[tor-dev] Request for feedback/victims: cfc-0.0.2

bancfc at openmailbox.org bancfc at openmailbox.org
Sat Apr 2 17:00:10 UTC 2016

On 2016-04-01 18:06, Yawning Angel wrote:
> On Fri, 01 Apr 2016 18:21:10 +0200
> Jeff Burdges <burdges at gnunet.org> wrote:
>> Are there any more sites where CloudFalre appears on archive.is?
>> https://www.aei.org/publication/gen-michael-hayden-on-apple-the-fbi-and-data-encryption/
>> It's some particularly harsh CloudFlare configuration perhaps?
> Without knowing how archive.is works, and how CloudFlare works, it's
> hard to tell.
> Since archive.is sets "X-Forwarded-For", it's not particularly hard to
> figure out if a Tor user is the one requesting a snapshot.  I requested
> a new snapshot and the captcha error page in the archive shows that
> the IP of my exit, so part of the ClouldFlare infrastructure at least
> peeks at the header.
> I'll probably add support for other (user-configurable?) cached content
> providers when I have time.  The archive.is person doesn't seem to want
> to respond to e-mail, so asking them to optionally not set X-F-F, seems
> like it'll go absolutely nowhere.
> Regards,

webcitation.org is an archive.is alternative. Potentially it doesn't 
forward request headers (?)

More information about the tor-dev mailing list