Nearly every website today seems to be hosted behind Cloudflare which is really concerning for the future of privacy on the internet.
Cloudflare no doubt logs, stores, and correlates network telemetry that can be used for a wide array of deanonymization attacks. Not only that, but Cloudflare acts as a man-in-the-middle for all encrypted traffic which means that not even TLS will prevent Cloudflare from snooping on you. Their position across the internet also lends them the ability to conduct netflow and traffic correlation attacks.
Even my proposed solution to use archive.org as a proxy is not a valid solution since I found out today that archive.org is also hosted behind Cloudflare… edit: i was wrong
So what options do we even have? What privacy concerns did I miss, and are there any workaround solutions?
From a user side, nothing.
From a host side: AWS/GCP/Azure, scaling is built in; maybe isn’t cheaper than self hosting, but it eliminates maintenance worries, uptime is their responsibility.
Cloud front, F5, imperva: protection from: sql injection, basic script attacks, ddos, and man in the middle.
To avoid them you’d have to stick to small time web sites that self host and handle attacks on their own. Funny enough when I ran small-time sites we never had a successful injection attack, and I handled a ddos attack by just blocking IPs one at a time till they gave up. It’s not hard, but when the company hits a certain size where they hire a cyber security specialist, all the sudden we need these additional protection tools.
Thank you. One of the best responses I’ve got so far.