← Back to context

Comment by mschuster91

9 months ago

For what it's worth I think Cloudflare and a few other ultra-large CDNs should be considered an utility provider, given that it is very difficult to exist in the Internet without their protection - no matter if you're just running a damn blog or an online forum, you'll get hounded by hordes of automated scanners looking to exploit you the very second a 0day appears. And if it's an online forum, chances are high someone will be pissed off by some moderation action and just buy a DDoS to shoot you off the 'net.

(In the end I think governments should finally hunt down and eliminate abusive netizens, but waiting for that to happen is pointless)

8 comments

mschuster91

Reply
ta1243  9 months ago 

  curl ipinfo.io/`dig +short news.ycombinator.com`
  {
  "ip": "209.216.230.207",
  "hostname": "news.ycombinator.com",
  "city": "San Diego",
  "region": "California",
  "country": "US",
  "loc": "32.7157,-117.1647",
  "org": "AS21581 M5 Computer Security",
  "postal": "92101",
  "timezone": "America/Los_Angeles",
  "readme": "https://ipinfo.io/missingauth"
  }

Impossible to survive on the internet...

  • immibis  9 months ago

    Cloudflare profits greatly from you thinking it's impossible to exist on the internet without them.

    Did you know they have a workflow for you to sign up start using their protection in the middle of an attack? Costs money, of course. They don't get to EEE the Internet that way so they don't make it free.

luckylion  9 months ago

> no matter if you're just running a damn blog or an online forum, you'll get hounded by hordes of automated scanners looking to exploit you the very second a 0day appears

This will happen to you if you use Cloudflare as well, _unless_ you enable (at least) the automatic captcha, which then annoys users and disallows privacy-focused people from visiting your site.

To effectively stop committed DDOS you'll need CF enterprise, which filters out private blogs etc by price. The WAF options definitely make it easier to fight simpler DDOS attacks, but even then you'll need to know what you're doing.

HeatrayEnjoyer  9 months ago

Seconding that anything this big should be nationalized. That said, the internet still worked before cloudflare. The threat of a banned troll DDoSing your forum has been a risk for 30 years, yet the flourishing golden age of forums was before anyone had heard of cloudflare.

Add in their centralized panopticon of mass decrypted traffic and it becomes undeniable CF is an enormous net negative to the internet and society at large.

  • mschuster91  9 months ago

    > The threat of a banned troll DDoSing your forum has been a risk for 30 years, yet the flourishing golden age of forums was before anyone had heard of cloudflare.

    Private forums in my experience stopped being a thing around 2010-2015-ish. The first deathknell was metasploit which made 0wning a target so much more easy than it was before, the second and final blow were "ddos for hire" services, running on cryptocurrencies that promised (and delivered) true anonymity, and using mass hacked consumer devices as a botnet that was much harder to defeat against than an STRO in some datacenter where you (or your DC) could just block the IP address.

  • rvnx  9 months ago

    They could argue that they are on the side of the "good guys" (intelligence services and the police), especially if you consider their historical ties of collaborating with the 3-letters agencies like the FBI (c.f. how all started with Project Honey Pot).