Cloudflare Developers•2y ago

And yes, with those invoices I made a claim, they are charging me for this.

JhonacodeOP•6/22/24, 3:23 AM

I think it's something strange.

JJhonacode And yes, with those invoices I made a claim, they are charging me for this.

dave•6/22/24, 3:30 AM

did they respond to your claim say you were refunded?

Ddave did they respond to your claim say you were refunded?

JhonacodeOP•6/22/24, 3:33 AM

They responded to me asking for the information for the refund and after 10 days they charged me again for the month of June, hahahaha

Vikash•6/22/24, 3:50 AM

Why Cloudflare requests are served by Amsterdam region in India (AMS). While there are many datacenter in India and operational as per status page.

I see in response header -

Cf-ray: xxxxxxxxxx-AMS

Cf-ray: xxxxxxxxxx-AMS

Vikash•6/22/24, 5:10 AM

Connected with my mobile hotspot and now it's serving from France.

Original message was deleted

Vikash•6/22/24, 5:25 AM

But that's defeat the complete purpose of hosted in Cloudflare. Low latency?

So, the CF delegation should talk to them...as no such issue with AWS

Vikash•6/22/24, 5:29 AM

CF can always complaint to authorities if they doing extortion, blaming won't fix our website latency.

At least CF team work with 2 major player to get it fixed: Jio and Airtel

Vikash•6/22/24, 5:32 AM

https://x.com/vikashrathee/status/1804384706391130368

Vikash Rathee (@vikashrathee) on X

@airtelindia When are you going to fix the @Cloudflare routing?

The requests are still routing via France causing all websites hosted on CF loading slow to millions of users.

https://t.co/4Y0JYmRMzi

CC: @DoT_India

Twitter

•

6/22/24, 5:23 AM

EEthan Does anyone know the actual DC location of the Asia Pacific R2 region, or is it ...

Hello, I’m Allie!•6/22/24, 7:20 AM

It's replicated across a few, but the point is you don't need to know/care exactly where it is

Tho1212334•6/22/24, 8:19 AM

Hi. I need to access cloudflare sites without allowing challenges.cloudflare.com. is this possible?

Tho1212334•6/22/24, 8:20 AM

right now i am even unable to reach the cloudflare support because of challenges.cloudflare.com

TTho1212334 Hi. I need to access cloudflare sites without allowing challenges.cloudflare.com...

Hello, I’m Allie!•6/22/24, 8:27 AM

Why do you need to block it?

Tho1212334•6/22/24, 8:27 AM

it is not EUDSGVO compliant

TTho1212334 it is not EUDSGVO compliant

Hello, I’m Allie!•6/22/24, 8:28 AM

Afaik, no

Tho1212334•6/22/24, 8:28 AM

i need to reach cloudpage sites from work and all 3party calls are blocked without a opt in.

Hello, I’m Allie!•6/22/24, 8:28 AM

If you block it, and a challenge page is triggered, then there isn't much you can do

Hello, I’m Allie!•6/22/24, 8:29 AM

Unless the website owner is willing to make a manual exception for you/your traffic

Tho1212334•6/22/24, 8:29 AM

i am blocked from (felt) 30% of the web. thats not probate

TTho1212334 i am blocked from (felt) 30% of the web. thats not probate

Hello, I’m Allie!•6/22/24, 8:30 AM

Don't know about GVO, but it does appear that Turnstile is GDPR-compliant

Tho1212334•6/22/24, 8:30 AM

i am the only one with the problem? i cant reach cloudflare forums also

Hello, I’m Allie!•6/22/24, 8:31 AM

Oops, sorry

Hello, I’m Allie!•6/22/24, 8:31 AM

Hit my keyboard with the laundry basket

Tho1212334•6/22/24, 8:32 AM

i honestly thought you hit the keyboarr with your head in regard of my question

TTho1212334 i need to reach cloudpage sites from work and all 3party calls are blocked witho...

Hello, I’m Allie!•6/22/24, 8:33 AM

So just to confirm, Turnstile may be GVO-compliant, but because it is not marked as such in your system, it is blocked?

Hello, I’m Allie!•6/22/24, 8:33 AM

I could check with the team whether it actually is/it is planned to be, but then it would be up to you/your team to actually mark it

Tho1212334•6/22/24, 8:34 AM

if you follow the GDPR by word every website has to ask me BEFORE sending my data (get request) to a third party company.

