The first three questions we have to ask whenever someone mentions
computer security is
- security for who?
- security from who?
- security to what end?
My first encounter with Cloudflare was as a Tor user, maybe 4 or 5
years ago now, There seemed to be this one company blocking dozens of
websites. Over the years this has grown to thousands. Cloudflare is no
friend of mine, and has always seemed to be an anti-privacy firm.
Then I realised something more sinister. Regardless of my Tor issues,
which you could argue are a niche concern, I read an article pointing
out that with so many people's traffic going through Cloudflare they
are in a unique position to correlate and monitor traffic on a scale
grander than any ISP.
Finally, I read about TLS fronting, and people being talked into
basically allowing Cloudflare to MITM attack their customers.
Maybe some of these issues have been sorted out. But as I see it,
Cloudflare seems more of a pronlem than a solution. What am I missing?
1 comment
[ 5.1 ms ] story [ 19.5 ms ] threadThe first three questions we have to ask whenever someone mentions computer security is
- security for who?
- security from who?
- security to what end?
My first encounter with Cloudflare was as a Tor user, maybe 4 or 5 years ago now, There seemed to be this one company blocking dozens of websites. Over the years this has grown to thousands. Cloudflare is no friend of mine, and has always seemed to be an anti-privacy firm.
Then I realised something more sinister. Regardless of my Tor issues, which you could argue are a niche concern, I read an article pointing out that with so many people's traffic going through Cloudflare they are in a unique position to correlate and monitor traffic on a scale grander than any ISP.
Finally, I read about TLS fronting, and people being talked into basically allowing Cloudflare to MITM attack their customers.
Maybe some of these issues have been sorted out. But as I see it, Cloudflare seems more of a pronlem than a solution. What am I missing?