You may want to know about this and what Cloudflare is doing

[pwizza]

If you try to disable the cookies in your browser you'll reach a webpage like the one in the attached file when trying to connect to linustechtips.com .

 

the problems are:

 

- this is borderline illegal / illegal in the EU, not only that but cloudflare is not just "using cookies", according to the actual behaviour of the service the cookies are needed to proceed to the actual web page that you want to visit . Of course no information is given about all of this in that page, not even the fact that the user has to enable the cookies to "pass" or what Cloudflare is about to do with your informations

- a DDoS attack is a routing/network problem, how a file on my pc, using informations related to my person can possibly prevent this ? A DDoS attack doesn't even requires a web browser to be possible !

- that page is using the linustechtips.com domain, so you are effectively breaking EU laws even without using your domain to display your content. Cloudflare apparently uses the domain of the client to do their business ( clumsy business to say the least ) and it does everything using the same URI .

 

For example if I don't have the cookies enabled and I try to connect to http://linustechtips.com/main , in the same URI and using the same domain that page goes up ( basically the URL never changes ) , and eventually, if I pass "the test" the content of the page corresponding to http://linustechtips.com/main will be displayed, all of this keeping the same URI/domain.

 

In general that page is clearly made by someone that doesn't even know what he/she is doing, including the company itself, I still don't get what the phrase "checking your browser" means in that context, considering the fact that all of this is done to prevent a potential DDoS attack.

 

Even if you forget for a moment about the EU laws, this probably shows that Cloudflare is not exactly the best provider in the market and maybe you should move elsewhere if you care about your business . Keep your eyes open.

 

A fellow reader .

 

-------

 

The image

[CydiaDash]

Where is the attachment

[pwizza]

Where is the attachment

probably something went wrong with the upload, I posted a pic in place of that .

[harrynowl]

Well this site is under US jurisdiction to my knowledge, and security companies such as DDoS protection are generally not open about their methods for obvious reasons.

[CydiaDash]

Yeah, I'm getting this lol

[rtpb5642]

I get that screen EVERY time i visit LTT the past week.

[pwizza]

Well this site is under US jurisdiction to my knowledge, and security companies such as DDoS protection are generally not open about their methods for obvious reasons.

I think that they have more than 1 server around the globe , they also offer a service that implies reaching up to the "world", you know, the internet.

 

EDIT: what a cookie has to do with networking protocols anyway ? you can keep your secrets no problem, but you shouldn't really come up with something that clearly doesn't compute.

[Guest MinimalEffort]

Yes its very obscure and I don't really feel comfortable with it running in my browser. Is there any way to stop it?

[Nexxus]

..lettme get this straight, you are getting butt hurt over the fact they are having to use some DDoS protection because some jackass wants to flood the site trying to cripple it for the lulz?


You are whining because the site is continuing to function? Because otherwise the site would br broken period currently

[pwizza]

..lettme get this straight, you are getting butt hurt over the fact they are having to use some DDoS protection because some jackass wants to flood the site trying to cripple it for the lulz?

You are whining because the site is continuing to function? Because otherwise the site would br broken period currently

given your language I'm not inclined to answer your question, but I don't think that even Google has even dreamed about doing something like that, plus you probably never owned an internet domain .

[Dredgy]

 

- this is borderline illegal / illegal in the EU, not only that but cloudflare is not just "using cookies", according to the actual behaviour of the service the cookies are needed to proceed to the actual web page that you want to visit . Of course no information is given about all of this in that page, not even the fact that the user has to enable the cookies to "pass" or what Cloudflare is about to do with your informations

- a DDoS attack is a routing/network problem, how a file on my pc, using informations related to my person can possibly prevent this ? A DDoS attack doesn't even requires a web browser to be possible !

- that page is using the linustechtips.com domain, so you are effectively breaking EU laws even without using your domain to display your content. Cloudflare apparently uses the domain of the client to do their business ( clumsy business to say the least ) and it does everything using the same URI .

 

LinusTechTips is a Canadian Company, with the domain registered by a Canadian company with no presence in the EU with an American registrar hosted in America. EU law is not applicable.

 

CloudFlare has many servers in EU and has never been found in violation of EU law (or had any complaints raised against it). It provides a necessary service, though it has many flaws. They are a huge company.

 

https://www.cloudflare.com/network-map

 

In general that page is clearly made by someone that doesn't even know what he/she is doing, including the company itself, I still don't get what the phrase "checking your browser" means in that context, considering the fact that all of this is done to prevent a potential DDoS attack.

 

 

"Checking your browser" in this context means the site is getting DDoSed. It's using CloudFlare servers to check to make sure you're not a bot, before referring you to the real website. If you have cookies disabled, you have a higher chance of being a bot and will not get access to the site while it's being DDoSed.

 

CloudFlare is not a hosting service. It intercepts traffic and caches the site in the event of downtime.

 

When the site is not being attacked, you can access the site normally, whether cookies are enabled or not.

[Nexxus]

given your language I'm not inclined to answer your question, but I don't think that even Google has even dreamed about doing something like that, plus you probably never owned an internet domain .

I've had multiple ones over the years, and in the process of setting up another try again junior.

[pwizza]

LinusTechTips is a Canadian Company, with the domain registered by a Canadian company with no presence in the EU with an American registrar hosted in America. EU law is not applicable.

 

CloudFlare has many servers in EU and has never been found in violation of EU law (or had any complaints raised against it). It provides a necessary service, though it has many flaws. They are a huge company.

 

https://www.cloudflare.com/network-map

 

 

"Checking your browser" in this context means the site is getting DDoSed. It's using CloudFlare servers to check to make sure you're not a bot, before referring you to the real website. If you have cookies disabled, you have a higher chance of being a bot and will not get access to the site while it's being DDoSed.

