I hear that both CloudFlare is privacy respectful and that it spies on site visitors (with their CDN). What’s your thoughts on this matter?

  • GadgeteerZA@lemmy.ml
    link
    fedilink
    arrow-up
    6
    ·
    4 years ago

    Must say I get a few complaints from people about that aspect of Cloudflare when I link to articles on websites using it. I can’t control where others put good content though.

    The issue seems to be with Cloudflare acting as a man-in-the-middle, supposedly breaking the SSL and re-encrypting it with their SSL. For normal sites that may be OK but this is not a good idea at all if that SSL is expected to carry passwords or login info or other private info that should arrive intact at the destination site.

    So I’ll also be interested to hear what others think and what the solutions are.

    • kevincox@lemmy.ml
      link
      fedilink
      arrow-up
      5
      ·
      4 years ago

      supposedly breaking the SSL and re-encrypting it with their SSL

      There is no doubt here, this is how basically all CDNs work. You need to see the plaintext request in order to perform caching and most other features that they provide.

      I agree, if the content is very sensitive then you shouldn’t trust a third party. However in practice most companies trust third parties whether that is a hosting provider, analytics or any number of functions that it is easier to outsource.

      I think the concern arises because Cloudflare is big. This has benefits and drawbacks.

      • Generally larger companies have more resources to invest in security.
      • Covering such a large portion of the web gives them a lot of possible tracking data if they want to use it maliciously (for whatever your personal definition of malicious is).
    • Echedenyan@lemmy.ml
      link
      fedilink
      arrow-up
      2
      ·
      4 years ago

      You can use archiving services since a lot of time ago to avoid redirecting people to Cloudflared stuff.

      There are some which are fully FLOSS-based like https://conifer.rhizome.org which you even can self-host to avoid the limit they put for accounts there.

      • GadgeteerZA@lemmy.ml
        link
        fedilink
        arrow-up
        1
        ·
        4 years ago

        Isn’t Conifer more like The Internet Archive service? I was understanding Cloudflare was really being used to help manage massive volumes of web traffic ie. more the network management side?

        • Echedenyan@lemmy.ml
          link
          fedilink
          arrow-up
          2
          ·
          edit-2
          4 years ago

          I think I didn’t explain myself at all.

          The idea is that you can share the clones of the website in Conifer or any other web archive to avoid the issues with Cloudflare that people could have.

    • [object Object]@lemmy.ml
      link
      fedilink
      arrow-up
      9
      arrow-down
      2
      ·
      edit-2
      4 years ago

      It’s entirely on you. You brought some valid points about how awful Cloudflare is, but that’s not what got you banned. Your baseless claim of Cloudflare DoH somehow MITM SSL is. You are indeed spreading some FUD, even here by strawmanning what exactly you got banned for

      • TheAnonymouseJoker@lemmy.ml
        link
        fedilink
        arrow-up
        3
        arrow-down
        6
        ·
        4 years ago

        So you believe Cloudflare is a good company with a good intent? That seems like corporate apologia, since you want to twist my argument into muh FUD.

        • Bilb!@lemmy.ml
          cake
          link
          fedilink
          arrow-up
          4
          arrow-down
          1
          ·
          4 years ago

          In this reply,

          • You imply that they believe something they never said
          • You say without evidence that it is likely corporate apologia, and
          • then accuse THEM off twisting YOUR words.

          Very impressive.

          • TheAnonymouseJoker@lemmy.ml
            link
            fedilink
            arrow-up
            1
            arrow-down
            4
            ·
            4 years ago

            In their reply,

            • They implied that they think I believe a narrative that I never promoted
            • They imply without evidence that Cloudflare has good intentions when its basis of existence is as Project Honeypot
            • then create a FUD strawman and justify ban when the voting ratio on the comments and in the post indicate a different kind of dialogue
            • totally ignore that my job is privacy and security advocacy, and make it a point to leverage Cloudflare over all the historical and current concerns that loom around them

            Awesome. I can play these pony tricks all day.

