Nearly every website today seems to be hosted behind Cloudflare which is really concerning for the future of privacy on the internet.

Cloudflare no doubt logs, stores, and correlates network telemetry that can be used for a wide array of deanonymization attacks. Not only that, but Cloudflare acts as a man-in-the-middle for all encrypted traffic which means that not even TLS will prevent Cloudflare from snooping on you. Their position across the internet also lends them the ability to conduct netflow and traffic correlation attacks.

Even my proposed solution to use archive.org as a proxy is not a valid solution since I found out today that archive.org is also hosted behind Cloudflare… edit: i was wrong

So what options do we even have? What privacy concerns did I miss, and are there any workaround solutions?

  • Strykker@programming.dev
    link
    fedilink
    arrow-up
    3
    ·
    11 months ago

    Sure 100% you can build a website without them.

    But anyone expecting to serve millions of users is going to use and need them or the user experience will suffer

    • El Barto@lemmy.world
      link
      fedilink
      arrow-up
      1
      arrow-down
      1
      ·
      11 months ago

      That’s my point. So it’s not fundamental. Just fundamental for big sites.

      And not anyone. Cloudfare and AWS are not the only cloud/CDN services in the world.

      But I understand now.

      • freedomPusher@sopuli.xyz
        link
        fedilink
        arrow-up
        2
        ·
        11 months ago

        The pattern is that big businesses can afford their own infosec experts and have no use for CF (who poses a disclosure risk to their business). It’s the small mom & pop shops that cling to CF. They hire someone cheap who doesn’t have a high infosec proficiency, who just takes the cheap lazy path of deploying the site on CF. They usually don’t even bother to tweak CF’s extra privacy-hostile default settings.