Comment on The internet kind of sucks right now
salacious_coaster@infosec.pub 1 month ago
Domains hosted by cloud flare block AI scrapers by default, last I heard
Comment on The internet kind of sucks right now
salacious_coaster@infosec.pub 1 month ago
Domains hosted by cloud flare block AI scrapers by default, last I heard
renzev@lemmy.world 1 month ago
Cloudflare is harmful. Sure, maybe they’re doing a Good Thing™ today, but who stops them from turning around and selling all of the data they proxy to AI companies tomorrow? There is rarely a good reason to use cloudflare. If you care about blocking bots, there are self-hostable tools like Anubis. If you care about hiding your server’s IP, you can use a VPN that allows port forwarding or rent a VPS. Do not use cloudflare. Cloudflare should not be used. By using cloudflare, you surrender your digital sovereignty for a mirage of convenience and safety.
(Yes, I understand the irony of posting this from a instance that uses cloudflare)
vodka@feddit.org 1 month ago
Cloudflare announced their paid AI scraping service at the same time as they blocked AI scrapers.
Though at least they revenue share with content owners… Assuming said content owners are in paid cloudflare plans, abs opt-in.
salacious_coaster@infosec.pub 1 month ago
What stops any domain host from selling us out tomorrow? Why single out cloudflare?
hash@slrpnk.net 1 month ago
Holding your own certs and constantly reviewing your and your users threat models. Cloudflare’s excessive control comes from them being a proxy.
Vanilla_PuddinFudge@infosec.pub 1 month ago
Right, the middleware is the issue. You can bake all of what Cloudflare does yourself as far as hardening goes and utilities like Anubis and Pangolin, buuut you’re not getting that DDOS protection.
To Lemmy’s benefit, DDOSing one of us isn’t DDOSing all of us, buuut there’s a bit to be said about Lemmy mostly centralizing around .world.
If one had a botfarm and a grudge…
renzev@lemmy.world 1 month ago
IDK what you mean by “domain host” but the thing about cloudflare ('s most prominent service) is that it’s essentially a voluntary MITM between you and your clients. They see ALL traffic going between your server and your clients. This is not normal. Normally traffic between server and client is encrypted with HTTPS. By using cloudflare’s proxy your are adding a backdoor to that encryption. Your registrar cannot normally see this traffic. Your certificate authority cannot normally see this traffic without issuing a malicious cert. But cloudflare can. And, if they wanted to, they could even inject malware to deanonymize users, spy on journalists, steal data, etc. As a matter of fact, they already do, but instead of calling it “malware” they call it “analytics”, so it’s okay 👍
NaibofTabr@infosec.pub 1 month ago
Heh, man you have no idea how bad the DDoS attacks are without some form of protection. It doesn’t necessarily have to be Cloudflare, but if you’re putting up a public-facing website that you want people to be able to access, you absolutely need some DDoS protection service. You need someone to detect large-scale malicious traffic and offload it before it hits your system. It’s no mirage. Arch has been under attack for days. DDoS-for-hire is a profitable criminal enterprise.
Self-hosting a bot-interference tool like Anubis does nothing to help with DDoS attacks. You need a high-bandwidth shield that can absorb the incoming connection requests, filter out the legitimate users and dump the rest, and that means a CDN.