Nearly every website today seems to be hosted behind Cloudflare which is really concerning for the future of privacy on the internet.

Cloudflare no doubt logs, stores, and correlates network telemetry that can be used for a wide array of deanonymization attacks. Not only that, but Cloudflare acts as a man-in-the-middle for all encrypted traffic which means that not even TLS will prevent Cloudflare from snooping on you. Their position across the internet also lends them the ability to conduct netflow and traffic correlation attacks.

Even my proposed solution to use archive.org as a proxy is not a valid solution since I found out today that archive.org is also hosted behind Cloudflare…

So what options do we even have? What privacy concerns did I miss, and are there any workaround solutions?

  • kelvie@lemmy.ca
    link
    fedilink
    arrow-up
    5
    ·
    10 months ago

    Not sure why people are being so weird about answering your questions, but e.g. CloudFlare does DDoS protection which now basically everything you put on the internet needs some type of , and is far too complicated to do yourself, when you need it.

    Thus CloudFlare (or AWS’s equivalent) is pretty essential. I’m sure there are other reasons too.

    • El Barto@lemmy.world
      link
      fedilink
      arrow-up
      2
      arrow-down
      5
      ·
      10 months ago

      Thanks. Though I knew all that, I appreciate your response.

      I guess DDoS protection is essential, but the fundamental part is dependant on the seevice provider’s goal. If I just want to host a game over the internet for my friends, Cloudflare is not really fundamental for that. For businesses, though, yeah.

      • freedomPusher@sopuli.xyz
        link
        fedilink
        arrow-up
        2
        ·
        10 months ago

        Admins tend to have an exaggerated degree of self-importance. They think their own service is somehow so important that downtime is just not an option, even at the cost of pawning all their own users/supporters traffic to a tech giant in a country without privacy safeguards. And they do that even when offering a non-profit service like a fedi instance. It’s a total disregard for privacy even when no money is on the line. Part of the problem is not only are they not hiring experts but they can’t be bothered to develop the competency themselves. They don’t factor in or realize the fact that web security is part of the task they are signing up for. Like someone saying they want to sell fries but they don’t want to be bothered with finding a potato supplier. If they want to reject a fundamental component of the activity, perhaps that activity is not for them.