Comment Re:Cloudflare is malware/spyware (Score 1) 56
and if you disable javascript, most site will actually not work
And in the final analysis, that might be a good thing. Did you (your company) write that JavaScript? Probably not. You downloaded some crap from npm and included it in your pages.
IIRC, it was some npm installation scripts that allowed a "dependencies" section to include a URL for code to be included. From anywhere in the Internet. Bypassing the repository. And allowing the owner to place new code at that location any time they saw fit. Some of the exploits did things like encrypt your disk and ransom your data. Or steal your BitCoin wallets. Or AI development system tokens.
But quite a bit of low level stuff gets snuck into these repositories. Including stuff that lies quietly, damaging nothing. But inserting tracking code into your pages for the benefit of unknown third parties. So, no. I won't be loading your web pages along with a bunch of code that I don't know what it does. And neither do you.
I use umatrix and while i allow cloudflare javascript for captchas
CloudFlare got caught (by my ISP) for using a web site that was widely considered to be a scam site. I did a search on the URL and read a bunch of "interesting" reports on it. Including an email that Google had sent in response to the blocking, pleading with ISPs to stop it. Why was Google apologizing for ClownFlare's f*ck-up? My best guess is that they had piggybacked their own tracking stuff onto CFs Captchas. You just can't trust anyone who uses JavaScript anymore.