flashing ticker
To interact with this page you must login.      Signup
ask a person to answer this questionAsk to answer

Can Cloudflare's cfduid cookie be used to deanonymise the user behind a VPN via traffic analysis?

What does the Cloudflare cfduid cookie do?

The __cfduid cookie is used to identify individual clients behind a shared IP address and apply security settings on a per-client basis. For example, if the visitor is in a coffee shop where there are a bunch of infected machines, but the specific visitor's machine is trusted (e.g. because they've completed a challenge within your Challenge Passage period), the cookie allows us to identify that client and not challenge them again. It does not correspond to any user ID in your web application, and does not store any personally identifiable information.


Cloudflare says that the cookie does not store any PII (personally identifiable information) as it's just a random string of text. But that doesn't stop Cloudflare from doing traffic analysis to identify the user behind a VPN using traffic analysis, does it? Even if the cfduid cookie doesn't store PII, is it PII?
What's an assertion, and what should I type in?

Compesh is a question and answer (and debate) website, so before you make a debate, you better learn what an assertion is. I suppose you already know what a question is, and that you've typed it in the box. ;)

An assertion, is basically a statement you can make, that is either true or false.

Richer people have better health.

The question for that would be, Do richer people have better health?

And don't forget to make your assertion, match your question.

Compesh logo