Follow

so now Cloudflare:
- hosts website's DNS
- reverse-proxies websites
- runs a DNS over HTTPS resolver
- runs an IPFS gateway

Is it just me, or are they positioning themselves to be able to MITM everything?

@Wolf480pl isn't their job to be a MiTM technically? Like, it's structurally shitty from the start.

@lanodan @bram @Wolf480pl Their goal as a company is to grow and make more money so yeah, expanding towards different markets/technology seems like a good move.
Still waiting for them to offer something related to e-mails now.
@lanodan @bram @Wolf480pl Just as the former NSA director asked "why don't we just collect all of the signals?" someone at Cloudflare might have said "why don't we just MiTM all of the internet?"

@bob @lanodan @bram @Wolf480pl

to be fair this is a perfect infokleptocracy dominance plan, so I mean

@bram yeah, but MITMing one website that asks for it vs MITMing all your DNS, IPFS, and who knows what else, is IMO a difference.

@bram
before, you could think that they MITM only to protect you from DDoS.
But now it's obvious that they protect you from DDoS only to be able to MITM you.

@Wolf480pl
Google = bad. Let's move everything to cloudflare.

Sigh, I suppose people who major in IT, do not minor in history...

@Qwxlea @Wolf480pl in several months: "Cloudflare is bad, let's move everything to Microsoft, they're good now"

@sprite_1ww believe it or not, there are people who actually believe that Microsoft is good now

@djsumdog what happened in 2013?
Also, nobody in IT ever learns from history, they instead "move fast and break things". What did you expect.

@djsumdog oh... yeah, most people probably felt like "oh no, I can't do anything about it, I'm just gonna turn off the TV and cry in a corner", and then forgot.

@Wolf480pl Well a lot of people literally can't do anything. Like I started running my own e-mail server again after that and even wrote this article:

fightthefuture.org/videos/i-sp

..but a lot of people don't have the skill or knowledge. They just move from one big provider to another, if they do anything at all. And I don't blame them. This stuff is hard.

@djsumdog @Wolf480pl

We shouldn't blame them.

BUT this stuff is not THAT hard.
And people like @bob make it easier each day.
And we can teach them curiosity.

@djsumdog
yeah, I do agree that for most people the news was non-actionable.

I just wish they (especially those who work in IT) remembered it for the future, so that when they have an opportunity to choose, they chose the right thing.

For example, when someone makes a small website, or gets someone to make one for them, they have a choice to use a CDN and some 3rd party JS, or not to use it. Their site would be just fine without it. If they remembered Snowden, they'd know the right choice.

@Wolf480pl I've had that feeling for a long time, so I have not used their services for a few years.

@Wolf480pl Not just that, they now proxy DNS.

Hosts like dnsimple use Cloudflare as a "DNS CDN" now.

So even if you use a non-cloudflare DNS service, you're likely using Cloudflare anyways.
@Wolf480pl Multiple companies with DNS services use Cloudflare for their DNS requests. Including, but not limited to:
- DigitalOcean
- Linode
- DNSimple
- EasyDNS

@quad so their NS records point to cloudflare servers, which reverse-proxy the DNS requests to their hidden DNS servers?

@Wolf480pl they have been for a while. Next thing u know they're gonna spin up 50,000 tor relays

@wolf480pl @moonman Ah, but AFAIK, #Cloudflare is still hostile to #Tor and #VPN, Using either will throw so many CAPTCHAs at people that they'll just avoid the CF-fronted site.

@lnxw48a1 @moonman IIRC CF takes pride in not banning Tor outright.

@Wolf480pl « In return, businesses receive "protection" » … see en.wikipedia.org/wiki/Pizzo_(m for explanation. 🕵️ 🤖 🤔

@tierce I don't need to follow the link to know what it's about :P

@tierce btw. I've heard of some DDoS protection companies organizing DDoS attacks against their competition's customers, but that was in context of DDoS protection for Minecraft servers. I'd be kinda surprised if CloudFlare too organized DDoS attacks to make people buy their DDoS protection.

@Wolf480pl No, that's exactly what they already do, actually :-) They MITM everything.

And as time and time again with other market grabbing companies, this just comes under the "convenience" flag.

@madewulf
Are you saying that their recent addition of a DNS over HTTPS resolver and an IPFS gateway did NOT increase the percentage of traffic they can MITM?

Sign in to participate in the conversation
niu.moe

We are a cute and loving international community O(≧▽≦)O !