this post was submitted on 26 Dec 2023
55 points (88.7% liked)

Privacy

820 readers
111 users here now

Privacy is the ability for an individual or group to seclude themselves or information about themselves, and thereby express themselves selectively.

Rules

  1. Don't do unto others what you don't want done unto you.
  2. No Porn, Gore, or NSFW content. Instant Ban.
  3. No Spamming, Trolling or Unsolicited Ads. Instant Ban.
  4. Stay on topic in a community. Please reach out to an admin to create a new community.

founded 2 years ago
MODERATORS
c0mmando@links.hackliberty.org
55
Has avoiding Cloudflare become Impossible? (links.hackliberty.org)
submitted 9 months ago by c0mmando@links.hackliberty.org to c/privacy@links.hackliberty.org
54 comments fedilink hide all child comments
 

Nearly every website today seems to be hosted behind Cloudflare which is really concerning for the future of privacy on the internet.

Cloudflare no doubt logs, stores, and correlates network telemetry that can be used for a wide array of deanonymization attacks. Not only that, but Cloudflare acts as a man-in-the-middle for all encrypted traffic which means that not even TLS will prevent Cloudflare from snooping on you. Their position across the internet also lends them the ability to conduct netflow and traffic correlation attacks.

Even my proposed solution to use archive.org as a proxy is not a valid solution since I found out today that archive.org is also hosted behind Cloudflare...

So what options do we even have? What privacy concerns did I miss, and are there any workaround solutions?

you are viewing a single comment's thread
view the rest of the comments
[–] elbarto777@lemmy.world -1 points 9 months ago (3 children)

Sure, so they're fundamental to businesses. Not to the internet.

[–] BluesF@lemmy.world 4 points 9 months ago (1 children)

User experience isn't just for businesses.

[–] elbarto777@lemmy.world -3 points 9 months ago

User experience?

Wait, I thought we were talking about more than just user experience.

[–] Strykker@programming.dev 3 points 9 months ago (1 children)

Sure 100% you can build a website without them.

But anyone expecting to serve millions of users is going to use and need them or the user experience will suffer

[–] elbarto777@lemmy.world 0 points 9 months ago (1 children)

That's my point. So it's not fundamental. Just fundamental for big sites.

And not anyone. Cloudfare and AWS are not the only cloud/CDN services in the world.

But I understand now.

[–] freedomPusher@sopuli.xyz 2 points 9 months ago (1 children)

The pattern is that big businesses can afford their own infosec experts and have no use for CF (who poses a disclosure risk to their business). It’s the small mom & pop shops that cling to CF. They hire someone cheap who doesn’t have a high infosec proficiency, who just takes the cheap lazy path of deploying the site on CF. They usually don’t even bother to tweak CF’s extra privacy-hostile default settings.

[–] elbarto777@lemmy.world 2 points 9 months ago

Interesting. That makes sense in many reasonable contexts.

[–] freedomPusher@sopuli.xyz 2 points 9 months ago (1 children)

You say “fundamental” when I think (from context) you mean to say “essential”. But to be clear, Cloudflare is not essential to business or the internet. Consider banking in the US. Big banks are competent enough to not need CF. But credit unions are small and on shoestring budgets. So CUs are increasingly exposing all their customers to Cloudflare to save money. If you are a client of a CU that starts using Cloudflare, I suggest switching to paper statements and quit using the website. Switch to a CU that does not expose you to Cloudflare. So far that’s not difficult but that could change.

[–] elbarto777@lemmy.world 2 points 9 months ago

Thanks! Good tip.