Comment by benwilber0
8 years ago
Well fuck. I have no idea what (if any, or all) of my authenticated web sessions have been going through CloudFlare in the last 6 months. How do I even start to protect myself from this?
8 years ago
Well fuck. I have no idea what (if any, or all) of my authenticated web sessions have been going through CloudFlare in the last 6 months. How do I even start to protect myself from this?
1. rotate passwords, tokens, auth stuff on any and all service you use that may have used CloudFlare in this time period (as of time of writing this list has not been enumerated)
2. hope that no personally-identifiable info or damaging plaintext that can be tied back to you has been exposed, but you will probably never know for sure
3. join class action lawsuits if you so desire and receive the chump change that is your share once they inevitably get settled
4. ponder what it truly means to willingly (or unknowingly) give information to or through a "trusted third-party" who may employ other "trusted third-parties"
5. languish in unsatisfactory answers and outcomes, return to step 2.
I've compiled a list of 7 million+ domains that use Cloudflare here: https://github.com/pirate/sites-using-cloudflare
Including the subset of the Alexa 10,000 that use Cloudflare in the README.
Here is also a non-exhaustive list of websites using cloudflare: https://index.woorank.com/en/reviews?technology=cloudflare
Reset everything you don't want to assume is public