zlacker

>>jahnu+(OP)
amazing how cloudflare has framed this anticompetitve move as a privacy thing.

it doesn't matter if your dns resolver leaks part of your ip address to archive.is's dns servers when you're about to connect to archive.is from your ip address anyway. the only thing dropping the edns client subnet does is prevent services you use from giving you a server that's closer to you when you do the dns lookup. this performance issue, of course, does not affect sites using cloudflare.

>>dimens+36
Just so we’re on the same page: Cloudflare decided globally not to include client IP in the EDNS data. Then archive.is decided to block Cloudflare’s resolvers from getting accurate records for their site.

To circumvent this, Cloudflare would have to reverse their global stance or make a special exception to satisfy archive.is.

It’s unclear how we could draw “anticompetitive” from this.

>>akerl_+I8
Cloudflare (Matthew Prince personally, here on Hacker News few months ago) said that they do reverse that their global stance for Netflix and some other megacorps.

So this is a super-premium feature unavailable to small players.

CloudFlare just changed how DNS behaved and charge corps to make it work as it worked before CloudFlare entered the stage.

>>raxi+Dg
Do you have a citation for that? Sourcing from https://news.ycombinator.com/item?id=19828702 , they don’t reverse their global stance for large providers. Their stance is ~”Including client IP via EDNS violates our goal of maximizing user data privacy”, and what they’re working on with other large-scale providers is a way to improve geo-resolution without weakening user privacy.

>>akerl_+7h
Exactly on your link, just ctrl-F for "Netflix":

"We are working with the small number of networks with a higher network/ISP density than Cloudflare (e.g., Netflix, Facebook, Google/YouTube) to come up with an EDNS IP Subnet alternative that gets them the information they need for geolocation".

Well, I might be inaccurate in saying "exactly the same protocol as before", but it is clear that what was available to every webmaster via EDNS, now available only to members of a closed club, via good old EDNS or a proprietary alternative. The latter is more likely, not because of privacy-caring, but because they could now charge it as license fee for using private protocol.

>>raxi+Zi
I think they mean they're working on an alternative standard, not anywhere near "we give you an API to match DNS requests to origin city". These talks might have been as simple as "we'll give you [and everyone] geoip information for the datacenters we request from based on IP, and you can load balance off that".

>>judge2+Ol
I do not think it has much sense if the standard is the good-old-EDNS or something new, for example supplying city name in a text form instead of hiding last bits of IP as EDNS does.

Google's 8.8.8.8 provides client-ip via EDNS to every webmaster. Zeroing at least 8 bits for privacy - it was made with privacy in mind too. The privacy could be tuned by zeroing 10+ instead of 8+ bits, etc. There is nothing wrong with EDNS and privacy, which would require to abandon ENDS with privacy stancas.

And Google provides that FOR FREE. To everyone.

How can I - as webmaster - get similar info from 1.1.1.1? Not being a Silicon Valley megacorp.

>>raxi+2n
Again, you keep presenting this as something Cloudflare provides to “megacorps” for money. There’s no evidence this is the case, it’s just your speculation.

I’m really sorry that you somehow depend heavily on EDNS Client Subnets, a feature that was only standardized 5 years ago. But it’s optional, per the spec, and Cloudflare has published their rationale for not enabling it on their resolvers.