I am of the habit that I block it globally on the browser. Until perhaps a website that I have to use needs it.
this post was submitted on 25 Apr 2026
70 points (92.7% liked)
Privacy
48330 readers
217 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 6 years ago
MODERATORS
If you are actively blocking Cloudflare and you are still able to use use the web services you rely on then I am genuinely jealous of you.
If you set up a website with cloudflare, their user interface has a lot of tracking stuff on by default to be injected into it. It also encourages you to use their https service where the traffic is not actually encrypted from the user to your server, but man-in-the-middle'd by cloudflare. But the interface makes it super easy to do and refers to it like a good and normal default option.
So yeah I think they really want your data.
Even if you don't use Cloudflare's https they still need the private keys to work. So they can read all traffic either way.
I'll be more specific: if you set up a website on your own server, and use Cloudflare as a reverse proxy. If you do SSL yourself, on your own server, then the traffic is encrypted between the client and your server, and therefore Cloudflare cannot read it, they do not have the encryption keys, even though the traffic is passing through them. If you use Cloudflare's https solution, Cloudflare provides the keys and decrypts the traffic before passing it on.
The former is the more secure way to do it, but they encourage you to do it the way where they get to read all the traffic, which is pretty shady of them, because if a website has https people assume that means it is end to end encrypted to the website itself, but that assumption is being violated here and a user has no way to know.
How can they act as a proxy if they can't terminate the connection? Or what service does that offer?
I guess they could filter out some connections based on IP addresses. But is that enough for some customers? Or am I overlooking something?
How can they act as a proxy if they can’t terminate the connection?
Why wouldn't they be able to? The DNS record points to Cloudflare's IP, they forward the traffic to your server's IP. This is a common choice for self hosting setups because it's a free service and it is a way to avoid pointing a DNS record at your home IP, which you may not want everyone to know. That doesn't require decrypting the traffic.
How this squares with the ddos protection and caching stuff, I'm not sure, but I know I set up SSL locally, did not give Cloudflare the keys, turned off all the options for them to handle it, and everything seems to work.
load more comments
(2 replies)
You should check the certificate shown to clients when accessing your domain. I think you'll find that it is not the certificate that you created outside of Cloudflare. Cloudflare doesn't need your private key as they issue a certificate for your domain to themselves and use that for the connection with the client. The certificate you created is used between Cloudflare and your server. The only option I'm aware to route traffic through Cloudflare where they don't terminate SSL is an enterprise only feature.
load more comments
(3 replies)
That's true if you're proxying your traffic for DDoS protection, but you don't need to do that to use them as a DNS, if you must.
Thanks for the info about HTTPS. I have used it a lot in the past, since its so incredibly easy and reliable
load more comments
(1 replies)
Good luck reaching websites 😂
I suggest you also block anyone using AWS.
I don't think OP would be able to use the modern internet lol
If they still can then goddam please write a tutorial
Well you can use the modern internet. Just not most of it. You would be only looking at the personal indie web at that point.
A lot of personal indie web uses CF because it’s free and manages usage spikes and your home server going offline for whatever reason.
load more comments
(1 replies)
Usenet, email & gopher. Perfection.
Reminds me of when my stepmother turned off the router because she didn’t want incoming radiation and then couldn’t figure why her emails were not arriving.
Just blocking the domain won't do you any good. Half the internet is behind Cloudflare. Even some Lemmy servers use it.
I think I'd rather practice other anti-tracking or anti-fingerprinting measures rather than blocking one of the largest CDN's in the world. But yes, they do track.
You won't be able to access 22% of websites, among them many of the largest ones.
Yupp it sucks.
But it does kind of reaffirm that it most likely is collecting just as much data as google. I hate cloudflare and don't understand why the rest of the world wants to be so dependent on a US ran technology firm after waves arms all this
I agree - there definitely would need to be many more reverse proxy services, because the current dominance of just a handful is making the internet brittle in ways it wasn't before.
Including .world lol
And nothing of value would be lost.
Hahaha.
As others have mentioned you are going to have a tough time seeing much on the web without it but I guess it would be a good way to see the web with like zero corpo stuff.
load more comments
(3 replies)
This is just turning off your router with extra steps
Lots of stuff breaks when you block cloudflare so a better way to avoid its data collection is to use a vpn and clear your browsing data.
Is this even the privacy forum? A lot of people here implying OP should consent to the spying for better service. Cloudflare absolutely does gather as much as Google, and with much deeper access. If you can go without those websites, then block Cloudflare.
That seems typical of this community, IMO. It constantly confuses me.
I have the detect cloudlflare firefox extension. I avoid sites that use it. Haven't tried blocking it completely yet but I could probably manage.
load more comments
(2 replies)
I block cloudflareinsights.com which my lemmy instance seems to be using lol.
I have not had that one come up on my logs yet.
Doesn't Lemmy go down when Cloudflare goes down? Are you currently blocking CF?
So it looks like I'm only blocking subdomains for the challenges, ajax, and some other CDN stuff. I could try blocking the whole domain for a while and see what happens. It will probably result in the same access since I blocked challenges.
Depends on your provider.
Depends on the Lemmy server. So not all of Lemmy goes down.
I know the server I'm on went offline during the last cf outage. Never occurred to me this wouldn't be the case for all of Lemmy.
Edit: early morning comment always ends with me making spelling mistakes.
load more comments
(1 replies)
view more: next ›