this post was submitted on 29 Mar 2022
24 points (87.5% liked)

Technology

34863 readers
143 users here now

This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.

Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.

Rules:

1: All Lemmy rules apply

2: Do not post low effort posts

3: NEVER post naziped*gore stuff

4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.

5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)

6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist

7: crypto related posts, unless essential, are disallowed

founded 5 years ago
MODERATORS
MinutePhrase@lemmy.ml
24
Stay away from Cloudflare (www.unixsheikh.com)
submitted 2 years ago* (last edited 2 years ago) by Amicchan@lemmy.ml to c/technology@lemmy.ml
31 comments fedilink hide all child comments
 

What DNS provider do I use now?

you are viewing a single comment's thread
view the rest of the comments
[–] blank_sl8@lemmy.ml 10 points 2 years ago (1 children)

There's no way to know what cloudflare is doing with your data. It is therefore a true risk. We have the technology (end-to-end HTTPS) to allow DDOS protection without allowing man in the middle. If Cloudflare is doing something else, we have full reason to be skeptical.

[–] jokeyrhyme@lemmy.ml 1 points 2 years ago (2 children)

Sure, and it'd be nice for CloudFlare to offer a service that was compatible with end-to-end HTTPS

But this would be incompatible with the CAPTCHA insertion, right?

And instead of being able to use signal from the content of requests to identify an attack, they'd only be able to use the signal from the unencrypted part of the TCP exchange

This seems like inferior protection to me, but for some this might be the better compromise, and we have every right to seek such a compromise

[–] nutomic@lemmy.ml 7 points 2 years ago (1 children)

Using captchas is another problem with cloudflare, no other hoster/provider needs that. So for users there are just downsides with cloudflare. Unfortunately a lot of websites decide to use it, and there is nothing we can do.

[–] blank_sl8@lemmy.ml 4 points 2 years ago (1 children)

True, there are some attacks that cloudflare may be better positioned to mitigate...but a well-designed application won't be susceptible to attacks unless they involve a huge amount of traffic, and in those cases the amount of traffic is so huge that it can be detected easily without needing to see the http content.

[–] jokeyrhyme@lemmy.ml 1 points 2 years ago

For some sites, both the content publisher and the consumer may prioritise availability over perfect secrecy (e.g. distributing life-saving information in a natural disaster or war)

There might not be a single product on the planet that is more suitable for this use case than Cloudflare

Many sites and many consumers will not share this priority of values, however, so I agree that Cloudflare is inappropriate for these cases