zlacker

Corporations operate for profit.

>>113+(OP)
Indeed - but there are other ways to make money than to sell of your personal information to the highest advertising bidder.

>>113+(OP)
And so you accept the first answer. That’s fine.

Cloudflare has repeatedly said that while they operate for profit, they take the long term view. By doing the right thing now, by being privacy focussed, they will be profitable for decades to come. This seems logical to me, which makes the second answer more believable.

>>tedk-4+o
Such as, in Cloudflare's case, selling our service (the DDoS protection, the caching, the firewalling etc.) to companies that pay for that service because it helps them.

While at the same time working to preserve people's privacy with things like giving out SSL for free, pushing for eSNI, running a public DoH server, building a service that makes sure all data from your phone to us is encrypted etc. etc.

>>jgraha+W1
"like giving out SSL for free"

The market rate for standard SSL certs is zero.

>>jgraha+W1
It's been shown that Cloudflare's DoH service is a lot ado about nothing, and is actually worse for privacy, not better:

* https://news.ycombinator.com/item?id=21071022

Likewise for 1.1.1.1 — when taking into consideration the local caching appliances that the ISPs have invested in, the lack of ECS would make the clients go all the way through the internet for the same content that's already cached locally by the ISP for users of all other decent resolvers — this will only contribute to increased costs for the individual ISPs, extra latency for users, and more competitive advantage of your products due to you diminishing the technological advantages of your competitors, without regard to the actual user experience of the users, or the reliability and scaling of the internet infrastructure at large.

Not to mention that such Netflix/YouTube usage, when going directly through transit providers and through the whole internet, would also subject the users to a greater chance of surveillance at large compared to users of resolvers that would access local copies on the caching appliance.

>>denton+86
It wasn't in 2014 (https://blog.cloudflare.com/introducing-universal-ssl/) when we launched it.

>>nindal+z
Do you remember "do no evil"?

Pepperidge Farms remembers.

>>cnst+y8
Except in the US the ISPs are some of the biggest surveillance organizations themselves. They are also highly monopolized so most people in the US are on one of a very small number of ISPs

>>jgraha+W1
If you're trying to preserve people's privacy, why doesn't the 1.1.1.1 VPN service also mask originating IP?

>>tomp+Vo
Warp isn't trying to "hide your IP from the sites you are visiting". It's there to help prevent intermediaries from observing your traffic. A huge percentage of the web is still unencrypted HTTP.

And Warp+ aims to be about that plus performance.

If you want to be totally anonymous on the Internet then I recommend you use Tor. If you just use a VPN then you may hide your IP address from sites you visit but there are tons of other fingerprinting techniques that can be used.

>>jgraha+as
I understand all that, and you didn't answer my question. Why do you push the narrative that 1.1.1.1 DNS resolver protects user privacy (by hiding originating IP / subnet) whereas 1.1.1.1 VPN gladly reveals that data? In both cases, the destination is hidden to any eavesdroppers, but in the latter case (VPN) the source IP is visible to the destination website, whereas you keep insisting how vital it is to hide source IP in the former case (DNS).

>>tomp+7x
In the case of Warp, we add the connecting IP information as a header to the HTTP request for sites on Cloudflare. This will typically be inside TLS to the origin server, and so the source IP information will be encrypted and only visible to the web site being visited.

In the case of DNS information about the subnet, the query etc. is sent around unencrypted.

One is open to eavesdropping, the other is not.

>>jgraha+Rz
Someone capable of eavesdropping on that query sure as hell capable of eavesdropping on incoming connections to 1.1.1.1 where they can see actual IP address that initiated the query. There is no way to justify this as a privacy feature. Well, unless people don't understand enough to believe you.

>>zzzcpa+cB
Not really. An eavesdropper can sit in front of the authoritative server for a site and eavesdrop on all the DNS queries with EDNS information. That's one place they need to be.

To eavesdrop on Warp you'd need to do it all over the world, capture encrypted traffic and then try to correlate traffic. If your threat model is a global adversary capable of doing that correlation and you don't want sites to know your IP, then use Tor.

>>jgraha+AC
> An eavesdropper can sit in front of the authoritative server for a site and eavesdrop on all the DNS queries with EDNS information.

No, they can sit near your 1.1.1.1 servers and catch all incoming and outgoing traffic, watching connections to your 1.1.1.1 servers that initiate DNS queries and actual outgoing queries that 1.1.1.1 makes to authoritative servers and responses too.

>>zzzcpa+ED
So if we're talking just about unencrypted DNS to 1.1.1.1 then you're assuming an entity capable of sitting in front of us in 194 cities worldwide.

vs

With EDNS sitting in front of the authoritative server of the site this actor is trying to monitor.

The latter is easier than the former.

>>jgraha+ZE
In the latter case it's just as easy to catch real IP addresses by sitting in front of authoritative DNS servers and actual servers those DNS records point to. As I said, you just can't justify it as a privacy feature. It does nothing significant in any threat model.

>>pixl97+uh
Which is a good argument for not using your ISP's DNS either, but those are not the only two options.

One of the better alternatives is to get a VPN you trust that puts multiple users behind the same IP address and then operate your own recursive DNS from behind there. The VPN service itself could still log your queries, but at least they have plenty of competitors, and you chose one you trust, right? Or if you don't want to trust any one party, use Tor.

>>jgraha+Rz
Ok, that makes more sense. So you're basically worried about the unencrypted connection between Clouflare and DNS authority server. Initially I understood that you're worried about leaking IPs to DNS authority server itself.

>>cnst+y8
It has been argued, I wouldn't say that it has been shown. Both my ISPs operate a DNS blacklist. So did my previous ISPs, in the country I previously lived in. And in a third country, where I was on holiday. ISPs even in the USA are gnashing their teeth at the prospect of losing visibility into DNS. Why would they care if they weren't using that data? Why do they need a subscriber -> [domain] mapping? Routing tables don't care about domain names. Edge caching of web content doesn't work with https. I might care about DNS caching if the ISPs haven't demonstrated time and again that they will abuse my privacy for a buck, after I've already paid them for the privilege.

I trust Cloudflare much more than I trust any ISP I've had to deal with, including American ISPs when I lived there. I trust Google much more than any ISP, and I'm not particularly charitable towards Google.

Centralized DoH isn't perfect, but it's better than the status quo. The SNI hole is shrinking. My threat model does not include defending against the Mossad doing Mossad things with my email^H^H^H^H^HDNS[1].

[1] https://www.usenix.org/system/files/1401_08-12_mickens.pdf

>>jgraha+Rz
On twitter[0], they claimed the main thing they were after is a very rough geolocation with the dns request. Country level, or at least continent level. So they can respond with a nearby data center.

That doesn't sound too bad, privacy-wise.

EDIT: I mean if you were to map all US IP's to a single canonical IP for instance.

[0] https://twitter.com/archiveis/status/1018691421182791680