info
interactivebrokers.com <= directly and deliberately blocks tor (and apparently anything that looks like an anonymizer)
imgur.com/memegen (uploading from tor disabled)
www.indiegogo.com
internetslang.com/ (some exits only)
ioerror.us/bb2-support-key?key=6da3-ea02-2b02-1b1f
ipetitions.com (Forbidden You don't have permission to access /on this server.)
islam-universe.com (Access denied. Your IP address is blacklisted. If you feel this is in error please contact your hosting provider's abuse department.)
iswwwup.com
keyweb.de <- noticed this as a customer. complained to support because they host some of my Tor nodes and suddenly, the FAQ was inaccessible ... and this sends a very mixed signal. they failed to understand that Tor blocks are Not Done & unprofessional but reassured me that the other services are unaffected.
killswitch.pk (this one is about internet censorship ...)
knotplot.com ("[...] is blacklisted. If you feel this is in error [...]")
koelnspd.de (timeout)
lastword.at ("403 Forbidden" / 2015-12-29)
leblogdebetty.com/
lenovo.com (Dell it is, then ...)
libertygb.org.uk (Access denied. Your IP address [xxx.yyy.zzz.xxx] is blacklisted. If you feel this is in error please contact your hosting providers abuse department.)
online.liebertpub.com (client IP is blocked because: This IP was identified as infiltrated and is being used by sci-hub as a proxy. Blocked IPs: 077.247.181.165 - 077.247.181.165 --- good luck trying to contact them, the CAPTCHA on their 'contact us' form is impossible)
forums.linuxmint.com (You have been permanently banned from this board. Please contact the Board Administrator for more information. A ban has been issued on your IP address.)
linuxquestions.org (some exits all, in my experience. following the "you can use this key to fix the problem yourself" http://ioerror.us/bb2-support-key?key=... 2016/09/03 unblocked link gets you to "ioerror.us", which otherwise serves the same "Technical Support, you can use this key to fix the problem yourself" shit. according to the "you can use ..." page, blacklisting is from "Project Honey Pot", whatever that is supposed to be. one more link shows that their justification for the block is forum-spam that originated from the exit.)
--Project Honey Pot is a CloudFlare, crowdsourced list of IP addresses that contribute problematic traffic.
livejournal.com (only sometimes: "Access Denied Either you are trying to access a page you do no not have permission to view or your ip address is banned.")
loebner.net some exits ("if you feel this in error")
loophole-berlin.com
looselipsmag.com ("Access denied. Your IP address is blacklisted. If you feel this is in error please contact your hosting provider's abuse department.")
louis.de ("You don't have permission to access "(...)louis.de/" on this server." / 2015-09-09)
lovehoney.co.uk
lowtechmagazine.com ("404 page not found" / 2016-05-19)
lufthansa.com ("Access Denied") <-- great if you need to confirm a flight online and have only tails. fuck that
mafgani.net (IP blacklisted)
manta.com (Access To Website Blocked)
meaningness.com ("You have been blocked from accessing this page, because you previously did something that looked evil, or maybe what you are doing now looks evil")
midtnmusic.com ("Access denied. Your IP address [109.201.133.100] is blacklisted. If you feel this is in error please contact your hosting providers abuse department")
mixcloud.com ("Please complete the security check to access mixcloud.com. There was an issue communicating with the captcha provider. More information may be available below.")
moodle.org (ReCaptcha)
mottweilerstudio.com ("Access denied. Your IP address [....] is blacklisted. If you feel..." / 2016-01-15)
motorcyclecruiser.com ( "You are receiving this error message because your ip (212.117.180.21) is listed in the StopForumSpam.com database" / 2016-08-15)
nakedcapitalism.com
nbnco.com.au (Infinite Redirect)
content.nejm.org - Your IP (185.038.014.215) is blocked.
nepalmonitor.org (timeout)
netbank.com.au
networktools.nl (You don't have permission to access (...) on this server because you are currently blacklisted by a DNSBL server at: sbl-xbl.spamhaus.org)
newark.com (Access Denied You don't have permission to access ...)
