173
submitted 1 week ago* (last edited 1 day ago) by TankieTanuki@hexbear.net to c/chapotraphouse@hexbear.net

Edit: Update 2024-10-30

Let it be known that Mr. Alexandru was very patient with me and resolved everything for me by upgrading his infrastructure a few days later. I really appreciate it!


blob-on-fire

TankieTube is suffering from success.

you are viewing a single comment's thread
view the rest of the comments
[-] moondog@hexbear.net 12 points 1 week ago

Can you share more about this? Sounds crazy

Using their proxy service (which is free for some reason) means all data between users and your site goes through cloudflare, meaning they can sniff them packets

[-] Zvyozdochka@hexbear.net 5 points 1 week ago* (last edited 1 week ago)

Sorry for the late reply, kind of forgot to type this all out and it's kind of ended up being word soup and really simplified to make my point more accessible, but a lot of this can easily be researched in depth by just reading Cloudflare's own site/documentation if you're interested.

Firstly, as @nat_turner_overdrive@hexbear.net mentioned, a big problem is the ability for them to intercept all of your website's traffic if you're using their proxy service, which most people using Cloudflare are because it serves as a layer of protection from DDoS attacks since Cloudflare is able to filter/bear the weight of most attacks and only forward the "clean/legit" traffic to your website. In a world where passwords and other confidential information is sent over the wire in plain text because we're relying on HTTPS traffic being encrypted, this is a huge problem because Cloudflare ends up decrypting this traffic to provide their services which means they can see all this traffic in plain text as if it was never encrypted in the first place.

Secondly, they have the ability to just serve arbitrary JavaScript to your browser if they feel the need to. Just like they did a few months ago during the whole polyfill.io situation where they redirected all requests to polyfill.io to their mirror which could in theory host any JavaScript they'd like.

Thirdly, they offer a free service called WARP which promises you a faster internet browsing experience and was quite heavily marketed with lots of advertisements on YouTube some years back, it became quite big with all the tech channels showing it off, not sure how large it is now, but it's essentially a VPN, and as with all VPNs, they can see all incoming/outgoing traffic and do whatever they please with it, but don't worry, they pinky promise not to log or do anything with it!

That's just a few examples but if you look at the Cloudflare website they offer quite a lot of other services (a lot of which are free which makes them very appealing) which basically boil down to "let us control your infrastructure and all your traffic and in return we promise to make everything more secure and make your life so much easier".

All in all, it's just a bit unsettling that we're letting a private company that's based in the world's biggest surveillance state control over ~20% of the world's internet traffic. Especially when that traffic is unencrypted. I'm sure you've been around the internet long enough to know when Cloudflare goes down or has troubles, a large portion of the internet goes down and everyone starts panicking, lol.

the AWS of DNS management (this may be a stupid comparison)

this post was submitted on 21 Oct 2024
173 points (99.4% liked)

chapotraphouse

13499 readers
831 users here now

Banned? DM Wmill to appeal.

No anti-nautilism posts. See: Eco-fascism Primer

Vaush posts go in the_dunk_tank

Dunk posts in general go in the_dunk_tank, not here

Don't post low-hanging fruit here after it gets removed from the_dunk_tank

founded 3 years ago
MODERATORS