Hello, I’m Allie!•6/22/24, 8:34 AM

This is getting into "lawyer" territory, so I don't quite feel comfortable speaking here one-way-or-the-other

Tho1212334•6/22/24, 8:35 AM

so if i visiting xy.com and they trigger a cloudfalre challenge before showing me the data privacy rules and allow me to opt out they are violating the GDPR

Tho1212334•6/22/24, 8:36 AM

as i am working in the data privacy field i have to be "nit-picking"

Tho1212334•6/22/24, 8:36 AM

ok, i totaly understand, european laws are strange. but it is like it is...

TTho1212334 ok, i totaly understand, european laws are strange. but it is like it is...

Hello, I’m Allie!•6/22/24, 8:37 AM

I'm in the EU too btw, so I know (some of) the pains of GDPR

TTho1212334 as i am working in the data privacy field i have to be "nit-picking"

Hello, I’m Allie!•6/22/24, 8:37 AM

Personal question: if a website processes your IP address, does that require a GDPR warning, even if they don't actually store said IP address?

Tho1212334•6/22/24, 8:37 AM

dpr is great! it is sometimes hard to understand for a "publisher" (website-owner) how to integrade it

Tho1212334•6/22/24, 8:37 AM

*integrate

Tho1212334•6/22/24, 8:38 AM

the hoster of the website is allwoed to store the ip adress if: - the owner of the site has a "avv" (dont find the english term, data protection agreement)

Tho1212334•6/22/24, 8:39 AM

but he has to anonymize the ip

Tho1212334•6/22/24, 8:39 AM

*has a avv agreement with the hoster.

TTho1212334 the hoster of the website is allwoed to store the ip adress if: - the owner of t...

Hello, I’m Allie!•6/22/24, 8:40 AM

So is the AVV/manual opt-in required if the Website doesn't store the IP adress, but just processes it?

Tho1212334•6/22/24, 8:41 AM

even the processing of the personal information (ip adress) is forbidden if it is not technical neccessary

TTho1212334 even the processing of the personal information (ip adress) is forbidden if it i...

Hello, I’m Allie!•6/22/24, 8:42 AM

And if it is, it is ok, even without an opt-out?

Tho1212334•6/22/24, 8:42 AM

so you can store the ip adress for i.e. intrusion detection and protection. but you have to implement measures to protect the data and publish them

Tho1212334•6/22/24, 8:42 AM

and there is a limit of 7 days i think

Tho1212334•6/22/24, 8:43 AM

but most privacy statements include a condition to allow free use of the ip adress. BUT if i want to do this i have to show the privacy statement BEFORE i collect the data. Same with 3-Party calls like challenges.cloudflare.com

TTho1212334 but most privacy statements include a condition to allow free use of the ip adre...

Hello, I’m Allie!•6/22/24, 8:46 AM

Yeah, I'm just wondering how that works for a firewall for example. If I am not allowed to use your IP address(blocking via Firewall) before showing you a Privacy Statement, then all anyone would need to take down my website would be to DDoS my Privacy Statement

Tho1212334•6/22/24, 8:49 AM

as far as i understand that is no problem because the processing of the ip trough the firewall is technicaly neccessary. If you use a blacklist on your firewall the content of the blacklist is not affected by the dpr because it is technically neccessary to save this ip adresses for a longer time. the ip adress of the visitor has to be deleted after a given limit (7 days i think, maybe 30) if there is no problem with it. (it is allowed to keep the address longer if the visitor seems to "attack" the page)

Tho1212334•6/22/24, 8:50 AM

but i have to operate the firewall on-prem, in a eu country or i need to have a privacy-agreement with the operator of the firewall.

TTho1212334 as far as i understand that is no problem because the processing of the ip troug...

Hello, I’m Allie!•6/22/24, 8:52 AM

So if I were to build a service that used IP, along with other signals from the browser, to prevent more sophisticated kinds of attacks before showing the user a privacy agreement, would that be ok, assuming that the privacy agreement would be available after they pass those checks?

Tho1212334•6/22/24, 9:03 AM

as far as i understand legitimate intersest is the same as technicaly neccessary

Tho1212334•6/22/24, 9:03 AM

if i operate a bank i need to collect the personal data of my visitors

And yes, with those invoices I made a claim, they are charging me for this.

Similar Threads