        • [object Object]@lemmy.ml
          link
          fedilink
          arrow-up
          4
          arrow-down
          1
          ·
          4 years ago

          So you believe Cloudflare is a good company with a good intent?

          Thanks for putting words in my mouth despite me explicitly agreeing that Cloudflare is awful.

          If that’s how you argue with everyone no wonder you are getting banned. The Mod that argued with you on Reddit had a patience of saint

    • iortega
      link
      fedilink
      arrow-up
      3
      ·
      4 years ago

      ehm, is it just me or teddit openned this context properly?

      • Qgpkje4rY5s@lemmy.ml
        link
        fedilink
        arrow-up
        7
        ·
        4 years ago

        Any fork will lack behind in updates, that includes security updates. This can really affect your security when a zero-day vulnerability is discovered and the development team hasn’t pushed the latest patch yet.

        Does that mean that you shouldn’t use FF forks? Not at all. Firefox is neither the most private, nor secure web browser out-of-the-box, anyone claiming such a thing does not know what they’re talking about.

        Recommending Librewolf to someone that wants to take their privacy seriously is a great idea in my opinion, but claiming that it is more secure than Firefox is sort of misleading.

      • TheAnonymouseJoker@lemmy.ml
        link
        fedilink
        arrow-up
        6
        arrow-down
        1
        ·
        4 years ago

        Librewolf is essentially a Firefox with user.js tweaks , and the fork will not last forever compared to the main thing. That is why I prefer modifying Firefox myself.

          • TheAnonymouseJoker@lemmy.ml
            link
            fedilink
            arrow-up
            2
            arrow-down
            1
            ·
            4 years ago

            I think it will, not just because the source code is open and free, but because of Tor Project and because there exists no government or plutocratic entity behind developing it, but a global open community.

            With Chromium, you have all these faults. Small blobs, Google plutocratic corporation and its ad network interests, DARPA/NSA interests and the Google developers being largely pro bourgeois capitalist slaves from the mind, who run for bread (money capital).

            • Qgpkje4rY5s@lemmy.ml
              link
              fedilink
              arrow-up
              1
              arrow-down
              2
              ·
              edit-2
              4 years ago

              That’s a tad bit too optimistic.

              If Firefox were to truly die out, to the point where it makes no sense to continue funding it from a business perspective, I highly doubt it will continue to thrive as “the most private browser”.

              The fact that Google keeps funding Mozilla for the right of being the default search engine proves to two points. 1) Google doesn’t see Mozilla nor Firefox as a threat to the chromium revolution. 2) It makes more money profiting off Firefox users who are naïve enough to believe that installing the browser and using it out-of-the-box is all you need for privacy.

              To expand on point number two, the privacy communities are such a small niche, it has no relevancy in the grand scheme of things. If we keep directing non-techy friends and family to Firefox with no configuration, we are sending them off to a privacy nightmare. I’d love to be proven wrong, but I would much rather recommend Brave to non-techies around me, or Librewolf for the ones a tad bit more technologically knowledgeable.

                • TheAnonymouseJoker@lemmy.ml
                  link
                  fedilink
                  arrow-up
                  2
                  arrow-down
                  2
                  ·
                  4 years ago

                  He is spreading a bunch of FUD, and calling me a FUD spreader. Beware of this user, shilling Chromium monopoly, crypto scam, crippled ad blocker, Tor that does not work properly and a bunch of terrible stuff.

                  this user's comments look bizarre here

                • Qgpkje4rY5s@lemmy.ml
                  link
                  fedilink
                  arrow-up
                  1
                  arrow-down
                  1
                  ·
                  4 years ago
                  • Familiar interface for everyone. Since Chrome owns 70% of the market share, migrating to a privacy friendly clone won’t make the slightest difference since Brave runs on Chromium.
                  • Built in ad-blocker and tracker blocker.
                  • Built in Tor. (NOTE: This is not a replacement for the Tor browser, even Brave states this. This is purely an extra layer of privacy when needed.)
                  • Excellent fingerprinting resistance. (Fingerprint.JS does not work on Brave).
                  • New ad-system which rewards you for your attention.
                  • It’s the browser that phones home the least out of the box.
                  • No telemetry out of the box.
                  • Since it runs on Chromium, it supports all Chrome extensions which do not exist on all other browsers.
                  • Excellent security, since it is built on Chromium and de-googled patches get pushed out extremely fast, it is an overall secure browser.

