@rms I’m 1st of all horrified that a site calling itself “teachprivacy”.com is a #Cloudflare site. But worse, I boosted it w/out knowing b/c the URL was hidden. Text-based #Mastodon clients do not show the URLs that are embedded in HTML tags. So my choices are: dump the raw JSON of toots before boosting & look for hidden URLs that are CFd, or just boost & let @mg catch it

@mg @rms It’s much more convenient to boost & let #Mitigator do the work but what happens when I unboost? I think unboosting takes it off my timeline but some damage does not get reversed b/c the toot was already copied to the federated timelines of all the nodes of those following me. Guess some client-side tooling is needed here. And someone should teach privacy to #TeachPrivacy.com.

@rms @mg BTW RMS, I suggest you follow @mg. That’s a beneficial bot that will follow you back & DM you when you post a Cloudflare link. Docs live here → https://framagit.org/dCF/deCloudflare/-/blob/master/subfiles/service.altlink.md

@cnx @rms I was thinking: this isn’t like RMS to not respond.

@rms @cnx Thanks for the update. FWiW, some ways to detect CF sites are mentioned in this thread https://infosec.exchange/@bojkotiMalbona/108596156060149270

@cnx @rms you may find this service useful as well for filtering CF: http://karma.im5wixghmfmt7gf7wb4xrgdm6byx2gj26zn47da6nwo7xvybgxnqryid.onion/api/is/cloudflare/html/ There is also a clearnet version but it doesn’t work for everyone: https://karma.crimeflare.eu.org:1984/api/is/cloudflare/html/

Thanks, @koherecoWatchdog. Do you happen to know how the database is constructed? https://framagit.org/dCF/deCloudflare/-/tree/master/cloudflare_users/domains

@cnx I suspect I don’t but I don’t exactly understand the question. Do you mean how do they get the raw data, or what they do w/it? The dCF project got a massive list of all domains & they also get new domains as they get registered, IIUC. I can only guess that they keep an sqlite db (since that’s what they export). They check them for CF & also re-check sites periodically.

@koherecoWatchdog, I was asking for the former, i.e. the accuracy of the database.

@cnx The checks are not just on a per-domain basis. One domain can have countless hosts, some of which may be CFd & others not. dCF keeps track of the hosts too. If 1 host on a domain is CF, then that whole domain is treated as CF when you reference just a domain list.

@cnx So e.g. if bobswebsite.com is not CF, but shop.bobswebsite.com is CFd, the domain bobswebsite.com is listed as CFd.

@cnx If you need hostname level granularity, then you either need to grab the headers and look for cf-ray, or check if the IP of the hostname is in the range of CF ASNs.