IDK what you mean by “domain host” but the thing about cloudflare ('s most prominent service) is that it’s essentially a voluntary MITM between you and your clients. They see ALL traffic going between your server and your clients. This is not normal. Normally traffic between server and client is encrypted with HTTPS. By using cloudflare’s proxy your are adding a backdoor to that encryption. Your registrar cannot normally see this traffic. Your certificate authority cannot normally see this traffic without issuing a malicious cert. But cloudflare can. And, if they wanted to, they could even inject malware to deanonymize users, spy on journalists, steal data, etc. As a matter of fact, they already do, but instead of calling it “malware” they call it “analytics”, so it’s okay 👍
Comment on The internet kind of sucks right now
salacious_coaster@infosec.pub 2 days agoWhat stops any domain host from selling us out tomorrow? Why single out cloudflare?
renzev@lemmy.world 1 day ago
hash@slrpnk.net 2 days ago
Holding your own certs and constantly reviewing your and your users threat models. Cloudflare’s excessive control comes from them being a proxy.
Vanilla_PuddinFudge@infosec.pub 1 day ago
Right, the middleware is the issue. You can bake all of what Cloudflare does yourself as far as hardening goes and utilities like Anubis and Pangolin, buuut you’re not getting that DDOS protection.
To Lemmy’s benefit, DDOSing one of us isn’t DDOSing all of us, buuut there’s a bit to be said about Lemmy mostly centralizing around .world.
If one had a botfarm and a grudge…