MacGay !RevGiOKgRo No.41614017
Why cloudflare is cancer to the internet
-cloudflare completely breaks SSL
Standard SSL handshake
User -> website's key -> website
User <- User's key <- website
Only the User and the website can read or write data transferred over the HTTPS connection. Authenticity, integrity, confidentiality guarenteed by cryptography.
cloudflare's SSLmao fuck not
User -> cloudflare's key -> cloudflare -> website's key -> website
User <- User's key <- cloudflare <- cloudflare's key <- website
cloudflare outright decrypts ALL CIPHERTEXT THAT PASSES THROUGH IT. cloudflare has COMPLETE ACCESS TO ALL PLAINTEXT. In other words, cloudflare in a Man-in-the-Middle (MitM) attack.
-cloudflare (untraceably) conducts internet surveillance
-cloudflare (untraceably) steals passwords: online banking, e-voting, internet connected devices, medical implants. If you have used a web frontend for server admin such as PHPMyAdmin, then cloudflare has your server's login password.
-cloudflare (untraceably) steals data: every file uploaded through cloudflare can be read by cloudflare.
-cloudflare can (untraceably) censor content
-cloudflare can implement an Acceptable Content Policy, denying access to any site that does not conform and censor content.
-cloudflare can (untraceably) tamper with content
-JS exploit injection
-Altering downloaded executables
-Framing users for sending data that they did not send.
Untraceably, because unlike a standard MitM, which can always be detected by saving and comparing public keys between sessions, cloudflare is always in the middle and is always either forging a fake public key or even TAKING YOUR PRIVATE KEY.
-cloudflare centralizes the internet, creating a single point of failure. If cloudflare goes down, every server routing through them goes down.
-cloudflare does not actually protect against hacking. They can be bypassed using any proxy other than Tor, let alone nation-state botnets of hundreds of millions of compromised systems.
-cloudflare costs money. You are paying for the muh privilege of giving away your domain, SSL key and server traffic to a third party.
The rational conclusion to the above would be that cloudflare is attempting to consume the entire internet, like cancer.
As cloudflare is a US corporation, which appeared out of nowhere with more bandwidth and better hardware than most ISPs and has rapidly spread across the internet, it is highly likely they are an NSA front designed to completely take over the internet. Use cloudflare or be DDoS'd, that is the definition of a protection racket. Do not let them succeed, if you value the internet.
Alternatives to cloudflare
-Just don't use cloudflare. You are not going to DDoS'd. Botnets have finite bandwidth, they cannot DDoS everyone. Even if you were, no DDoS lasts longer than 1 business day, because that is the maximum time it takes for an ISP to disconnect the IP participating in the attack for ToS violation.
-Use an alternate proxy service, such as Tor, I2P, VPN or even an open proxy, all of which do the same thing of hiding your IP, except in a free, secure, decentralized way.
-Long term solution is a distributed, peer-to-peer network such as Freenet, GNUnet or meshnet. An intermediate step is the decentralized server, where a single server is replaced by multiple nodes that sync with each other, such as in Usenet or NNTPchan.