ietf.org unaccessible for Tor users

Yui Hirasawa <yui@cock.li> Sun, 13 March 2016 14:35 UTC

Return-Path: <yui@cock.li>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE0E212D631 for <ietf@ietfa.amsl.com>; Sun, 13 Mar 2016 07:35:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.503
X-Spam-Level:
X-Spam-Status: No, score=-0.503 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2jb_1ZOoOBSp for <ietf@ietfa.amsl.com>; Sun, 13 Mar 2016 07:35:25 -0700 (PDT)
Received: from cock.li (cock.li [185.100.85.212]) by ietfa.amsl.com (Postfix) with ESMTP id 3DFA012D62A for <ietf@ietf.org>; Sun, 13 Mar 2016 07:35:25 -0700 (PDT)
Date: Sun, 13 Mar 2016 16:35:21 +0200
From: Yui Hirasawa <yui@cock.li>
To: ietf@ietf.org
Subject: ietf.org unaccessible for Tor users
Message-ID: <20160313143521.GC26841@Hirasawa>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.24 (2015-08-30)
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/GY11Yxdpra0C41JYB1tjVDH1iW4>
X-Mailman-Approved-At: Mon, 14 Mar 2016 08:02:59 -0700
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Mar 2016 14:52:59 -0000

Hello IETF,

Today when I tried to go read a standard on the ietf.org website I was
met with a CloudFlare CAPTCHA page.

By using CloudFlare IETF is actively blocking Tor connections to IETF
page. CloudFlare also works as man-in-the-middle and all encryption to
ietf.org is null and void which means IETF is actively helping the
authoritarian governments weaken the encryption on the Internet.
CloudFlare also requires proprietary javascript to be run by Tor users
who want to access websites which makes fingerprinting them very easy.
Because CloudFlare is a man-in-the-middle it can also inject websites
with malicious javascript, such as fingerprinting javascript. CloudFlare
also collects all connection data and is subject to US secret courts and
thus using it is directly contributing to the mass surveillance of the
Internet.

Tor project has also finally started noticing this[1]. And I wrote a
small thing[2] about it on my website recently as well.

IETF using CloudFlare is a very bad thing for the security and
neutrality of the Internet and this should be fixed immediately.

If you think there is some other place where I could notify people about
this then please send me an email.

[1]: https://trac.torproject.org/projects/tor/ticket/18361
[2]: https://GNU.moe/thoughts/cloudflare.html