so now Cloudflare:
- hosts website's DNS
- reverse-proxies websites
- runs a DNS over HTTPS resolver
- runs an IPFS gateway

Is it just me, or are they positioning themselves to be able to MITM everything?

@Wolf480pl isn't their job to be a MiTM technically? Like, it's structurally shitty from the start.

@lanodan @bram @Wolf480pl Their goal as a company is to grow and make more money so yeah, expanding towards different markets/technology seems like a good move.
Still waiting for them to offer something related to e-mails now.
@lanodan @bram @Wolf480pl Just as the former NSA director asked "why don't we just collect all of the signals?" someone at Cloudflare might have said "why don't we just MiTM all of the internet?"

@bob @lanodan @bram @Wolf480pl

to be fair this is a perfect infokleptocracy dominance plan, so I mean

@bram yeah, but MITMing one website that asks for it vs MITMing all your DNS, IPFS, and who knows what else, is IMO a difference.

before, you could think that they MITM only to protect you from DDoS.
But now it's obvious that they protect you from DDoS only to be able to MITM you.

Google = bad. Let's move everything to cloudflare.

Sigh, I suppose people who major in IT, do not minor in history...

@Qwxlea @Wolf480pl in several months: "Cloudflare is bad, let's move everything to Microsoft, they're good now"

@sprite_1ww believe it or not, there are people who actually believe that Microsoft is good now

@djsumdog what happened in 2013?
Also, nobody in IT ever learns from history, they instead "move fast and break things". What did you expect.

@djsumdog oh... yeah, most people probably felt like "oh no, I can't do anything about it, I'm just gonna turn off the TV and cry in a corner", and then forgot.

@Wolf480pl Well a lot of people literally can't do anything. Like I started running my own e-mail server again after that and even wrote this article:

..but a lot of people don't have the skill or knowledge. They just move from one big provider to another, if they do anything at all. And I don't blame them. This stuff is hard.

@djsumdog @Wolf480pl

We shouldn't blame them.

BUT this stuff is not THAT hard.
And people like @bob make it easier each day.
And we can teach them curiosity.

yeah, I do agree that for most people the news was non-actionable.

I just wish they (especially those who work in IT) remembered it for the future, so that when they have an opportunity to choose, they chose the right thing.

For example, when someone makes a small website, or gets someone to make one for them, they have a choice to use a CDN and some 3rd party JS, or not to use it. Their site would be just fine without it. If they remembered Snowden, they'd know the right choice.

@Wolf480pl Not just that, they now proxy DNS.

Hosts like dnsimple use Cloudflare as a "DNS CDN" now.

So even if you use a non-cloudflare DNS service, you're likely using Cloudflare anyways.
@Wolf480pl Multiple companies with DNS services use Cloudflare for their DNS requests. Including, but not limited to:
- DigitalOcean
- Linode
- DNSimple
- EasyDNS

@quad so their NS records point to cloudflare servers, which reverse-proxy the DNS requests to their hidden DNS servers?

@Wolf480pl they have been for a while. Next thing u know they're gonna spin up 50,000 tor relays

@wolf480pl @moonman Ah, but AFAIK, #Cloudflare is still hostile to #Tor and #VPN, Using either will throw so many CAPTCHAs at people that they'll just avoid the CF-fronted site.

@lnxw48a1 @moonman IIRC CF takes pride in not banning Tor outright.

@maltimore @moonman @Wolf480pl Not an option. I spend most of my time logging in from #hotel_Wi-Fi, so #VPN and #Tor are essential.
@wolf480pl @moonman @Maltimore
Yes, in theory. In practice, I'm happy to let PIA and Tor do the work.

@Wolf480pl « In return, businesses receive "protection" » … see for explanation. 🕵️ 🤖 🤔

@tierce I don't need to follow the link to know what it's about :P

@tierce btw. I've heard of some DDoS protection companies organizing DDoS attacks against their competition's customers, but that was in context of DDoS protection for Minecraft servers. I'd be kinda surprised if CloudFlare too organized DDoS attacks to make people buy their DDoS protection.

@Wolf480pl No, that's exactly what they already do, actually :-) They MITM everything.

And as time and time again with other market grabbing companies, this just comes under the "convenience" flag.

Are you saying that their recent addition of a DNS over HTTPS resolver and an IPFS gateway did NOT increase the percentage of traffic they can MITM?

@Wolf480pl IPFS hashes are proof over content manipulation, so long as you trust the hash.

DNS is already problematic, as are CAs.

CF knows /what/ is being requested, but, e.g., over Tor, not by whom.

@dredmorbius yeah, but I think if someone is using an ipfs gateway, instead of installing ipfs locally, I guess they probably don't use Tor either, so CF knows what and by whom.

Aside from false sense of security, I wouldn't mind if there was a separate company providing an ipfs gateway while also spying on its users and putting their data into a magical box that turns user data into money.

But in this case, it's a single company that has control over a large portion of the internet, and anything that further increases its power is dangerous.

@Wolf480pl What natural monopoly do Cloudflare have over this space?

Is there anythin preventing others from stepping up? Would some division of services allay your concerns?

>Is there anythin preventing others from stepping up?

- it's hard to obtain anycast IP addresses
- there's a lot of up-front cost due to
- making enough points of presents across the globe
- getting good deals with ISPs
- developing anti-DDoS technology

>Would some division of services allay your concerns?

Some of them, yes. Eg. if CloudFlare didn't operate DNS over HTTPS resolvers, or at least weren't Mozilla's defaults. Or if CF stayed away from P2P.

@Wolf480pl There are several commercial and noncommercial entities withcapability to do so. How many would be necessary to allay fears?

The point I'm getting at is that criticising a sole provisioner for solely provisioning seems a poor route to encouraging other entrants who might obviate the sole prkovishioner situation.

What do you want?

How do you get there?

Preferably from here.


I want no DNS over HTTPS. IMO they're harmful in multiple ways.

As for IPFS gateways - I think there were a few of them already?
Also, there are no magical boxes that take user data and return money, so I don't see how it could be profitable for a company to run an IPFS gateway and not be selling user data to the likes of Google.
Well... unless said company was hosting its own content on IPFS.

@Wolf480pl There are several ways to succeed in business.

One is growing your revenue.

Another is denying your competitors revenue.

The second one is called "anti-competitive practices", is illegal in many jurisdictions, and should result in antitrust lawsuits.

@dredmorbius well, maybe not in all cases. I guess the laws take into account some nuance and draw a line somewhere reasonable.

@Wolf480pl Sun released StarOffice (now LibreOffice) free of charge, later as Free Software, to challenge Microsoft's MS Office revenue. Likewise ChromeOS from Google, or MSIE by Microsoft (targeting Netscape).

IBM predicated its free software initiative on its impacts on Sun and Microsoft, in a late 1990s interrnal study. I've seen that, Tim O'Reilly mentions it IIRC in Open Sources and elsewhere.

@dredmorbius yeah, and it sounds good and healthy, but I have no idea how to draw a line between that and Amazon selling physical items below costs so as to get local retailers out of business...

Hm... ok, producing a copy of a software costs nothing, so even if you're giving away, it's not below costs.

Sign in to participate in the conversation

Welcome to your niu world ! We are a cute and loving international community O(≧▽≦)O !