this post was submitted on 13 Aug 2023
536 points (95.7% liked)

Memes

45753 readers
1969 users here now

Rules:

  1. Be civil and nice.
  2. Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.

founded 5 years ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 85 points 1 year ago (3 children)
[–] [email protected] 91 points 1 year ago (1 children)

Cloudflare has human checks before you can access some sites. Some apps and screenreaders no longer work with those sites.

[–] DacoTaco 2 points 1 year ago

Not only apps and screenreaders. Some legit browsers too.

I have a browser that basically does not let the website know what or who it is ( user agent is a random number ) and cloudflare just flat out refuses me from viewing websites.

Fine cloudflare hosted website, keep your secrets!

[–] [email protected] 67 points 1 year ago (3 children)

They're all uppity that to use cloudflare proxy they have to terminate the ssl connection there. So technically cloudflare can sniff all the traffic. But that's kind of the point of WAFs and Reverse Proxies.

I would argue that the sheer amount of data throughput that Cloudflare has, you'd have to really be on a list to be monitored... and they certainly cannot just log all data willy nilly.

[–] [email protected] 32 points 1 year ago (1 children)

I suppose this one is quite simple. How can they cache, if they don't MitM the connection? I don't think it would be technically possible. If you want the cache/CDN you just need to use a company you trust. If you don't trust them then you don't get the cache/CDN.

[–] [email protected] 3 points 1 year ago

Correct. But people are viewing the DDOS protection, Cache, WAF, etc... functions as evidence that Cloudflare is obviously malicious and storing 100% of all data traversing them.

I've seen no evidence of that yet, and will certainly discontinue use of them if they show such tendencies. Until then, I will absolutely leverage their platform for my use as a paying customer.

I do understand the fear with their free platform though... They've gotta make money somehow, and I feel there's probably a fear that is data collection.

[–] Reliant1087 4 points 1 year ago

I think my issue with cloudflare is not that I think they will compromise my data through their proxy to steal my passwords or go through my data, but that it seems quite likely given their ubiquity that the three letter agencies or similar have backdoor.

It's similar with say Google, i.e. I probably trust cybersecurity at Google more than at bitwarden. Unfortunately Google mines the shit out of my data (shitty but not dangerous) and will probably hand over stuff to some authoritarian government if they asked for it (physically dangerous).

[–] droans 2 points 1 year ago

You can also turn off all the features with a single click and Cloudflare will just be your nameserver.

[–] [email protected] 18 points 1 year ago (4 children)

No high-profile cases yet, but some people are already concerned: https://crimeflare.eu.org/

[–] [email protected] 31 points 1 year ago* (last edited 1 year ago) (1 children)

Doesn't load, maybe they need Cloudflare lol (i'm joking don't send me to internet hell) Wayback doesn't seem to work with it either

[–] sgtlighttree 1 points 1 year ago (1 children)

Don't tell me Lemmy is big enough to execute hugs of death lol

[–] [email protected] 2 points 1 year ago

Nah from Wayback looks to have been a problem for a while for them

[–] qaz 9 points 1 year ago* (last edited 1 year ago)

I might be missing something but the document seems to be comparing Cloudflare to the great firewall of China and calling them criminal because of things they could potentially do?

[–] [email protected] 7 points 1 year ago (2 children)
[–] [email protected] 3 points 1 year ago* (last edited 1 year ago)

It would help if that site wouldn't look like it was written by some crazy person trying to make a shitpost...

[–] Obsession 1 points 1 year ago

Only works on http

Maybe they should sue Cloudflare for automatic HTTPS if they don't know how to configure a webserver

[–] Brimos 6 points 1 year ago

Site appears to be down. What is this for?