                  There’s probably more that I didn’t mention but these are the ones off the top of my head.

              • TheAnonymouseJoker@lemmy.ml
                link
                fedilink
                arrow-up
                3
                arrow-down
                2
                ·
                4 years ago

                Brave is incomparable to Firefox in terms of privacy violations and other issues. It has broken Tor routing, apart from the following:

                Brave Browser is funded by DoD: https://np.reddit.com/r/privatelife/comments/fe34ls/exclusive_brave_browser_funded_by_dod_contractor/

                Brave traffic detected with Cryptocompare despite BAT rewards disabled: https://removeddit.com/r/privacytoolsIO/comments/gr8nue/

                Brave also has a known history of whitelisting Facebook and Twitter trackers, and has a crippled adblocker that does not work on Brave’s “acceptable” advertisements.

                Brave Browser hardcoded their crypto partner Binance referral links (https://twitter.com/cryptonator1337/status/1269201480105578496) alongwith Ledger and soon-to-be-compromised Coinbase (https://decrypt.co/31461/coinbase-wants-to-identify-bitcoin-users-for-dea-irs)

                • Qgpkje4rY5s@lemmy.ml
                  link
                  fedilink
                  arrow-up
                  1
                  arrow-down
                  1
                  ·
                  edit-2
                  4 years ago

                  Where do I begin? You’re like a FUD machine.

                  “It has broken Tor routing” I’m assuming this refers to the DNS leaks, which have been fixed already. (https://www.theregister.com/2021/02/22/in_brief_security/)

                  “Brave Browser is funded by DoD” No, it is not. Just because the founders of Palentir were angel investors, does not mean that Brave has any connections with DoD. It’s not even implied. There is no proof of this. Just more of your FUD.

                  “Brave traffic detected with Cryptocompare despite BAT rewards disabled” This is because of their Crypto Wallets feature, even tho you don’t use Brave Rewards, you can still use Crypto Wallets which triggers this request. Here’s the thread explaining this, but I’m assuming doing proper research and spreading FUD about everything you don’t stand for is much easier, huh? https://teddit.net/r/brave_browser/comments/f3e27q/why_is_brave_constantly_connecting_to/

                  “Brave also has a known history of whitelisting Facebook and Twitter trackers” Yet again, either you are unable to do research or you’re spreading FUD on purpose. These “trackers” make both Facebook and Twitter usable. Since Brave is trying to be a usable browser for all, whilst still preserving user privacy, these “trackers” were whitelisted. Since then, Brave has improved their ad-block to get around this.

                  “and has a crippled adblocker that does not work on Brave’s “acceptable” advertisements.” Brave blocks all advertisements by default. Unless you opt into Brave Rewards or turn off your shield, you should not see ads. There are no such thing as “acceptable” ads in Brave, unless you opt into Brave Rewards, that is bullshit and I would be shocked if you linked a source, which you obviously did not due to this being a completely made-up point.

                  “Brave Browser hardcoded their crypto partner Binance referral links” This was a mistake on Brave’s part, note that only Binance redirected and no other referral link did, which were all implemented at the same time. This has been fixed and Brave has apologized. It is opt-in.

                  https://decrypt.co/31461/coinbase-wants-to-identify-bitcoin-users-for-dea-irs” I don’t know if you live under a rock but any crypto exchange with KYC tracks you, including Coinbase. The ability to trace Bitcoin transactions and users (who have given up their PII due to KYC) is not something new.

                  I am not surprised that you seem to be banned or heavily downvoted (on what seems to be) the entire internet for spreading FUD. I have absolutely no interest in entertaining you for any longer. I highly advise you to read up on topics, do your own research and not spreading half of a story, when the other easily explainable half could be searched up in less than 20 seconds.