Its a man in the middle that recieves every communication to any server that uses it, including ip addresses, signups, passwords, usernames, all in clear text for them. Since so many servers use it, its a giant aggregator as dangerous as a centralized password store.
Just wanna add that it’s impossible for them to have your encrypted messages if you use an HTTPS certificate from another CA.
Meta analysis of encrypted traffic is more powerful than you think. By analyzing things like the length and timing of requests and responses, researchers have been able to determine what search term a user typed (through the auto-completion suggestions being sent back), what images and videos are being viewed, which threads on a forum they accessed, among other things, without ever decrypting the HTTPS data.
Is it? I have never used Cloudflare so I don’t know their exact feature set, but most of Cloudflares useful features require them to be able to act as your website (to display a 5xx error when your server is down, the “checking your browser” message, caching, compression, etc.). Most people use Cloudflare for those features (and they use it for easy https, which is kinda stupid since client<->cloudflare will be encrypted, but cloudflare<->server likely still goes through the internet over plain http).
And they’re American so they absolutely have the NSA/CIA tapping into that data.
I use Cloudflare solely for DNS management because I know of other alternative that is remotely close to it… Registrars are usually really awful. I never proxy A records, always pure DNS.
Quad9 is a great alternative to CF’s 1.1.1.1, but unfortunately they don’t provide a service like that :c
deleted by creator
I am guessing you aren’t running any servers anywhere you could do your DNS on?
Never considered that as a serious option. What kind of DNS server software would you recommend? What resource footprint does it have (my server is already pretty crowded and I’d like to not get a new one for now)? Does it work well?
Works as flawlessly as anything, but I’d recommend two systems, you want to have at least 2 DNS servers. If two small VPSes doesn’t make sense for you (you hardly need any resources to run powerDNS or BIND), then I wouldn’t go with that option. Was just curious.
Yeah, I just read a bit on the topic too and I came across the same thing. Atm I don’t run anything that would justify getting two servers for DNS, so I’d rather rely on a third-party. Thanks for the suggestion though and if you have any good alternatives to CF please let me know :)
Well, I would be loathed to give CF money or data, so since I own domains at a registrar that does “meh, OK” services, if I wasn’t running my own DNS servers I’d just go with them. I would most registrars would provide reasonable DNS services for nothing.
I use Netfirms, btw, but that’s not necessarily a plug for them.
I see. Yeah, I haven’t had the greatest of experiences with my registrars when it comes to DNS (mainly slow updates and inability to add some types of records). Also, I don’t give CF money nor data really, I use just DNS, no proxying. The distributed nature of DNS makes CF less prone to getting data than it would be otherwise. Do you know any other service similar to CF’s DNS thing?
Some good answers already, but I haven’t seen anyone talk about this: Sites “secured” by CloudFlare are almost impossible to use with Tor, some VPNs, or even simply with JavaScript disabled. Their Captcha page that pops up when you use any of these tends to be broken and just redirects back to itself even when you clear the captcha, instead of actually showing you the page itself (and the redirection is happening server side, so there’s also nothing you can change in the URL to get you to the right page).
deleted by creator
This comment on GitHub perfectly captures the controversy surrounding CloudFlare
They block access to legitimate users in name of protecting the website. You don’t even have to use Tor or do something fishy to be blocked from a cloudflared website.
I’m no network engineer, so if you could ELI5, what would be the alternative to automatically let in legitimate users, but block hackers, spam, bots, etc…?
I just wanted to add that recently on firefox if you have resistfingerprinting enabled then some websites will stop working because cloudflare detects as of it was a tor browser. For example you can’t log in to GitLab
It’s not hate against CloudFlare itself, but mostly against the centralization and siloing of private services that are incrusting themselves at the core of the Internet.
No, definitely it’s hate against the company (in addition to what you said). CloudFlare has done (and is doing) many dodgy things and are absolutely not trustworthy.
Do you mind enumerating some of these dodgy things?
@Echedenyan@lemmy.ml posted a pretty helpful link.
https://git.nogafam.es/deCloudflare/deCloudflare/src/branch/master/readme/en.md
They are one of the actors of the centralization of the internet.
deleted by creator
nogafam is an amazing initiative and ran by a really nice dude. It’s from Spain and he offers fediverse services and stuff like that.
Thanks for all the great responses
Because they make the web unusable and insecure. They also protect sites with content thats illegal in the US, so they’re obviously working for the US’s intelligence services.
Lol. That’s a huge jump you’re making here. I guess if a bookstore doesn’t sell loliporn they are also working for thé CIA?
Their technically a provider so they aren’t responsible for the stuff they “host”. They would still have to help law enforcement to take it down. For some sites this very suspiciously doesn’t happen.
deleted by creator
they host a lot of bigoted content (like 4ch*n)
