What DNS provider do I use now?

  • jokeyrhyme
    link
    fedilink
    arrow-up
    2
    arrow-down
    1
    ·
    3 years ago

    Sure, and it’d be nice for CloudFlare to offer a service that was compatible with end-to-end HTTPS

    But this would be incompatible with the CAPTCHA insertion, right?

    And instead of being able to use signal from the content of requests to identify an attack, they’d only be able to use the signal from the unencrypted part of the TCP exchange

    This seems like inferior protection to me, but for some this might be the better compromise, and we have every right to seek such a compromise

    • nutomicA
      link
      fedilink
      arrow-up
      7
      ·
      3 years ago

      Using captchas is another problem with cloudflare, no other hoster/provider needs that. So for users there are just downsides with cloudflare. Unfortunately a lot of websites decide to use it, and there is nothing we can do.

    • blank_sl8
      link
      fedilink
      arrow-up
      4
      ·
      3 years ago

      True, there are some attacks that cloudflare may be better positioned to mitigate…but a well-designed application won’t be susceptible to attacks unless they involve a huge amount of traffic, and in those cases the amount of traffic is so huge that it can be detected easily without needing to see the http content.

      • jokeyrhyme
        link
        fedilink
        arrow-up
        1
        ·
        3 years ago

        For some sites, both the content publisher and the consumer may prioritise availability over perfect secrecy (e.g. distributing life-saving information in a natural disaster or war)

        There might not be a single product on the planet that is more suitable for this use case than Cloudflare

        Many sites and many consumers will not share this priority of values, however, so I agree that Cloudflare is inappropriate for these cases