newgrounds.com ("Security Validation - Completing this captcha proves you are a human and helps keepNewgrounds free of spam and abuse!")
njea.org
novaecomic.com ("Access denied. Your IP address [185.220.101.30] is blacklisted. If you feel this is in error please contact your hosting providers abuse department.")
www.ncbi.nlm.nih.gov ("Your access to PubMed Central has been blocked because your Internet connection (IP address) was used to download content in bulk, in violation of the terms of the PMC Copyright Notice.")
no2nsa.x10.bz (http-code 403)
nsa.gov (timeout)
nuggetwheat.org
nytimes.com (times out -201601: The requested URL "/", is invalid.)
oftc.net (IRC Access via TOR is not allowed)
olympic.org ("Access Denied ...Reference #18.14f50717.1453660368.134e271e")
opanal.org ("Acceso denegado. Su dirección IP está listada en una blacklist.")
openstudy.com Your IP address appears to have been banned by one of the moderators due to usage policy violation
orbitz.com
peacock-panache.com ( "if you feel this is in error..." )
planetary.org ("Not Implemented Tor IP not allowed" (well fuck you ...))
phdcomics.com ("The requested URL was rejected." Hosted through carrierzone.com)
poleconanalysis.org
popsci.com (ip listed in the StopForumSpam.com database) 2016-10-28 block still active
Porsche Com ("You don't have permission to access "(...)porsche.com/" on this server." | (...)porsche.de redirects to porsche.com/germany) / 2015-09-09) works 2016/03 Nope. Still blocked 2016-04-03 -10-28
preposterousuniverse.com ("Access denied. Your IP address [217.182.168.178] is blacklisted.")
producthandling.com
qantas.com.au still blocked 2016-10-28
republicbuzz.com (" 403 forbidden - WHAT? Why am I seeing this? Your access to this site was blocked by Wordfence ")
rightswatch.ca ("Access denied. Your IP address is blacklisted. If you feel this is in error please contact your hosting provider's abuse department.")
rijksoverheid.nl (403 Forbidden. But not on all exit nodes.)
rockabilly-radio.net ("Access denied. Your IP address is blacklisted. If you feel this is in error please contact your hosting provider's abuse department."; some exits, streaming OK though / 2016-11-26)
sabaheats.com
safeco.com ("We're sorry, we cannot service your request at this time. If you feel this is an error, call 800...") <= assholes keep it vague, waste our time. Note it's an insurance company, thus interested in keeping track of where you are so they can increase rates when you move to a region w/higher premiums.
samsung.com ("Access denied. You don't have permission to access "http://www.samsung.com/"" / 2016-10-20)
sciencedirect.com ("A problem was encountered providing the content you requested Reference Number: 18.1c367a5c.1489330818.2078284")
scottaaronson.com ("Access denied. Your IP address [85.24.215.117] is blacklisted.")
sensis.com.au ("We have detected unusual traffic activity originating from your IP address." with Google ReCAPTCHA version 1)
sethbaum.com ("Access denied. Your IP address is blacklisted. If you feel this is in error please contact your hosting provider's abuse department.")
shuttleworthfoundation.org (75% of the time outright blocks any access)
sinfest.net ("The requested URL was rejected." Hosted through carrierzone.com)
singpolyma.net ("Error 403")
slashdot.org ("banned")
sncb.be (timeout) <= Belgian rail system recently started blocking Tor in the most hostile manner possible. They make no statement and just drop packets, leaving tor users to wait forever until they give up. <rant>great. so in the brave new world "public utilities" now start to silently and as a matter of course discriminate against privacy conscious users on the net. Deutsche Bahn interrupts connection once you go to the ticket reservation page - the love story between railways and surveillance runs deep: the data collection and most of all the execrable CCTV infestation, even inside new trains. all of this would make a great headline: privacy gets thrown under the train as formerly free societies submit to total surveillance.</rant>
statuspage.io/ (Your IP address 149.202.98.160 has been flagged as a scanner. Scanners are not permitted. If you are seeing this message in error, please contact security@statuspage.io.)
