> Like any CDN, if the connection between the edge nodes and your own servers is not secure, a hostile ISP can do whatever it wants with it.
Unless I'm mistaken, most regular small/medium sized users of CDN will use a 'plug n play' type CDN, where the CDN just pulls from the origin server via the public http, and in that scenario you can't really fake SSL if you didn't set it up on your server, and your users won't believe that they are browsing through https when on your site. Cloudflare changes this model and superficially tells the user they're using https, but then on the second link to cloudflare, it's unencrypted. Even worse, as we can see here and elsewhere, a lot of people explicitly sign up to cloudflare for SSL! That means most likely they didn't set up ssl on their server.
> I'll give you my backend IP and hell, might even give you rsync access or something. Archiving through a browser is the least desirable way to have my stuff archived.
Yeah but this is the most optimistic view of it all. If you are at all familiar with archiveteam and others, the main method for archiving web sites is through the public web site. For many reasons, site admins might not want to give access directly to their server, so the most atomic and simplest path is to simply crawl the web site, in order to 'get everything' (all the sites), as long as you don't flood the server with requests and such, which most don't do.
> No, you have opinions biased by (valid but not universal) philosophies and concerns. These features are desired and beneficial to many people.
So you don't have any worries about Cloudflare and the centralization? What about tor users right to privacy and how the capchas are completely insane? Cloudflare is unfortunately a huge pain in the ass and I'm not sure they can be trusted. There's no proof they are connected to any governments as far as i know, but they have now become this standard thing that everyone enables because it's free, and the surveillance possibilities are _vast_, even worse than cookies/advertising IMO because there is almost no way to circumvent it as a normal end user
> Cloudflare changes this model and superficially tells the user they're using https, but then on the second link to cloudflare, it's unencrypted. Even worse, as we can see here and elsewhere, a lot of people explicitly sign up to cloudflare for SSL! That means most likely they didn't set up ssl on their server.
This essentially pushes any MITM to CloudFlare's network, which is _usually_ better than the user's and so far has exactly one confirmed interception. This is a valid concern and could certainly be better but I believe eliminating the CloudFlare -> User vector from a potential attack is a good thing.
> Yeah but this is the most optimistic view of it all. If you are at all familiar with archiveteam and others, the main method for archiving web sites is through the public web site. For many reasons, site admins might not want to give access directly to their server, so the most atomic and simplest path is to simply crawl the web site, in order to 'get everything' (all the sites), as long as you don't flood the server with requests and such, which most don't do.
While I generally support archival efforts, making a large number of automated HTTP requests (you're archiving the entire site after all) while I'm in the middle of a DDoS is not appreciated, particularly if any of that content has to come from a database (because you're accessing old stuff that isn't in my site cache). This could make a barely tolerable DDoS completely take down my origin.
> So you don't have any worries about Cloudflare and the centralization? What about tor users right to privacy and how the capchas are completely insane? Cloudflare is unfortunately a huge pain in the ass and I'm not sure they can be trusted. There's no proof they are connected to any governments as far as i know, but they have now become this standard thing that everyone enables because it's free, and the surveillance possibilities are _vast_, even worse than cookies/advertising IMO because there is almost no way to circumvent it as a normal end user
Like I said, the philosophies and concerns have some merit but they're not universal. I have no issues with CloudFlare and "centralisation". If CloudFlare is shown to commit some kind of wrongdoing there's absolutely nothing stopping me from moving elsewhere.
Unless I'm mistaken, most regular small/medium sized users of CDN will use a 'plug n play' type CDN, where the CDN just pulls from the origin server via the public http, and in that scenario you can't really fake SSL if you didn't set it up on your server, and your users won't believe that they are browsing through https when on your site. Cloudflare changes this model and superficially tells the user they're using https, but then on the second link to cloudflare, it's unencrypted. Even worse, as we can see here and elsewhere, a lot of people explicitly sign up to cloudflare for SSL! That means most likely they didn't set up ssl on their server.
> I'll give you my backend IP and hell, might even give you rsync access or something. Archiving through a browser is the least desirable way to have my stuff archived.
Yeah but this is the most optimistic view of it all. If you are at all familiar with archiveteam and others, the main method for archiving web sites is through the public web site. For many reasons, site admins might not want to give access directly to their server, so the most atomic and simplest path is to simply crawl the web site, in order to 'get everything' (all the sites), as long as you don't flood the server with requests and such, which most don't do.
> No, you have opinions biased by (valid but not universal) philosophies and concerns. These features are desired and beneficial to many people.
So you don't have any worries about Cloudflare and the centralization? What about tor users right to privacy and how the capchas are completely insane? Cloudflare is unfortunately a huge pain in the ass and I'm not sure they can be trusted. There's no proof they are connected to any governments as far as i know, but they have now become this standard thing that everyone enables because it's free, and the surveillance possibilities are _vast_, even worse than cookies/advertising IMO because there is almost no way to circumvent it as a normal end user