 

CloudFlare is not a hosting service. It intercepts traffic and caches the site in the event of downtime.

 

When the site is not being attacked, you can access the site normally, whether cookies are enabled or not.

 a DDoS is a network issue, not a web browser issue ! How you can possibly mix the 2?

[JeffreyEagan]

Yes its very obscure and I don't really feel comfortable with it running in my browser. Is there any way to stop it?

Cloudflare doesn't run in your browser, it's a middleman of mitigation hardware between you and the server, it's harmless and will do nothing to you or your browser.

[Dredgy]

 a DDoS is a network issue, not a web browser issue ! How you can possibly mix the 2?

 

I didn't?

 

But the current attack on the site means CloudFlare is serving a notice to everyone that their browser is being checked and verified. If you are suspected of being illegitimate traffic through your cookie settings or browser user agent, you will not be referred to the LinusTechTips server, you will be terminated at the CloudFlare server. Think of it as a firewall. 

 

This is all server side stuff, none of it is really related to the client, except that you see the notice.

[JeffreyEagan]

 a DDoS is a network issue, not a web browser issue ! How you can possibly mix the 2?

You do realize that a DDoS can be ran through a broswer, right? It's just making sure it's an actual browser not sending stupid traffic to the destination, same when skids try to run scripts through the connection also, if it can't check the browser, the connection is refused, if the token system is abused, cloudflare is bypassed, and the data goes directly to the domain.

 

There is nothing illegal happening ANYWHERE in your connection to LinusTechTips.

[pwizza]

I didn't?

 

But the current attack on the site means CloudFlare is serving a notice to everyone that their browser is being checked and verified. If you are suspected of being illegitimate traffic through the browser or cookie settings , you will not be referred to the LinusTechTips server, you will be terminated at the CloudFlare server. Think of it as a firewall. 

How many firewall, that you know about, software or hardware, use cookies to do their business ?

 

Just look at the ISO/OSI model and how to make a DDoS attack and you see how clumsy this justification is, even that page is written by someone that is just shuffling words.

[AdamH96]

I rather have this than dealing with some low life DDOSing the bloody site all the time. Chill out it's not hurting anyone.

[pwizza]

You do realize that a DDoS can be ran through a broswer, right? It's just making sure it's an actual browser not sending stupid traffic to the destination, same when skids try to run scripts through the connection also, if it can't check the browser, the connection is refused, if the token system is abused, cloudflare is bypassed, and the data goes directly to the domain.

 

There is nothing illegal happening ANYWHERE in your connection to LinusTechTips.

rate Cloudflare based on their service. in EU this is borderline at best, but even without considering that, you can't be a company that big and just use the client domain as you wish or give no crap about the users ad their rights .

[Dredgy]

How many firewall, that you know about, software or hardware, use cookies to do their business.

 

Just look at the ISO/OSI model and how to make a DDoS attack and you see how clumsy this justification is, even that page is written by someone that is just shuffling words.

 

It's one safe point of many.

 

If you are not using cookies, there is likely something suspicious, so you are denied access. It's an unusual situation, and in the event of an attack, unusual cannot be allowed through. There are other checks as well, but that's a really easy one to implement.

[JeffreyEagan]

rate Cloudflare based on their service. in EU this is borderline at best, but even without considering that, you can't be a company that big and just use the client domain as you wish or give no crap about the users ad their rights .

...What in the actual sam heck are you on about.

[Dredgy]

It's one safe point of many.

 

If you are not using cookies, there is likely something suspicious, so you are denied access. It's an unusual situation, and in the event of an attack, unusual cannot be allowed through. There are other checks as well, but that's a really easy one to implement.

[colonel_mortis]

This site is located in North America, and is only required to comply with North American law. Specifically, it is not required to comply with European cookie law. However, even if it did, the types of cookies being set by cloudflare are exempt from the rules - https://ico.org.uk/for-organisations/guide-to-pecr/cookies-and-similar-technologies/.

There is an exemption if:

• the cookie is for the sole purpose of carrying out the transmission of a communication over an electronic communications network; or

 

The cloudflare page that is displayed is done so to assist in mitigating the DDoS attack that the site has been subject to for the past few days. I can assure you that the page can help (and in fact is the only reason that the site is currently online).

[Blade of Grass]

- this is borderline illegal / illegal in the EU, not only that but cloudflare is not just "using cookies", according to the actual behaviour of the service the cookies are needed to proceed to the actual web page that you want to visit . Of course no information is given about all of this in that page, not even the fact that the user has to enable the cookies to "pass" or what Cloudflare is about to do with your informations

Refer to the post by @colonel_mortis above.

 

- a DDoS attack is a routing/network problem, how a file on my pc, using informations related to my person can possibly prevent this ? A DDoS attack doesn't even requires a web browser to be possible !

There are many different forms of DDoS attacks. The type of attacks that you are talking about are 'low level' attacks (layer 3/4), the type of attack that we are getting is a layer 7 attack. This attack does is not a networking/routing problem. Refer to your OSI model. 

 

- that page is using the linustechtips.com domain, so you are effectively breaking EU laws even without using your domain to display your content. Cloudflare apparently uses the domain of the client to do their business ( clumsy business to say the least ) and it does everything using the same URI .

It's much cleaner to use one URI instead of redirecting constantly to another page, in no way is it clumsy or unprofessional. 

 

In general that page is clearly made by someone that doesn't even know what he/she is doing, including the company itself, I still don't get what the phrase "checking your browser" means in that context, considering the fact that all of this is done to prevent a potential DDoS attack.

The phrase "checking your browser" means that it is validating that you are indeed a human accessing the forum and not a malicious bot. I assume it works similar to how the new Google captchas work. 

Response in colour.