so now Cloudflare:
- hosts website's DNS
- reverse-proxies websites
- runs a DNS over HTTPS resolver
- runs an IPFS gateway
Is it just me, or are they positioning themselves to be able to MITM everything?
@Wolf480pl isn't their job to be a MiTM technically? Like, it's structurally shitty from the start.
@bram yeah, but MITMing one website that asks for it vs MITMing all your DNS, IPFS, and who knows what else, is IMO a difference.
before, you could think that they MITM only to protect you from DDoS.
But now it's obvious that they protect you from DDoS only to be able to MITM you.
@Wolf480pl indeed, fair point
@Wolf480pl you got it
Google = bad. Let's move everything to cloudflare.
Sigh, I suppose people who major in IT, do not minor in history...
@sprite_1ww believe it or not, there are people who actually believe that Microsoft is good now
@Wolf480pl It's like nobody learned a damn thing from 2013
@djsumdog what happened in 2013?
Also, nobody in IT ever learns from history, they instead "move fast and break things". What did you expect.
@Wolf480pl The Snowden leaks
@djsumdog oh... yeah, most people probably felt like "oh no, I can't do anything about it, I'm just gonna turn off the TV and cry in a corner", and then forgot.
@Wolf480pl Well a lot of people literally can't do anything. Like I started running my own e-mail server again after that and even wrote this article:
..but a lot of people don't have the skill or knowledge. They just move from one big provider to another, if they do anything at all. And I don't blame them. This stuff is hard.
yeah, I do agree that for most people the news was non-actionable.
I just wish they (especially those who work in IT) remembered it for the future, so that when they have an opportunity to choose, they chose the right thing.
For example, when someone makes a small website, or gets someone to make one for them, they have a choice to use a CDN and some 3rd party JS, or not to use it. Their site would be just fine without it. If they remembered Snowden, they'd know the right choice.
@quad so their NS records point to cloudflare servers, which reverse-proxy the DNS requests to their hidden DNS servers?
@quad why not just AXFR with hidden master?
@Wolf480pl they have been for a while. Next thing u know they're gonna spin up 50,000 tor relays
@tierce I don't need to follow the link to know what it's about :P
@tierce btw. I've heard of some DDoS protection companies organizing DDoS attacks against their competition's customers, but that was in context of DDoS protection for Minecraft servers. I'd be kinda surprised if CloudFlare too organized DDoS attacks to make people buy their DDoS protection.
@Wolf480pl It’s not just you.
@Wolf480pl No, that's exactly what they already do, actually :-) They MITM everything.
And as time and time again with other market grabbing companies, this just comes under the "convenience" flag.
Are you saying that their recent addition of a DNS over HTTPS resolver and an IPFS gateway did NOT increase the percentage of traffic they can MITM?
@Wolf480pl No, it does. I agree with you.
@Wolf480pl IPFS hashes are proof over content manipulation, so long as you trust the hash.
DNS is already problematic, as are CAs.
CF knows /what/ is being requested, but, e.g., over Tor, not by whom.
@dredmorbius yeah, but I think if someone is using an ipfs gateway, instead of installing ipfs locally, I guess they probably don't use Tor either, so CF knows what and by whom.
@Wolf480pl Is more though suboptimal access a Bad Thing?
Aside from false sense of security, I wouldn't mind if there was a separate company providing an ipfs gateway while also spying on its users and putting their data into a magical box that turns user data into money.
But in this case, it's a single company that has control over a large portion of the internet, and anything that further increases its power is dangerous.
@Wolf480pl What natural monopoly do Cloudflare have over this space?
Is there anythin preventing others from stepping up? Would some division of services allay your concerns?
>Is there anythin preventing others from stepping up?
- it's hard to obtain anycast IP addresses
- there's a lot of up-front cost due to
- making enough points of presents across the globe
- getting good deals with ISPs
- developing anti-DDoS technology
>Would some division of services allay your concerns?
Some of them, yes. Eg. if CloudFlare didn't operate DNS over HTTPS resolvers, or at least weren't Mozilla's defaults. Or if CF stayed away from P2P.
@Wolf480pl There are several commercial and noncommercial entities withcapability to do so. How many would be necessary to allay fears?
The point I'm getting at is that criticising a sole provisioner for solely provisioning seems a poor route to encouraging other entrants who might obviate the sole prkovishioner situation.
What do you want?
How do you get there?
Preferably from here.
I want no DNS over HTTPS. IMO they're harmful in multiple ways.
As for IPFS gateways - I think there were a few of them already?
Also, there are no magical boxes that take user data and return money, so I don't see how it could be profitable for a company to run an IPFS gateway and not be selling user data to the likes of Google.
Well... unless said company was hosting its own content on IPFS.
@Wolf480pl There are several ways to succeed in business.
One is growing your revenue.
Another is denying your competitors revenue.
The second one is called "anti-competitive practices", is illegal in many jurisdictions, and should result in antitrust lawsuits.
@dredmorbius well, maybe not in all cases. I guess the laws take into account some nuance and draw a line somewhere reasonable.
@Wolf480pl Sun released StarOffice (now LibreOffice) free of charge, later as Free Software, to challenge Microsoft's MS Office revenue. Likewise ChromeOS from Google, or MSIE by Microsoft (targeting Netscape).
IBM predicated its free software initiative on its impacts on Sun and Microsoft, in a late 1990s interrnal study. I've seen that, Tim O'Reilly mentions it IIRC in Open Sources and elsewhere.
@dredmorbius yeah, and it sounds good and healthy, but I have no idea how to draw a line between that and Amazon selling physical items below costs so as to get local retailers out of business...
Hm... ok, producing a copy of a software costs nothing, so even if you're giving away, it's not below costs.
Welcome to your niu world ! We are a cute and loving international community Ｏ(≧▽≦)Ｏ !