Suddenly Sickness Feels, Cloudflare, really F-Droid?

Warning: I am STUNNED (and slow).

Witty Intro Quote: “Use of Cloudflare will permanently and irreversible damage the trust users have in F-Droid.” --Tad

TL;DR: For users, where is the list of F-Droid mirrors, how chosen, and pros-cons of using each? Where is the list of corporate “sponsors” (aka infiltrators?), how chosen, and pros-cons of using each?

Why this post now: Background: I remember some discussions around here about needing to improve infrastructure because of increasing traffic and slowness. I didn’t remember discussion of using “services” like Cloudflare (aka Crimeflare). Today: I did a little DDG search for a topic of interest, wireless sftp android f-droid at DuckDuckGo As usual I bit my tongue and held back the urge to vomit while using DDG, but what else to use, Mojeek, Monocles, MetaGer…? So what suddenly appears as result #2, for me (YMMV)? Not a sleigh and reindeer, but a cloudflare subdomain of | F-Droid - Free and Open Source Android App Repository


No way, I say! Way, says DDG: "f-droid" cloudflare at DuckDuckGo

@Skewed_Zeppelin 's forum comment this January should have caught my eye, but didn’t: Questions about Fdroid servers staying up (costs, and if it's a struggle or if it's easier then most would think keeping it online) - #3 by SkewedZeppelin

So, turns out, around the time I was whining about Cloudflare (aka Crimeflare) I cannot update Tor Browser - #4 by justsomeguy , using it for F-Droid was being discussed in Tor and search-unfriendly Gitlab:

Deliver and via a CDN service: Deliver and via a CDN service (#229) · Issues · F-Droid / admin · GitLab

Sponsored account from Cloudflare’s Project Galileo: set up with sponsored account from Cloudflare's Project Galileo (#230) · Issues · F-Droid / admin · GitLab

DNS for geoip and multi-CDN: DNS for geoip and multi-CDN (#236) · Issues · F-Droid / admin · GitLab

Concluding Remarks: There are more links and (long) discussions, but what stands out in a skim of those above are:

  • The way a couple IDs drove the Cloudflare (aka Crimeflare) solution, against the “NO” opinions of a few IDs.
  • The way the “Code of Conduct” and “assume good faith” card was played by one of the minority IDs.



You’re not false…

Then again, it’s a mirror, not included by default, so use it or not.

Context: mirrors for regions that are not currently well supported (#315) · Issues · F-Droid / admin · GitLab


Maybe I’m missing something here, how is Cloudflare a crime? I have heard of that as some sort of CDN used by a variety of services.


The variety of services is the problem, when the services perpetrate a crime…say blackmail or phishing or propaganda etc

1 Like

Cloudflare is one of the companies who speed up access for some web services, for some people, and slow down access for other web services or other people. They decide who they protect, and who they don’t. They are corporations that profit from this control of the internet.

Some think some of these companies have shady deals with other, criminal(?) groups who do malicious activities like ddos or spam to create the “need” for companies like cloudflare.

To a random internet user like me, a ddos slowdown from criminals or a captcha slowdown from cloudflare has similar effect on me.

Yeah, aren’t AWS and Digitalocean and others guilty of same? Are there folks that block cloudflare in consideration of that?
Every service provider puts you on a much faster server/system if you pay more… right?

They’re guilty if they keep them on… search for “crimeflare” :slight_smile:

/LE: The title triggers this video when I see it: ALLSEE - Sick And Tired [Anastacia Cover] (Rehearsal Video) - YouTube :slight_smile:

1 Like

TLDR: Tor, privacy, centralised internet

Cloudflare blocks Tor users, that would be the first reason to hate these fuckheads and every company who uses their services. CloudFlare is one of the companies who are responsible for the fact that using your to protect privacy when browsing online, has become impossible.

Good service, yes. But only if you show your real IP address and identity.

Also CloudFlare is another manifestation of the centralised internet. Everyone who believes in a decentralized internet and everyone who thinks that centralising the whole internet in a single point/company should strictly avoid CloudFlare.

Apart from the fact that they are an asshole company who enjoy the abuse of their monopoly.


TL;DR: For users, where is the list of F-Droid mirrors, how chosen, and pros-cons of using each? Where is the list of corporate “sponsors” (aka infiltrators?), how chosen, and pros-cons of using each?

By discussion on matrix, IRC channel; reddit discussion; as well as BBB voice chat.

Sponsored account from Cloudflare’s Project Galileo

If you are asking why isn’t everybody making their own software libraries, not funding their projects by begging for money at the local train station, and denying funding from entities that assured they won’t intervene in the project in executive ways or deny services that the project desperately needs, then I can assure you without using libraries funded by someone else you don’t agree with and taking funds from company that does something wrong but the project believes is acceptable when not added as default, then this project won’t progress, You can think your download speed in europe is good, but it sure isn’t the case in other places and cloudflare is the easiest way to ensure it is accessible.
Cloudflare makes both criminals(harassers, ddoser etc.) more likely but also allows site like f-droid to be accessible where it would otherwise be blocked. TLS1.3 will ensure that the cost for blocking f-droid is too high if we use cloudflare or other CDN provider.
Everyone didn’t chose cloudflare. But, a sizable portion accepted it as a viable service for the problems stated above and chose to implement it in a non-default way.


For the record, I think that Cloudflare is dangerous for the internet because it is a MITM, it is a centralizing force, and they are actively trying to snub out real privacy tools like Tor. But they also do some good things, like ECH. A mirror on Cloudflare also makes accessible in some places where we currently do a bad job of reaching. So I appreciate the skepicism and critique in this thread. It is only through such pushback that we as a community can carefully walk the line of working on good things, even when we have to work the powers that be that do many bad things.


Any mirror request gets these requirements: New mirror provided by AG DSN (#298) · Issues · F-Droid / admin · GitLab

Why not copy/paste:

To become an official mirror, it would helpful to have a privacy policy that describes what happens to the logs and metadata (for example FAU, PLUG, Lysator).

Looks very easy. Who wouldn’t meet that - an entity without a stated policy. Sigh.

1 Like

I can’t waste time repeating the same info, that’s available for everyone to read.

1 Like