List validity and disclaimer discussion

[JedrzejMajko]

Please provide clearly in title or below that his list is unverified. I'm referring to existing/not existing of bug on website but also to fact that source you take list from do not contain all websites possible affected.

It's clear that this list:

• it comes from untrusted/unverified source
• it doesn't take under consideration website that utilize geo dns and different end point providers
• it doesn't take care of time, meaning website that was heavily affected is not on it, because data taken from untrusted sources didn't take readings in specific time, which is also completely unverifiable

[coderobe]

This is mentioned in the readme.

[JedrzejMajko]

@coderobe Vaguely in details rather than in title.

Moreover it's clearly mentioned "Alexa Top 10,000 affected sites:", where it's list of potentially affected website, again misleading allegations without providing a shred of evidence.

[coderobe]

If you'd like to improve the wording you can open a pull-request with a fix.

[pirate]

Does this help? @Coobers https://github.com/pirate/sites-using-cloudflare/pull/179

[JedrzejMajko]

@pirate You guys are defacing a lot of companies, banks for no good reason. We'll not participate in such action, so please act upon what you have been informed about.

[coderobe]

You seem to be commenting here just for the hell of it. @pirate Can we mute individual people?

[pirate]

@coderobe I'd rather not censor people unless they are really flooding us with an unmanageable number of messages.

[coderobe]

@pirate i wouldn't call it unmanageable, but @Coobers has added comments of no real value on several different issues and PRs now.

[JedrzejMajko]

@coderobe They are valuable, because it proved that you act without rules. Make ones. For me I have my point and this is a much bigger case of lack of scientific follow-up which becomes dangerous. I would like to participate, but legally it would make me potentially eligible.

[coderobe]

Well, your initial comment to this issue has already been fixed earlier. I don't see how any of your follow-up comments are describing issues that need to be fixed or anything like that.

[Zenexer]

@Coobers None of the claims you've made are accurate. We are utilizing authoritative resources and industry-standard techniques to compile as complete and accurate a list as possible. This includes:

• Authoritative zone files distributed by ICANN and affiliated registries
• WHOIS data provided by registries and registrars
• Public routing data

In determining the most notable sites, we've utilized three resources:

• Common knowledge
• Public attention to specific organizations concerning this issue, as seen on social media sites, for example
• Alexa (operated by Amazon), an established provider of estimated domain popularity statistics and the industry go-to for such information

We are actively working to accommodate new information and discoveries as they are made available. This includes:

• Websites that deliberately attempt to hide their use of Cloudflare
• Websites that use a non-standard configuration for Cloudflare, and are therefore difficult to detect automatically
• Human and technical error, which are inevitable when dealing with such a massive dataset

In all cases, we make a timely effort to correct misinformation and manually investigate any claims of errors. We're actively working on software to automate various checks, but not all checks can be legally automated due to the Terms of Service of various involved entities (for example, we can't easily automate WHOIS scraping).

If you are aware of data that is from an untrusted or unverified source that remains in the dataset, please open an objectively described issue addressing the error, and a volunteer will address it.

[pirate]

@coderobe I'd rather leave the comments, other people may have the same opinions as him, and rather than re-commenting all the same things, they can just upvote/downvote his comments accordingly.

[coderobe]

@pirate yes, i noticed that people are unable to vote on posts if the thread is locked so i unlocked it again, and deleting existing comments is not something we have or should do anyways.

[JedrzejMajko]

@pirate thank you :)

[Zenexer]

I should also note that many of the people who have contributed to this repo are involved with organizations affected by this incident. We've come together to assess the damage, raise awareness, discuss our options, and ensure that we all have the information we need to make an appropriate decision for our respective companies.

If you or your organization have any questions about how this affects you or how best to respond to the issue, we'll do our best to answer them. For most companies, dramatic responses like forcing password resets won't be necessary, based on my personal assessment. If you have ideas for adjusting the README.md file so that this message is better relayed to readers, we'd certainly appreciate hearing them.