README.md 5.62 KB
Newer Older
resynth1943's avatar
resynth1943 committed
1
2
3
4
<div align=left>
  <h1>Cloudflare</h1>
</div>

resynth1943's avatar
resynth1943 committed
5
**resynth1943 TODO: check all websites linked here do not use Cloudflare**
smege1001's avatar
smege1001 committed
6

resynth1943's avatar
resynth1943 committed
7
**resynth1943 TODO: add more images, to support the claims**
smege1001's avatar
smege1001 committed
8

resynth1943's avatar
resynth1943 committed
9
**resynth1943 TODO: create a list of people that support this mission**
resynth1943's avatar
resynth1943 committed
10
11
12
13
14
15

## Table of Contents

- [Table of Contents](#table-of-contents)
- [Centralisation](#centralisation)
- [Privacy](#privacy)
resynth1943's avatar
resynth1943 committed
16
17
18
19
20
21
- [Usability](#usability)
- [Crawlers](#crawlers)
- [Downtime](#downtime)
- [Security](#security)
- [Control](#control)
- [](#)
resynth1943's avatar
resynth1943 committed
22
23
24
25
26
27
28
29
30
31
32

---

Cloudflare delivers DDoS protection, CDN, internet security and distributed DNS to millions of websites online.

If you've used the internet, you've most likely browsed a website that uses Cloudflare.

But Cloudflare, in many ways, is actively harming the internet.

## Centralisation

resynth1943's avatar
resynth1943 committed
33
34
35
> “We can use algorithms as an aid to the systems of our society, like pilots use autopilot, but we must never let them run our society completely on their own - the day we do, will be the day we fall.”
> ─ Abhijit Naskar

resynth1943's avatar
resynth1943 committed
36
37
38
39
40
*Centralisation ─ creating something from which other related things rely on.*

Cloudflare is the World's largest MITM (man-in-the-middle) reverse proxy. They own more than 80% of the CDN market. 
Expanding their services to more than 100 countries, **Cloudflare serves more traffic than Twitter, Amazon, Apple, Instagram, Bing and Wikipedia combined.**

resynth1943's avatar
resynth1943 committed
41
42
43
44
45
46
47
48
49
50
Centralisation is inherently harmful to the open web, which Cloudflare *claims* to support. 

But their actions continue to prove otherwise.

Those claims ring hollow, when Cloudflare's only mission is to replace the open, decentralised nature of the internet with *their* model of the internet.

Cloudflare repeatedly offers their opinion that they are improving the internet, but they are attempting to diminish one of the core values of the internet. 

There's also a practical problem, too: when Cloudflare goes down, 30% of the internet goes down with it. This is why giving power to one entity poses a threat to the freedom of the internet.

resynth1943's avatar
resynth1943 committed
51
52
53
54
55
56
The number of people being used by Cloudflare rises each day.

Don't trade privacy for convenience.

## Privacy

resynth1943's avatar
resynth1943 committed
57
58
59
Do you remember [HTTPS](https://en.wikipedia.org/wiki/HTTPS), the technology that encrypts your data when it's moving across the internet?

In theory, HTTPS should protect the data flow between you and the server. When a website owner is using Cloudflare, [that's not the case.](https://scotthelme.co.uk/tls-conundrum-and-leaving-cloudflare/)
resynth1943's avatar
resynth1943 committed
60

resynth1943's avatar
resynth1943 committed
61
Instead, Cloudflare decrypts HTTPS on-the-fly. This means that Cloudflare can see *everything* that you do on Cloudflare-enabled websites, including passwords, browsing history and any personal information sent through Cloudflare's network.
resynth1943's avatar
resynth1943 committed
62

resynth1943's avatar
resynth1943 committed
63
This poses a threat to the privacy of the end-user. 
resynth1943's avatar
resynth1943 committed
64

resynth1943's avatar
resynth1943 committed
65
## Usability
resynth1943's avatar
resynth1943 committed
66
67
68
69
70

A lot of the time, Cloudflare blocks humans from viewing a website. Before they can use it, they either have to wait for a long period of time, or complete a CAPTCHA.

If you're using a lesser-known web browser like IceCat, Cloudflare does not allow you to view websites behind Cloudflare.

resynth1943's avatar
resynth1943 committed
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
For example, in many cases, the user may be presented with a screen that totally denies access, or may be forced to wait upwards of 10 minutes for Cloudflare's code to choose whether or not you will view the site.

## Crawlers

One might suggest that crawlers are harmful to websites.

But that's fundamentally incorrect.

In many cases, there are *legitimate* crawlers. For example, when you use a search engine, the results are mostly from websites which the search engine has crawled.

Crawling is simply requesting a webpage like a normal browser would, then extracting the data (such as titles, description and other metadata), then storing it in databases.

Without allowing [legitimate crawlers](https://community.cloudflare.com/t/cloudflare-managed-special-rules-are-blocking-googlebot/82911), the discoverability of your site will be greatly impacted.

## Downtime

Like every other service on the internet, [Cloudflare](https://www.zerohedge.com/markets/major-part-web-offline-cloudflare-suffers-outage) [experiences](https://downdetector.com/status/cloudflare/) [downtimes](https://www.reddit.com/r/webdev/comments/c89hou/cloudflare_is_down_again/).

However, Cloudflare claims the opposite [on their website](https://www.cloudflare.com/en-gb/plans/business/), which is fundamentally impossible:

> Cloudflare's Business plan offers a 100% uptime guarantee.

[Millions of websites are proxied behind Cloudflare](https://qz.com/918941/cloudflare-leaked-user-data-from-millions-of-websites-heres-how-to-check-if-you-were-affected/), which only amplifies the severity of this conceptual flaw.

## Security

While this is an extension of the inherently conceptual flaw of Cloudflare's model, it only reinforces the erroneous claims projected on Cloudflare's website.

Humans make mistakes. At some point in time, Cloudflare *will* be the subject of a security error.

[It happens to the best of us.](https://www.indusface.com/blog/how-do-websites-get-hacked/)

But when it happens to Cloudflare, millions of sites will be impacted.

## Control

> There are only two hard things in Computer Science: cache invalidation and naming things.
> ─ Phil Karlton
resynth1943's avatar
resynth1943 committed
109

resynth1943's avatar
resynth1943 committed
110
Cloudflare consists of thousands of [edge servers](https://www.cloudflare.com/learning/cdn/glossary/edge-server/). These edge servers contain copies of the content from the origin site.
resynth1943's avatar
resynth1943 committed
111

resynth1943's avatar
resynth1943 committed
112
When a visitor enables a website that is proxied behind Cloudflare, the content may be served *from Cloudflare*, without involvement of the origin server.
resynth1943's avatar
resynth1943 committed
113

resynth1943's avatar
resynth1943 committed
114
This is problematic, as the origin server no longer controls the content. Cloudflare does; *giving them total control of what the end-user sees.*
resynth1943's avatar
resynth1943 committed
115

resynth1943's avatar
resynth1943 committed
116
## 
barista's avatar
barista committed
117