so now Cloudflare:
- hosts website's DNS
- reverse-proxies websites
- runs a DNS over HTTPS resolver
- runs an IPFS gateway
Is it just me, or are they positioning themselves to be able to MITM everything?
@Wolf480pl isn't their job to be a MiTM technically? Like, it's structurally shitty from the start.
@bram yeah, but MITMing one website that asks for it vs MITMing all your DNS, IPFS, and who knows what else, is IMO a difference.
before, you could think that they MITM only to protect you from DDoS.
But now it's obvious that they protect you from DDoS only to be able to MITM you.
@Wolf480pl indeed, fair point
@Wolf480pl you got it
Google = bad. Let's move everything to cloudflare.
Sigh, I suppose people who major in IT, do not minor in history...
@sprite_1ww believe it or not, there are people who actually believe that Microsoft is good now
@Wolf480pl It's like nobody learned a damn thing from 2013
@djsumdog what happened in 2013?
Also, nobody in IT ever learns from history, they instead "move fast and break things". What did you expect.
@Wolf480pl The Snowden leaks
@djsumdog oh... yeah, most people probably felt like "oh no, I can't do anything about it, I'm just gonna turn off the TV and cry in a corner", and then forgot.
@Wolf480pl Well a lot of people literally can't do anything. Like I started running my own e-mail server again after that and even wrote this article:
..but a lot of people don't have the skill or knowledge. They just move from one big provider to another, if they do anything at all. And I don't blame them. This stuff is hard.
yeah, I do agree that for most people the news was non-actionable.
I just wish they (especially those who work in IT) remembered it for the future, so that when they have an opportunity to choose, they chose the right thing.
For example, when someone makes a small website, or gets someone to make one for them, they have a choice to use a CDN and some 3rd party JS, or not to use it. Their site would be just fine without it. If they remembered Snowden, they'd know the right choice.
@Wolf480pl I've had that feeling for a long time, so I have not used their services for a few years.
@quad so their NS records point to cloudflare servers, which reverse-proxy the DNS requests to their hidden DNS servers?
@quad why not just AXFR with hidden master?
@Wolf480pl they have been for a while. Next thing u know they're gonna spin up 50,000 tor relays
@tierce I don't need to follow the link to know what it's about :P
@tierce btw. I've heard of some DDoS protection companies organizing DDoS attacks against their competition's customers, but that was in context of DDoS protection for Minecraft servers. I'd be kinda surprised if CloudFlare too organized DDoS attacks to make people buy their DDoS protection.
@Wolf480pl It’s not just you.
@Wolf480pl No, that's exactly what they already do, actually :-) They MITM everything.
And as time and time again with other market grabbing companies, this just comes under the "convenience" flag.
Are you saying that their recent addition of a DNS over HTTPS resolver and an IPFS gateway did NOT increase the percentage of traffic they can MITM?
@Wolf480pl No, it does. I agree with you.
We are a cute and loving international community Ｏ(≧▽≦)Ｏ !