Cloudflare is harmful. Sure, maybe they’re doing a Good Thing™ today, but who stops them from turning around and selling all of the data they proxy to AI companies tomorrow? There is rarely a good reason to use cloudflare. If you care about blocking bots, there are self-hostable tools like Anubis. If you care about hiding your server’s IP, you can use a VPN that allows port forwarding or rent a VPS. Do not use cloudflare. Cloudflare should not be used. By using cloudflare, you surrender your digital sovereignty for a mirage of convenience and safety.
(Yes, I understand the irony of posting this from a instance that uses cloudflare)
Right, the middleware is the issue. You can bake all of what Cloudflare does yourself as far as hardening goes and utilities like Anubis and Pangolin, buuut you’re not getting that DDOS protection.
To Lemmy’s benefit, DDOSing one of us isn’t DDOSing all of us, buuut there’s a bit to be said about Lemmy mostly centralizing around .world.
If one had a botfarm and a grudge…
There are proxies and selfhosted middleware out there that can be set up across arrays of vpses who’ll then redirect based on health and load, but once they know all of them, I guess you’re done running.
IDK what you mean by “domain host” but the thing about cloudflare ('s most prominent service) is that it’s essentially a voluntary MITM between you and your clients. They see ALL traffic going between your server and your clients. This is not normal. Normally traffic between server and client is encrypted with HTTPS. By using cloudflare’s proxy your are adding a backdoor to that encryption. Your registrar cannot normally see this traffic. Your certificate authority cannot normally see this traffic without issuing a malicious cert. But cloudflare can. And, if they wanted to, they could even inject malware to deanonymize users, spy on journalists, steal data, etc. As a matter of fact, they already do, but instead of calling it “malware” they call it “analytics”, so it’s okay 👍
There is rarely a good reason to use cloudflare […] By using cloudflare, you surrender your digital sovereignty for a mirage of convenience and safety.
Heh, man you have no idea how bad the DDoS attacks are without some form of protection. It doesn’t necessarily have to be Cloudflare, but if you’re putting up a public-facing website that you want people to be able to access, you absolutely need some DDoS protection service. You need someone to detect large-scale malicious traffic and offload it before it hits your system. It’s no mirage. Arch has been under attack for days. DDoS-for-hire is a profitable criminal enterprise. It is reallyreally bad out there on the open Internet.
Self-hosting a bot-interference tool like Anubis does nothing to help with DDoS attacks. You need a high-bandwidth shield that can absorb the incoming connection requests, filter out the legitimate users and dump the rest before it touches your server (preferably before it touches your edge devices), and that means a CDN.
Cloudflare is harmful. Sure, maybe they’re doing a Good Thing™ today, but who stops them from turning around and selling all of the data they proxy to AI companies tomorrow? There is rarely a good reason to use cloudflare. If you care about blocking bots, there are self-hostable tools like Anubis. If you care about hiding your server’s IP, you can use a VPN that allows port forwarding or rent a VPS. Do not use cloudflare. Cloudflare should not be used. By using cloudflare, you surrender your digital sovereignty for a mirage of convenience and safety.
(Yes, I understand the irony of posting this from a instance that uses cloudflare)
Cloudflare announced their paid AI scraping service at the same time as they blocked AI scrapers.
Though at least they revenue share with content owners… Assuming said content owners are in paid cloudflare plans, abs opt-in.
What stops any domain host from selling us out tomorrow? Why single out cloudflare?
Holding your own certs and constantly reviewing your and your users threat models. Cloudflare’s excessive control comes from them being a proxy.
Right, the middleware is the issue. You can bake all of what Cloudflare does yourself as far as hardening goes and utilities like Anubis and Pangolin, buuut you’re not getting that DDOS protection.
To Lemmy’s benefit, DDOSing one of us isn’t DDOSing all of us, buuut there’s a bit to be said about Lemmy mostly centralizing around .world.
If one had a botfarm and a grudge…
There are proxies and selfhosted middleware out there that can be set up across arrays of vpses who’ll then redirect based on health and load, but once they know all of them, I guess you’re done running.
IDK what you mean by “domain host” but the thing about cloudflare ('s most prominent service) is that it’s essentially a voluntary MITM between you and your clients. They see ALL traffic going between your server and your clients. This is not normal. Normally traffic between server and client is encrypted with HTTPS. By using cloudflare’s proxy your are adding a backdoor to that encryption. Your registrar cannot normally see this traffic. Your certificate authority cannot normally see this traffic without issuing a malicious cert. But cloudflare can. And, if they wanted to, they could even inject malware to deanonymize users, spy on journalists, steal data, etc. As a matter of fact, they already do, but instead of calling it “malware” they call it “analytics”, so it’s okay 👍
Heh, man you have no idea how bad the DDoS attacks are without some form of protection. It doesn’t necessarily have to be Cloudflare, but if you’re putting up a public-facing website that you want people to be able to access, you absolutely need some DDoS protection service. You need someone to detect large-scale malicious traffic and offload it before it hits your system. It’s no mirage. Arch has been under attack for days. DDoS-for-hire is a profitable criminal enterprise. It is really really bad out there on the open Internet.
Self-hosting a bot-interference tool like Anubis does nothing to help with DDoS attacks. You need a high-bandwidth shield that can absorb the incoming connection requests, filter out the legitimate users and dump the rest before it touches your server (preferably before it touches your edge devices), and that means a CDN.