← Back to context

Comment by altfredd

7 years ago

> That assumes that the nameserver and the actual server are run by the same party which quite often is not the case.

Cloudflare can check if nameserver and the actual server are run by different parties, and if so omit subnet information from EDNS response. It is not hard to implement — Google and OpenDNS used to require manual whitelisting to receive EDNS subnet responses (not sure if they still do).

Cloudflare's CDN leaks user's full online identity to Google via reCaptcha, especially when you use Tor. Maybe they should ask Google to be satisfied with client's subnet too?

2 comments

altfredd

Reply
devereaux  7 years ago

> Cloudflare's CDN leaks user's full online identity to Google via reCaptcha, especially when you use Tor.

How?

  • epse  7 years ago

    When cloud flare detects suspicious traffic from an ip, it will get served with a reCaptcha every time. Tor exit nodes always get captchas, not sure how much data that would leak though