The modern internet is totally corrupt. Let’s dive in to why…
Content Delivery Networks (CDN)
Content delivery networks are global servers spread out around the world that keep a copy of a website closer to you, to serve it to you. By being physically closer to the end user, it speeds up the website’s delivery. However, the negative of this is that it has a tendency to centralize power for the entire internet to a few large players and that has big privacy effects. Rather than have these separate sites and blogs around the world just see their site only, instead the big CDNs see all traffic on the entire internet. This enables the “tyranny of the modern web”, in which website owners have just a tiny 1 core VPS, and then all their real files are externally hosted. The heavy use of CDNs allows the website owner to save on money, while sacrificing their free speech, independence, and the end user’s privacy.
With larger files, such as a video, a CDN is likely required. But the heavy use of CDNs for literally everything on the website should be associated with poverty. The website owner is saying “I’m too poor to host files”. Additionally, website owners enable Big Tech third party JavaScript such as a “Facebook like widget” which does surveillance that then slows down the load speed. So then they need an even more centralized CDN to serve up this bullshit bloat. This creates a vicious cycle of more and more Big Tech surveillance, which then needs an ever larger CDN.
Because surveillance is so profitable, the firms doing it can hire the best creative talent, which then shapes the entire tech industry. Young web developers use the same toolkits and learn from these corrupt organizations where an erosion of end user liberty is the norm. The end result is that web developers don’t even realize that they are over-using JavaScript when it’s not required. This slows down the web and feeds into the vicious CDN cycle. The largest player in the game is Cloudflare.
Cloudflare sees ALL passwords
One type of CDN literally points the domain name to the CDN company, so:
User -> Cloudflare -> real website VPS (1 tiny core)
This is how Cloudflare works. Since this is literally directing all traffic to the CDN company, they can see all passwords and ALL data. The SSL connection or httpS encryption is stripped away by Cloudflare. Unfortunately, a VAST majority of the internet uses Cloudflare. You will be shocked at how many “privacy” websites use it, including Skiff.com email, KYCnot.me, Michael Bazzell’s OSINT, and even Monero’s official site at GetMonero.org. Finding out that Monero’s core team used Cloudflare to distribute binaries, was for me like finding out there is no Santa Clause. Even Handshake.org literally complained about Cloudflare while using it.
Supposedly Cloudflare helps to stop “distributed denial of service” DDoS attacks, which is the bullshit justification that websites owners will give, instead of just admitting that they are poor and willing to sacrifice their freedom of speech because they have nothing of value to say.
A DDoS is when lots of bots or bullshit traffic hits up a website to overload it and take it down. But Cloudflare isn’t doing anything unique to stop this and there are many other choices one could pick from. All Cloudflare is doing is having a ton of money and servers to absorb the traffic. Then because Cloudflare has scaled through business deals, they can deliver the CDN at a much lower cost than other providers.
There are many other CDNs, but unfortunately most website owners simply do not care about their (or your) privacy and freedom, and they are only mostly concerned with getting the absolute rock bottom lowest cost, which is typically bundled into “shared hosting” plans.
Then MORE CDNs?!
Many website owners don’t just use Cloudflare. Then on top of that, their website calls upon 3rd party images from even more CDNs via JavaScript. For example website-files.com is a popular “JavaScript CDN” of this type.
User -> Cloudflare -> real website VPS (1 tiny core) -> Website-Files.com
So everyone and their mother sees your data, and the website owner lost their autonomy of speech, by complying with more and more terms of service restrictions. This is why website owners don’t care about abusing unnecessary JavaScript, because they outsource the economic cost of being an idiot, at at the expense of both their and your liberty.
Conclusion
In conclusion, change does not come from politics, but comes from you. Your actions dictate how much freedom the world has. If you accept a world of surveillance, then let the entire internet be overseen by two or three companies. But I do not accept things for the way they are. It is only through your actions to pressure website owners will it ever matter. Seek out alternatives, they do exist.
PS, check out Ombello, it’s a Tor Browser Onion search engine that crosses out Cloudflare:
ombrelo.im5wixghmfmt7gf7wb4xrgdm6byx2gj26zn47da6nwo7xvybgxnqryid.onion
Cloudflare does not see passwords. That data is encrypted through TLS to the server.
