• CuriousGoo@beehaw.org
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    Could you elaborate on your point of them using Cloudflare ?

    My understanding is that their websites would be behind Cloudflare for their CDN and anti-DDoS services, maybe WAF as well. Solely looking at CDN services essentially the options come down to Cloudflare or Akamai who have a global domination of the market.

    • jet@hackertalks.com
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      The original commenter hasn’t posted anything in 3 years so you’re not going to get a response most likely.

      Cloudflare due to its very nature has unique observation of internet activity. So putting your privacy focus system in front of cloudflare is giving them even more observability into your privacy system. So it seems antithetical.

      • CuriousGoo@beehaw.org
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        I didn’t notice the 3 years part till I read in your comment.

        Are there any privacy respecting CDN services though?

        I won’t comment on what Session is/was doing with Cloudflare services, but say if I am using DoT on my device for encrypted DNS requests, and the traffic is also E2E encrypted, how much can such a provider really see ?

        Tools that we have at my job won’t be effective if they receive an encrypted payload.

        • jet@hackertalks.com
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          It’s honestly probably fine. Using cloud Flair for a website is pretty standard. I’m not sure if they use cloudflare for their oxen network but I doubt it.

          I’m not familiar with any privacy respecting CDNs