snowbirds.org/ (The requested URL was rejected. Your support ID is: 10851284974681727906w)
sony.de (You don't have permission to access "http://www.sony.de/" on this server. Reference # ... / same story with different exit nodes)
spamhaus.org (reCaptcha)
stefanv.com/electronics/ (Error 403; We're sorry, but we could not fulfill your request for /electronics/usb_charger.html on this server.; You do not have permission to access this server. Before trying again, run anti-virus and anti-spyware software and remove any viruses and spyware from your computer. ; Your technical support key is: ab19-c14e-2b02-1b1f; You can use this key to fix this problem yourself.; If you are unable to fix the problem yourself, please contact stefan at capable.ca and be sure to provide the technical support key shown above. -> same as linuxquestions.org and ioerror.us)
stepstone.de ("You don't have permission to access "..." on this server." / some exits / 2017-02-18)
sueddeutsche.de ("The connection was refused when attempting to contact www.sueddeutsche.de" / 2016-04-03) accessible from 3/3 exits 04-22
support.apple.com (Also blocks Tor non-exit relay IPs)
svictor.net
sydneypadua.com ("Access denied. Your IP address [188.138.9.49] is blacklisted. If you feel this is in error please contact your hosting providers abuse department.")
forum.synology.com/enu/ ("You have been permanently banned from this board" some exits / 2016-12-22)
talk.maemo.org
talkingpointsmemo.com
techerator.com
technologyreview.com ("We noticed you're browsing in private or incognito mode. To continue reading this article, please exit incognito mode or log in.")
thecultureblend.com
thegrommet.com
theislamicseminary.org ("Access denied. Your IP address [171.25.193.131] is blacklisted. If you feel this is in error please contact your hosting providers abuse department.")
ti.com (Access Denied You don't have permission to access "http://www.ti.com/..." on this server.)
tineye.com/search
tocloud.com ("Access denied. Your IP address is blacklisted. If you feel this is in error please contact your hosting provider's abuse department." / 2016-12-04)
torjo.com <- "406 Not Acceptable". dunno if it's a tor block but the status code (taken in a self-referential way) is a pretty appropriate comment on Tor blocks ...
torrentfreak.com (reCaptcha on most exits)
www.travelweekly.com
tweakblogs.net (some exits)
tweakers.net (times out)
twirpx.com
twitter.com <= access granted, but more disclosure required for signups (e.g. mobile number submission cannot be skipped). Accounts that escaped the mobile number submission at reg. are sometimes forced to enter a phone number later if accessed from tor (these accounts are effectively locked until a phone number is supplied) -> too bad for them, everyone with something to say is welcome to join GNUSocial. apparently there's even a twitter bridge in operation
typepad.fr
typepad.co.uk
usnews.com (access denied)
usps.com (access denied)
usa.gov
www.veteranstoday.com/ (SpamFireWall is activated for your IP 77.247.181.163)
videotrazilica.com
ricarica.vodafone.it (only that subdomain; also from relays!?)
unc.edu ("The request was rejected. ")
vpforums.org/ ("As of March 8th, 2011, VPForums.org is blocking the use of proxies." / reading OK but account creation is not)
walmart.com (Access Denied You don't have permission to access "http://www.walmart.com/" on this server. Reference #...) <= sometimes. If you get lucky, and place an order over tor, the bastards later silently cancel the order without notice or reason. Be sure to report "false advertising" to consumer protection orgs when that happens. WHAT! that's a new low. another reason to curse their nonexistent souls that's "security" of the brave new world for you. if you don't meet expectation of normalcy, you can be quietly discarded.