They do see passwords, they see everything.
https://community.cloudflare.com/t/does-cloudflare-proxy-servers-decrypt-my-data/145691/8
Cloudflare is cancer and many Nostr services are using it. Shame on them!
Wow. TIL... That is fucked.
Nostr relays have been attacked by DDoS and bots in the past. Provide a solution to that instead of shaming relay operators from your ivory tower.
Fund me and I will create a solution. I don't work for free.
A bounty beggar has been found
I am not in an easy situation. Would do it for fun if I could.
everyone knows real Nostr devs work for free 💁🏻♂️
Your answer is equivalent to a fat person saying, “all that’s in front of me is this chocolate bar”
There are MANY options. First of all there’s other CDNs, Bunny accepts Bitcoin.
There’s others that accept government money, Akamai, CDN77, Fastly, StackPath, even fucking Verizon bro. Any random cunt can rent a server and do it, why do you have to bow allegiance to ONE AND ONE ONLY company on your “decentralized” network?
Then that’s just the regular CDNs, then you got the cryptocurrency based ones covered in this article,
https://simplifiedprivacy.com/flare
And there's even more crypto ones doing docker containers not covered.
Yours is essentially a strawman as I did not say Cloudflare was the only solution.
But I am glad you did exactly what I told @nostrdev should do: provide solutions instead of shaming relay operators.
Those are not solutions, those are alternatives to the most problematic actor. The problem remains the same.
Wrong.
The domain is pointing to Cloudflare’s server. Yeah it’s TLS, but TLS to them. TLS is encryption to a physical location, and that location is Cloudflare.
I was mistaken as already pointed out.
my bad bro, I'm lagged on Tor, the rest came in after
I would have liked to seen the article come from the perspective of "Look, what is this? Are you okay with it? Here's why we should be concerned" and quite less condemning.
Aside from that, great information to bring to light. I did not know this, but now I'm glad I do. Perhaps we need a browser extension to alert if the site we are on is using a CDN
Just use Tor or a VPN with noscript plug-in and you will realise how small the real internet is because "normal" sites become almost unusable.
This is what I used to think. There's a lot more than people realize.
Yeah there are 2 browser extensions. One is in the Mozilla store and hasn't been updated in 7 years.
The other a random person put on Monero.town forums, but the github had low stars and so I didn't trust it to copy paste it down. I'll let you know if I find anything better. I don't want to post links if I can't vouch for it
What's the other benefit to doing a dos attack on a website, apart from forcing them to use a "ddos-proof" cdn?
I apologize I am unclear on what you're saying. Is your argument that only Cloudflare has enough money to run server computers, to stop a botnet of hacked low-grade home computers?
Not at all. Just wondering how much Cloudflare actually benefit from these "violent acts!" 😅
A Microst + anti-virus industry thing.
nostr:nevent1qqs2xy8pjlkunlr77uu9mtyz7dv953hwy9x8pcf03funnq7yzc5kaxcppamhxue69uhkummnw3ezumt0d5pzptpldtlpwkflvxqs2y76exs7238g0wwwjxe86dac3mzclw4fq992qvzqqqqqqyrqmxx7
The more you know about the arcitecture of the internet, the less fun it is
nostr:nevent1qqs2xy8pjlkunlr77uu9mtyz7dv953hwy9x8pcf03funnq7yzc5kaxcprpmhxue69uhhqatzd35kxtnjv4kxz7tfdenju6t0qgs2c0m2lct4j0mpsyz38kkf58j5f6rmnn53kf7n0wywck8m42gpf2srqsqqqqqp3q4l5g
Worth the read!
nostr:nevent1qqs2xy8pjlkunlr77uu9mtyz7dv953hwy9x8pcf03funnq7yzc5kaxcpz3mhxue69uhkummnw3ezummcw3ezuer9wcpzptpldtlpwkflvxqs2y76exs7238g0wwwjxe86dac3mzclw4fq992qvzqqqqqqyl2885k
To all PWA developers like @getalby
Please do not use cloudflare. Cloudflare can read ALL login details!
#pwa #cloudflare #getalby
Oddbean new post about login | logout