Nearly every website today seems to be hosted behind Cloudflare which is really concerning for the future of privacy on the internet.
Cloudflare no doubt logs, stores, and correlates network telemetry that can be used for a wide array of deanonymization attacks. Not only that, but Cloudflare acts as a man-in-the-middle for all encrypted traffic which means that not even TLS will prevent Cloudflare from snooping on you. Their position across the internet also lends them the ability to conduct netflow and traffic correlation attacks.
Even my proposed solution to use archive.org as a proxy is not a valid solution since I found out today that archive.org is also hosted behind Cloudflare… edit: i was wrong
So what options do we even have? What privacy concerns did I miss, and are there any workaround solutions?
It isn’t feasible to avoid using the top few CDNs in the world, of which cloudflare is one. Using a traffic anonymizing service simply kicks the can down the road, and now you need to trust the service you use to obfuscate your identity.
If you use Apple devices, which I’m guessing you don’t, then be aware that cloudflare operates some of Apple’s anonymization nodes. If you rely on TOR to obfuscate who you are, beware that several nations run a LOT of that infrastructure so they can correlate entry and exit information. If you use a paid VPN service, your payment details and account link you directly to the traffic you generate. Do you really trust those services to face government prosecution to protect you?
It’s a hard spot to be in, especially with fewer and fewer companies controlling larger portions of the internet.