tl;dr: No. Quite the opposite, actually — Archive.is’s owner is intentionally blocking 1.1.1.1 users.
CloudFlare’s CEO had this to say on HackerNews:
We don’t block archive.is or any other domain via 1.1.1.1. […] Archive.is’s authoritative DNS servers return bad results to 1.1.1.1 when we query them. I’ve proposed we just fix it on our end but our team, quite rightly, said that too would violate the integrity of DNS and the privacy and security promises we made to our users when we launched the service. […] The archive.is owner has explained that he returns bad results to us because we don’t pass along the EDNS subnet information. This information leaks information about a requester’s IP and, in turn, sacrifices the privacy of users.
I am mainly making this post so that admins/moderators at BeeHaw will consider using archive.org or ghostarchive.org links instead of archive.today links.
Because anyone using CloudFlare’s DNS for privacy is being denied access to archive.today links.
You must log in or register to comment.
deleted by creator
My solution is more complicated but doesn’t require switching browsers
- I run a tor client on my home server in docker, the same place I keep my vpn access, torrenting, etc
- I run a socks proxy on my home server, that sends all requests through the tor network (and a different socks proxy for when I want to use the VPN)
- On my desktop and laptop, I use the FoxyProxy firefox extension (SwitchyOmega on Chrome). I setup the socks proxy (proxies) on it, using URL patterns.
- When I go to a .onion link, FoxyProxy uses the pattern, and sends the traffic over my tor socks proxy
deleted by creator
Time to add 1.1.1.1 to my list of DNS servers to use
In case you don’t know, Cloudflare already controls a massive amount of websites, have access to their unencrypted traffic and are making the web inaccessible for people who use tor or noscript. They are a threat to the open web.
That’s really weird explanation on part of CF CEO, as just after DNS request you usually connect to the site which address you requested and site gets a lot more details including full IP address anyway.
https://news.ycombinator.com/item?id=19828702
Here’s the full comment on HackerNews, the article quoting him only had the snippet. The larger comment makes more sense. Emphasis mine.
We don’t block archive.is or any other domain via 1.1.1.1. Doing so, we believe, would violate the integrity of DNS and the privacy and security promises we made to our users when we launched the service.
Archive.is’s authoritative DNS servers return bad results to 1.1.1.1 when we query them. I’ve proposed we just fix it on our end but our team, quite rightly, said that too would violate the integrity of DNS and the privacy and security promises we made to our users when we launched the service.
The archive.is owner has explained that he returns bad results to us because we don’t pass along the EDNS subnet information. This information leaks information about a requester’s IP and, in turn, sacrifices the privacy of users. This is especially problematic as we work to encrypt more DNS traffic since the request from Resolver to Authoritative DNS is typically unencrypted. We’re aware of real world examples where nationstate actors have monitored EDNS subnet information to track individuals, which was part of the motivation for the privacy and security policies of 1.1.1.1.
EDNS IP subsets can be used to better geolocate responses for services that use DNS-based load balancing. However, 1.1.1.1 is delivered across Cloudflare’s entire network that today spans 180 cities. We publish the geolocation information of the IPs that we query from. That allows any network with less density than we have to properly return DNS-targeted results. For a relatively small operator like archive.is, there would be no loss in geo load balancing fidelity relying on the location of the Cloudflare PoP in lieu of EDNS IP subnets.
We are working with the small number of networks with a higher network/ISP density than Cloudflare (e.g., Netflix, Facebook, Google/YouTube) to come up with an EDNS IP Subnet alternative that gets them the information they need for geolocation targeting without risking user privacy and security. Those conversations have been productive and are ongoing. If archive.is has suggestions along these lines, we’d be happy to consider them.
So it’s really more about metadata related to the IP, like geolocation.
Interesting, thanks
Because anyone using CloudFlare’s DNS for privacy is being denied access to archive.today links.
Yes, which makes Archive.is a terrible service… Because they don’t get super fine details of where your connection is originating from they poison the DNS response they give cloudflare. Any site that weaponizes DNS then blames me for choosing to not allow them to do so… Fuck them.
It might be terrible for you but it’s very handy for the rest of us.
If it’s so bad, maybe just pay to bypass all the paywalls that the site removes from your way. Having your local ISPs details sent through is a small price to pay for the convenience.
If it’s so bad, maybe just pay to bypass all the paywalls that the site removes from your way
Or I can just use Firefox reader mode… which works for like 90% of the sites that are paywalled that I’ve ever visited.
But honestly I don’t care what you say with an attitude like that. People who give up security for some fake semblance of “convenience” make the internet worse for everyone. I’m not sure how a company/website violating your rights is “handy” for you… but you do you.
What, stop using Chrome?? Unthinkable… Google says it’s the best and we can trust them. They want what’s best for us. /s
Not really a paywall then, is it? I don’t know why you think it’s fake, it’s a very real convenience.
Violating my rights ? Is geolocating your users violating their rights now?
Not really a paywall then, is it?
Well no shit… It wasn’t a real paywall if archive.org or archive.is can bypass either no? What’s your point with this statement?
I don’t know why you think it’s fake, it’s a very real convenience.
What/when did I say anything was fake? See above question… I said they’re a terrible service. Not that they’re fake. I’m telling you that it’s not any more convenient than the reader view button and that doesn’t give your data to some shady third party that doesn’t NEED your data… even though they’ll apparently go to war with one of the biggest transits on the internet over it to get it.
s geolocating your users violating their rights now?
Yes… attempting to punish users who don’t want to be geolocated… or FORCING users to geolocate would be collecting personal data. That is a literal violation of rights in many countries, specifically the EU… and California. So yes.
Are we done?
Archive.is can and does bypass real paywalls. That’s why it’s useful.
You literally called it a fake convenience in your previous comment. Do you have the memory of a goldfish?
Geolocation of users of course does not violate GDPR, don’t be ridiculous.
You have no idea what you’re talking about and clearly don’t understand the issue at hand, so yep, we’re done.
Archive.is can and does bypass real paywalls. That’s why it’s useful.
Firefox reader mode does as well…
You literally called it a fake convenience in your previous comment.
Yes… so less button presses and faffing with bullshit just using the built in feature on firefox… See how archive.is isn’t that convenient at all?
Do you have the memory of a goldfish?
You seem to have the intelligence of one. You just said “fake”, assuming that someone would understand what the hell you’re talking about… When you communicate poorly, don’t be mad when people don’t understand you.
Geolocation of users of course does not violate GDPR, don’t be ridiculous.
They’re not just using geolocation and throwing the data away after they’re done. otherwise they wouldn’t be fighting cloudflare. Storing that data for whatever other purpose they could have with it would absolutely be a violation of GDPR and similar laws. You’re the one being ridiculous here.
You have no idea what you’re talking about and clearly don’t understand the issue at hand, so yep, we’re done.
I’m literally a CISO… It’s my job to make these kinds of decisions. So jokes on you. My company would fail compliance audits if we did dumb shit like this.
JavaScript paywalls are not real paywalls. So no, Firefox can’t bypass real paywalls.
Unlucky for your company to have a CISO with such poor reading comprehension.
