Don't Use Cloudflare Because You Impose This on People Who Least Want It

Dr. Roy Schestowitz

2019-02-17 13:21:05 UTC
Modified: 2019-02-17 13:21:05 UTC

It may also put these people at risk

Cloudflare

Summary: Reasons to stop making the World Wide Web so heavily dependent on some dubious companies like Cloudflare, which already has a worrisome track record

OVER the years, at work and at home (e.g. in social control media), I have expressed strong (but polite) criticism of Cloudflare (or CloudFlare or CF) and its dangers -- to the point where its oversensitive staff decided to block my Twitter account (not due to abuse or because I spoke to them, they just didn't want to see anything I had said). I've rarely come across so thin-skinned a company and recently I have seen people making the very same points. So here's the gist of it all: Cloudflare is a MitM (man in the middle) and this enables Cloudflare to engage in censorship, surveillance and even worse things. Cloudflare has done both things in the past and was at times caught misusing its power. Cloudflare is no ordinary CDN but a private, for-profit company that's upselling. At times they also have technical issues and I've seen not just companies but public institutions forced offline (or into semi-working order) due to Cloudflare.

Each time we come under heavy DDOS attack (we have not had such issues for a number of months) someone out there asks us why we don't use Cloudflare. Explaining all the associated issues is time-consuming as the explanation can be lengthy.

"In some cases, for particular countries, having all traffic visible to the US (through an American company with legal obligations to its government) can be a matter of life and death."I've been dealing with Cloudflare since it was a young company, however reluctantly, at work. I've seen public institutions coming to rely on this foreign company and relaying all traffic through it. That raises all sorts of legal questions.

The bottom line is, never ever use Cloudflare. When accessing sites that route traffic through Cloudflare one might in fact be denied access (e.g. Tor users or people who rightly reject JavaScript). In that case, it's wise to leave (not enter the site), instead leaving a note to the Webmaster, urging him/her to drop Cloudflare.

Sites that respect their visitors do not resort to Cloudflare. Building one's own CDN may be expensive, but what is the worth of your visitors' rights? In some cases, for particular countries, having all traffic visible to the US (through an American company with legal obligations to its government) can be a matter of life and death. ⬆

