Comment by hipadev23
3 days ago
because they’re an amazing piece of technology that also happens to be a state sponsored man-in-the-middle platform.
3 days ago
because they’re an amazing piece of technology that also happens to be a state sponsored man-in-the-middle platform.
I was assuming that it's a loss-leader sort of business strategy at play before reading your comment. Do you care to share any insights/references to support this claim?
Nah that’d be a national security crisis.
But the presence of https://en.wikipedia.org/wiki/PRISM well over 10 years ago should be sufficient.
Gotcha. Yeah, I mean all of these platforms are certainly juicy targets for room 641A [0] shenanigans. I just wondered if there had been some public leaks or something which we might not all be aware of yet.
[0] - https://en.wikipedia.org/wiki/Room_641A
11 replies →
"Our Free plan gives Cloudflare access to unique threat intelligence"
https://blog.cloudflare.com/cloudflares-commitment-to-free/
Nobody remembers the "SSL added and removed here :)"?
https://www.agwa.name/blog/post/cloudflare_ssl_added_and_rem...
How else would a cdn work? Or an l7 ddos protection?
One half of the NSA's mission is defensive, dedicated to improving the security of US systems and infrastructure: https://www.nsa.gov/Cybersecurity/
SELinux is a great example of that end.
Of course, I know an embarrassing number of people that won't touch it because they're convinced it's an NSA backdoor into your system.
They have the nickname "Crimeflare" for a reason and there is a reason so many threat actors, phishers, and malware people use CF on their landing pages and c2s.
When you file an abuse ticket with CF, CF takes the route of "oh we are only routing the data and content, not hosting it" and will refuse to terminate the CF accounts of someone being malicious. Threat actors know this which is why so many use em.
>When you file an abuse ticket with CF, CF takes the route of "oh we are only routing the data and content, not hosting it" and will refuse to terminate the CF accounts of someone being malicious. Threat actors know this which is why so many use em.
Their abuse page says they forward abuse tickets to the origin hosting provider. The origin hosting provider could ignore your tickets, but I don't see how that's any different than if they didn't use cloudflare to begin with.
They still have the ability to terminate the accounts of the threat actors using their platform (which would fuck up their scam/spam/malicious campaigns) yet seem to not want to under their guise of "oh its not us".
3 replies →
Ok but why can’t they take responsibility for the abuse and terminate the accounts themselves, forcing the malicious actors back to being in a position of not being protected by cloudflare?
3 replies →
They didn't hesitate with 8chan, even when it was known that fedposting was a thing here and that the straw that broke the camel's back they pointed to could have well been a false flag.
So the deep state is smart enough to take over the corporation and inject all this secret squirrel tech, but didn't think to cook the books to make it look like a marginally-profitable (but boring) business?
It reminds me of the counterargument to UFOs where they say "so the UFO flew here from 100 light-years away, through extreme cold, deep space, intense radiation, dodged space rocks, but as soon as it came into a lukewarm atmosphere with a modest gravity and tame weather, it crashed into a field in New Mexico?"
To be fair, you could see how a vehicle designed rigidly for extreme cold, extreme vacuum, zero gravity, etc. might fail catastrophically when introduced to modest temperatures, a modest atmosphere, and a modest gravity.[1]
It wouldn't say much for the foresight of the alien designers, mind.
[1] "100 KILOpascals? KILO? I thought you said milli, you blithering nixflorp!"
> [1] "100 KILOpascals? KILO? I thought you said milli, you blithering nixflorp!"
The numbers were given in Universal Standard Units, but the manufacturer assumed Galactic Imperial Units
What? What does business profitability or viability have to do with anything? Cloudflare can serve both customers at the same time. They still make amazing products, have incredibly talented engineers, and provide extremely valuable commercial services.
PRISM worked with numerous participants from well-oiled tech startups to aging why-wont-you-just-die companies.
PRISM revealed secrets. It also revealed that some companies fought back as much as possible. It's also possible to design core tech so that even when forced to participate, you reveal as little or no information.
CloudFlare, PRISM, and Securing SSL Ciphers, 2013-06-12 Matthew Prince https://blog.cloudflare.com/cloudflare-prism-secure-ciphers/
Honestly this is the most likely hypothesis, but would be nice to have some more evidence.
If a cdn didn't intercept requests, how else could it work? Literally every cdn is an mitm.
I'm sure you've heard this before but Cloudflare isn't really a CDN. CDNs don't have to intercept requests to be useful.
I think what you describe is closer to "TLS terminating reverse proxy", which does need to intercept every request.
What are some alternatives? Preferably the more open source the better.
what is an "open source" network infrastructure provider?
Cloudflare is mostly open-sourced, alternatives are more often than not closed-sourced
2 replies →
Idk if they're open source, but netlify was the company that I thought sort of made this feature free and easy to use. Github pages is also a free alternative.
Someone was (incidentally?) ddos'ed on Netlify last year and was served a 104k bill. The fees were waved in the end, but the caveat remains on all these free services that you pay by bandwidth.
https://news.ycombinator.com/item?id=39520776
4 replies →
This is one of those things where the act of trying to evade state-level actors by definition puts you on their radar big time.
Alternatives to what? Five Eyes? Good luck with that.
China is happy to offer an alternative. It has pretty high costs, and I don't think it's worth it, but it exists.