wayfair.com ("Access denied. You don't have permission to access 'http://www.wayfair.com'" / 2017-01-03)
wbai.org (this seems to have been a one-time thing, maybe they are only blocking one exit )
whatthefuckshouldimakefordinner.com/index.php (Access denied. Your IP address [163.172.223.200] is blacklisted. If you feel this is in error please contact your hosting providers abuse department)
wigle.net/ (403 Forbidden / (nginx) 2016-12-04)
wiki.debian.org (Forbidden <p>You are not allowed to access this!</p>)
wikidevi.com (Error 403 (451 more like ...). Your technical support key is: ...)
witopia.net (error 403) <= we shouldn't care, this is a nanny VPN anyway
weforum.org (Access Denied You don't have permission to access ...)
whiterose.samizdata.net
whoismcafee.com/
wikipedia.org (allows reading but blocks edits,)
woz.ch (worrying & ironic trend? newspapers censoring their content for viewers who use censorship circumvention tools ~ remedy: use archive.is)
www.csebanking.it (Connection timeout. I'm running a non-exit relay)
www.csebo.it (Connection timeout. I'm running a non-exit relay)
xmodulo.com ("Malicious activity has been detected from your computer or another computer on your network" / 2016-08-14)
news.ycombinator.com (reCaptcha - some exits only)
yelp.com (all exits)
davidmburke.com
youbetrayedus.org
philosophybasics.com (oddly philosophybasics.com works)
verge.com ("forbidden")
whatthefuckshouldimakefordinner.com/index.php (Access denied. Your IP address [163.172.223.200] is blacklisted. If you feel this is in error please contact your hosting providers abuse department)
forums.whirlpool.net.au (“Access to whirlpool.net.au from this location has been restricted due to suspicious activity.” which is the only response even if you just try to GET/read something there.)
zara.com
NetZone AG whole address range blocked 212.243.197.0 - 212.243.197.127
woz.ch (timed out, firewalled)

@ -1,40 +0,0 @@
* see [list instructions](instructions)
* If you use Debian GNU/Linux, or any derivative, subscribe to bug #831835 ( https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=831835 ), help verify the patch, and help the maintainer come to the right conclusion on whether it should be accepted.
* If you use one of the websites on this list, contact the webmasters if you still can, and tell them not to use Cloudflare.
* If they can't leave CloudFlare(perhaps they are merely tech support at the website, and management has decreed that Cloudflare MUST be used) get them to exercise option to whitelist Tor without changing to the "basic level of security" within Cloudflare's options. CloudFlare customers can use this tool(?) to whitelist tor. Advise them, however, that using CloudFlare(or any Cloudflare-like competitors, see [philosophy](cloudflare-philosophy.txt) and [non-cloudflare list](non-cloudflare-list.txt) ) exposes readers/viewers/customers to a giant supplier MitM. This is a questionable practice, regardless of whitelists.
* Tell others around you about the dangers of Cloudflare.
* Help improve this repository, both the lists, the arguments against it and the details
* Document and make very public where things go wrong with Cloudflare (and similar companies), making sure to mention this repository when you do so
* Get more people using Tor by default so they can experience the web from the perspective of different parts of the world.
* Start groups, in social media and meatspace, dedicated to liberating the world from Cloudflare.
* Where appropriate, link to these groups on this repository - this can be a place for coordinating working together as groups
* Start a coop that can provide a meaningful non corporate alternative to Cloudflare
* let us know of any alternatives to help at least provide multiple layered defence against Cloudflare
* Try using [globalist](globalist.txt) to maintain this list!
* If you are in the United States of America
** If the website is a bank or an accountant
*** try to bring legal pressure under the GrammLeachBliley Act https://en.wikipedia.org/wiki/Gramm%E2%80%93Leach%E2%80%93Bliley_Act and report back to us
how far you get
** if the website is a government site
*** try to bring legal pressure under the 1st Amendment of the US Constitution
* For companies that claim to offer service on their website try reporting them as "false advertising" to consumer protection organizations and BBB
Loading…
Cancel
Save