What DNS provider do I use now?

  • jokeyrhyme
    link
    fedilink
    arrow-up
    9
    arrow-down
    4
    ·
    3 years ago

    I think this rant greatly exaggerates the alleged “risk” that CloudFlare poses, and also makes unsubstantiated claims about the inadequate protection provided by CloudFlare

    I do think it’s a good thing for more people to consider self-hosted options, but we should do this on the merits and not in an artificial climate of fear

    • blank_sl8
      link
      fedilink
      arrow-up
      10
      ·
      3 years ago

      There’s no way to know what cloudflare is doing with your data. It is therefore a true risk. We have the technology (end-to-end HTTPS) to allow DDOS protection without allowing man in the middle. If Cloudflare is doing something else, we have full reason to be skeptical.

      • jokeyrhyme
        link
        fedilink
        arrow-up
        2
        arrow-down
        1
        ·
        3 years ago

        Sure, and it’d be nice for CloudFlare to offer a service that was compatible with end-to-end HTTPS

        But this would be incompatible with the CAPTCHA insertion, right?

        And instead of being able to use signal from the content of requests to identify an attack, they’d only be able to use the signal from the unencrypted part of the TCP exchange

        This seems like inferior protection to me, but for some this might be the better compromise, and we have every right to seek such a compromise

        • nutomicA
          link
          fedilink
          arrow-up
          7
          ·
          3 years ago

          Using captchas is another problem with cloudflare, no other hoster/provider needs that. So for users there are just downsides with cloudflare. Unfortunately a lot of websites decide to use it, and there is nothing we can do.

        • blank_sl8
          link
          fedilink
          arrow-up
          4
          ·
          3 years ago

          True, there are some attacks that cloudflare may be better positioned to mitigate…but a well-designed application won’t be susceptible to attacks unless they involve a huge amount of traffic, and in those cases the amount of traffic is so huge that it can be detected easily without needing to see the http content.

          • jokeyrhyme
            link
            fedilink
            arrow-up
            1
            ·
            3 years ago

            For some sites, both the content publisher and the consumer may prioritise availability over perfect secrecy (e.g. distributing life-saving information in a natural disaster or war)

            There might not be a single product on the planet that is more suitable for this use case than Cloudflare

            Many sites and many consumers will not share this priority of values, however, so I agree that Cloudflare is inappropriate for these cases

    • isleofmist
      link
      fedilink
      arrow-up
      6
      ·
      edit-2
      3 years ago

      The biggest point against cloudflare is that it is a US-based company and is vulnerable to US government spying.

      • jokeyrhyme
        link
        fedilink
        arrow-up
        3
        ·
        3 years ago

        I’m sure for many people it is true that the USA government is a major threat, but neither “USA” nor “government” appear in the article/rant, and ideally an article written for these people wouldn’t single CloudFlare out, but would list major companies that this applies to equally

        I’d even take this further and say that we shouldn’t trust software (or hardware) vendors that are beholden to laws in any of the Five Eyes countries ( https://en.wikipedia.org/wiki/Five_Eyes )

        Australia’s Assistance and Access Bill 2018 surely damages the credibility of Australian vendors, possibly even more than USA vendors: https://www.techtarget.com/searchsecurity/definition/Australian-Assistance-and-Access-Bill

        • tardigrada
          link
          fedilink
          arrow-up
          1
          ·
          3 years ago

          Just read the BBC article, see the link I postex above. The US government was directly involved when they started Cloudflare. Cloudflare’s CEO leaves no doubt about that.