zlacker

[return to "Does Cloudflare’s 1.1.1.1 DNS Block Archive.is? (2019)"]
1. freedo+Ka[view] [source] 2023-08-02 14:27:31
>>lolind+(OP)
Cloudflare CEO Matthew Prince answered this directly on HN: >>19828702

Most relevant piece but the whole comment is worth a read:

> Archive.is’s authoritative DNS servers return bad results to 1.1.1.1 when we query them. I’ve proposed we just fix it on our end but our team, quite rightly, said that too would violate the integrity of DNS and the privacy and security promises we made to our users when we launched the service.

> The archive.is owner has explained that he returns bad results to us because we don’t pass along the EDNS subnet information. This information leaks information about a requester’s IP and, in turn, sacrifices the privacy of users.

Honestly it's that type of thing (the frankness, the presence on HN, willingness to participate, the principled stand on privacy) that got me into Cloudflare products. I now generate hundreds per month in revenue for them and that will likely be thousands in the next year or two. His time/effort on HN directly led to customer acquisition and revenue.

That said I do worry about the incentives Cloudflare has to their big customers. CF is a great tool for site owners, but like any tool has the potential to be a great evil (against the user) if the principles ever wane. It's already being used by a lot of sites to make life a living hell for people behind a VPN. As a site owner I absolutely get it: practically zero of my legitimate traffic comes from VPNs (our main demographic tend to skew older and much less technical than the average consumer), but all of the automated attacks against me do. Balancing freedom and rights is hard, but I deeply appreciate the thoughtfulness and principles that CF has displayed over the years.

◧◩
2. johnkl+oS[view] [source] 2023-08-02 17:33:47
>>freedo+Ka
Cloudflare is in the wrong here. They want to "protect" people from their own ISPs, from nefarious web and DNS servers that'll "sacrifice the privacy of users" by - you guessed it - doing exactly the same thing themselves. They've given very little reason to trust them, while giving plenty of reasons to think they might be evil (like protecting known spammers / scammers / phishers).

If another company did what Cloudflare does and homogenized tons of requests behind them, you can bet Cloudflare's CAPTCHA systems would block them in a second.

I have zero respect for Cloudflare's inability to answer criticisms about what they do, about their constant deflections from simple, straightforward questions, and the fact that they do to others what they would never accept anyone else doing to them. It's hypocrisy in the service of trying to become a monopoly by re-centralizing the Internet.

Don't believe me? Go ahead and look for examples of Matthew Prince addressing concerns that much of the non-western world can't access Cloudflare fronted sites because of Cloudflare's "reasons". When you don't find any that have more than just vague platitudes and handwaving, imagine how you'd feel if you were one of those multiple billion people.

◧◩◪
3. tick_t+dT[view] [source] 2023-08-02 17:36:34
>>johnkl+oS
EDNS is OPTIONAL. archive.is is objectively in the wrong here.
[go to top]