"Many Applications Labelled as "Cybersecurity" and Given a Veneer of Legitimacy Are Really "Weaponised" and Abusive Code": New from Dr. Andy Farnell
Security Advisory: Debian falls for social engineering hacks: Reprinted with permission from Daniel Pocock
Plagiarism by Bots: Guardian Digital, Inc (linuxsecurity.com) Still Creates Fake Articles About "Linux": 100% fake
[Teaser] [Meme] New Ways to Impoverish Patent Examiners (Entrusted to Block Unjust Monopolies or Monopoly Applications): Coming tomorrow!
Apple Tax funds: railways, defective concrete blocks in Ireland's North and West: Reprinted with permission from Daniel Pocock
Daniel Pocock, Nomination for Ireland, Dublin Bay South, General Election 2024: Reprinted with permission from Daniel Pocock
Links 08/11/2024: TikTok Bans and Clownflare Issues/Perils: Links for the day
Gemini Links 08/11/2024: RPS, O.D.I.N., and RSS in Yahoo News: Links for the day
Donald Trump as Censor in Chief Can Now Leverage Censorship Companies and Fake Protection Disguised as 'Security': Centralised CAs were trouble all along
Technology: rights or responsibilities? - Part VI: By Dr. Andy Farnell
A Death of a News Industry: A theme we explored thrice today
Deciphering Centralised CAs and Why Their Demise Should be a Goal: Encryption in transmission is good; but who controls the key exchange and certification/authentication/validation?
Links 08/11/2024: Strikes, Recessions, and Slowdowns: Links for the day
[Teaster] [Meme] New Ways of Wrecking (NWoW): The EPO
Gateway for News and Blogs: In the long run, this site and its sister site (less overlap between them now) should hopefully become a popular destination for people who look for information, not chaff
Going Even Faster: We hope the site will be faster soon
Psychopaths Who Reaffirm Our Work's Value: Psychopaths and sociopaths lack empathy, so they're willing to go very far and stoop as low as they deem necessary
[Meme] How Low Can You Go at the European Patent Office?: Not just in terms of patent quality
More Cuts/End to Benefits for EPO Workers (Europe's Working Conditions Incompatible With the European Patent Convention): "The Office is now reviving it but plans to introduce new cuts on benefits"
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Thursday, November 07, 2024: IRC logs for Thursday, November 07, 2024
Gemini Links 08/11/2024: US Election, RetroChallenge 2024, and More: Links for the day
[Meme] Questioning Proprietary Software? Not OK...: A disaster long in the making
Links 07/11/2024: HTTP/3, Health Research, and Punditry: Links for the day
Gemini Links 07/11/2024: On Writing Publicly and Record Player Table: Links for the day
Open Source Security Foundation (OpenSSF) Hosted SOSS as Microsoft Propaganda Platform With Microsoft Front Group OSI: They essentially promote what they're attacking under false pretences [...] OSI is deeply corrupt. It's more toxic than arsenic.
Anti-Linux FUD, Now in LLM Form, Thanks to Brittany Day: They attack Linux with chatbots
[Meme] When You Discredit People Who Discredit Secret Code: proprietary systems with hundreds of millions of transistors (and hundreds of millions of lines of code)
The High Cost of Making Scepticism of Proprietary Voting Machines a "Trump" and "Conspiracy Theory" Territory: Time to get back to paper? Or read an old paper?
Links 07/11/2024: Online Manipulation in Social Control Media, Election Deniers, and More: Links for the day
Gemini Links 07/11/2024: emacs-guix and File Hoarding: Links for the day
[Meme] Election Day at the European Patent Office: Less than 60 minutes left to cast your vote
Staff Union of the European Patent Office (SUEPO) Election Ending Today: In one hour
[Meme] When the Patent Office Does Illegal Things and Staff Speaks Out: many leaks received today
Today We Got an Early Birthday Gift: Exciting times
[Meme] Going Too Far to the Left Can Breed Militant Ideology: Some people can never be appeased because they prefer not to be appeased
Apple's Debt Has Skyrocketed While Gimmicks Like Vision Pro Failed: In Apple's case, the debt is almost double the "Cash on Hand", which isn't even cash
FSF Expressed No Preference Regarding Presidential Candidates (Its Founder Did): Because he is a principled person, he does not prioritise loyalty to customers or employers (money)
A President Trump is Excellent News to Microsoft: His racist policies gave lots of contracts to Microsoft
Who Next on the Linux Foundation's 'Kill List'?: Remember that only about 2% of the "Linux" Foundation's budget goes to Linux
Links 07/11/2024: Facebook Scams, Journalists on Strike: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Wednesday, November 06, 2024: IRC logs for Wednesday, November 06, 2024
Microsoft-Connected Publishers Want Us to Think That Linux is Some Sort of a Virus and a "Backdoor": "The problem is with windows and the attack vector is via Windows"
We've Made it to 18! Here's to Another 18!: Going on for another 18 years means until some time at the end of 2042
Links 07/11/2024: Political Angst and Laptop Issues: Links for the day
Even LKML Subjected to Slop/SPAM by Guardian Digital, Inc (linuxsecurity.com): They're really awful
Links 06/11/2024: BPF in RFC 9669, More Facebook Fines for Privacy Abuses: Links for the day
Gemini Links 06/11/2024: Political Shock and Hermaic Encouragement: Links for the day
Planet Debian Allows Politics (But It Depends on Your Opinions and Debian's Big Sponsors): Planet Debian is OK with politics... as long as all your political opinions are the "correct" ones and you add cute animals
What Makes RMS Such an Attractive Target ('Discreditisation' Campaigns): Don't be so easily fooled
The Biggest OEMs or Vendors of GNU/Linux Stopped Competing With Microsoft (Which Pays Them to Promote Windows, Too): Where are the competition authorities (or regulators for that matter)?
Let's Encrypt Falls to a New Low of Only 0.6% of Gemini Capsules Known to Lupa: In Gemini Protocol, certificates for encryption are required, but centralised Certificate Authorities (CAs) aren't needed
Computer-Generator Crap Flooding the Web, the Latest Example About "Linux": Here's today's example
Links 06/11/2024: Election Disinformation and Legal Actions: Links for the day
Gemini Links 06/11/2024: Stargazing and Death on Hallowe'en: Links for the day
Would You Trust a Liar?: Why lie about the authorship?
Mass Layoffs at Mozilla Announced During US Elections: Maybe nobody will notice?
[Meme] Announcing "Results" Before Everyone Even "Played": There is a "tech" angle to otherwise political news
US Polls Close in One Minute (Social Control Media Does Not Care, Will Not Wait): US election results will be known in about 2 days
Concentration and Centralisation Versus Aggregation or Syndication: KDE has a history of burying old sites
Social Control Media, Even Hours Before Polls Have Closed: Has social control media controlled by CPC (TikTok) and the Trumpmobile guy (Musk's "X") done enough to convince people not to even vote (based on presumptive "results", presented a long time before all polls have closed)?
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Tuesday, November 05, 2024: IRC logs for Tuesday, November 05, 2024
Wayland Pains in Community-Led Distros of GNU/Linux: Few people and companies use Wayland; there's hardly any technical or practical reason to choose it
IBM Still Conflating Microsoft With 'Security': As a meme
Sanctions Cause Fragmentation in Software: some Chinese Linux developers are already subjected to restrictions similar to Russians'
Web Failing With Slop, Even in 'Linux' Sites (LLM Spam): Add SEO prompting to the mix and the Web becomes a pool of slop, not knowledge
[Meme] State of the World Wide Web and Online Journalism: Technically a failure (DRM) and cannot even get basic things right
Trump's signature policy, building a wall, copied from Irish-Australian student politician: Reprinted with permission from Daniel Pocock
Linus Torvalds' self-deprecating LKML CoC mail linked to Hitler's first writing: Gemlich letter: Reprinted with permission from Daniel Pocock
[Meme] Turning 18 in One Day: just one more day

Don't Use Cloudflare Because You Impose This on People Who Least Want It

Recent Techrights' Posts