Its a man in the middle that recieves every communication to any server that uses it, including ip addresses, signups, passwords, usernames, all in clear text for them. Since so many servers use it, its a giant aggregator as dangerous as a centralized password store.
Just wanna add that it’s impossible for them to have your encrypted messages if you use an HTTPS certificate from another CA.
Meta analysis of encrypted traffic is more powerful than you think. By analyzing things like the length and timing of requests and responses, researchers have been able to determine what search term a user typed, what images and videos are being viewed, which threads on a forum they accessed, among other things, without ever decrypting the HTTPS data.
I use Cloudflare solely for DNS management because I know of other alternative that is remotely close to it… Registrars are usually really awful. I never proxy A records, always pure DNS.
Quad9 is a great alternative to CF’s 1.1.1.1, but unfortunately they don’t provide a service like that :c
I am guessing you aren’t running any servers anywhere you could do your DNS on?
Never considered that as a serious option. What kind of DNS server software would you recommend? What resource footprint does it have (my server is already pretty crowded and I’d like to not get a new one for now)? Does it work well?
Works as flawlessly as anything, but I’d recommend two systems, you want to have at least 2 DNS servers. If two small VPSes doesn’t make sense for you (you hardly need any resources to run powerDNS or BIND), then I wouldn’t go with that option. Was just curious.
Yeah, I just read a bit on the topic too and I came across the same thing. Atm I don’t run anything that would justify getting two servers for DNS, so I’d rather rely on a third-party. Thanks for the suggestion though and if you have any good alternatives to CF please let me know :)
Well, I would be loathed to give CF money or data, so since I own domains at a registrar that does “meh, OK” services, if I wasn’t running my own DNS servers I’d just go with them. I would most registrars would provide reasonable DNS services for nothing.
I use Netfirms, btw, but that’s not necessarily a plug for them.
I see. Yeah, I haven’t had the greatest of experiences with my registrars when it comes to DNS (mainly slow updates and inability to add some types of records). Also, I don’t give CF money nor data really, I use just DNS, no proxying. The distributed nature of DNS makes CF less prone to getting data than it would be otherwise. Do you know any other service similar to CF’s DNS thing?
Lots of good answers already, but I haven’t seen anyone talk about this: Sites “secured” by CloudFlare are almost impossible to use with Tor, some VPNs, or even simply with JavaScript disabled. Their Captcha page that pops up when you use any of these tends to be broken and just redirects back to itself even when you clear the captcha, instead of actually showing you the page itself (and the redirection is happening server side, so there’s also nothing you can change in the URL to get you to the right page).
The article I linked includes all of that.
It’s not hate against CloudFlare itself, but mostly against the centralization and siloing of private services that are incrusting themselves at the core of the Internet.
No, it’s hate against the company (in addition to what you said). CloudFlare has done many dodgy things in the past and are absolutely not trustworthy.
Do you mind enumerating some of these dodgy things?
Removed by mod