[sejje]

> Your Internet service provider can see every site and app you use—even if they’re encrypted. Some providers even sell this data, or use it to target you with ads.

> We believe privacy is a right. We won't sell your data, ever.

"We, the people who make up this company now, but not in the future, PROMISE."

I notice they didn't say "we don't keep the data."

According to the comments, this is just wireguard. I deployed my own on a webhost and I use that, probably to the same effect. I guess I have to trust the webhost not to go snooping in my private logs, but that's a whole lot more targeted and requires a lot more effort.

[noncoml]

Yup. A bit less catchy than “Don’t be evil” but it’s the same.

Cloudflare is what Google was 20 years ago.

The cycle can only break by decentralized protocols.

[joshmanders]

> The cycle can only break by decentralized protocols.

I disagree. The cycle can break by breaking up the monopolies so that one company doesn't control everything, and allow free market to expand.

Competition keeps people from being evil. Evil only happens when there's no reason for them to NOT do evil things.

Google was fine until they became the top dog and nobody could even compete.

[legutierr]

Decentralized protocols are the competition you are looking for.

The only alternative is regulatory intervention, which is unlikely to happen, however much you may want it to happen.

[dizzant]

> Competition keeps people from being evil. Evil only happens when there's no reason for them to NOT do evil things.

I don’t agree. People generally don’t steal, but if they have no food, they will resort to theft to survive. Competition can prevent some ill effects of monopolistic tyranny, which I think is what you’re getting at here, but it breeds other evils.

[dpq]

Which isn't ever going to happen as the benefits of centralization are too great, as it has been empirically observed time and time again.

[johnebgd]

Even Adam Smith knew monopoly was a problem government needs to solve: https://economics-reloaded.com/1_classical_theory/Adam_Smith...

[ipaddr]

A decentralized economy has shown superior to a centralized economy over time.

[shaky-carrousel]

And in time, Cloudflare will be what Google is now. Better stay away from them, so we don't end locked in, like we did with Google. They will start using their role as the internet proxy as a lever soon, prioritizing the sites they like and slowing down the sites they don't.

[robertlagrant]

This is all running using decentralised protocols.

[pfortuny]

I guess he forgot “secure”, which neither TCP/IP DNS… are.

[bawolff]

They're secure enough when layered appropriately (https, quic, dtls, etc)

[goodpoint]

> Cloudflare is what Google was 20 years ago.

Cloudflare is already much worse. It's relentlessly centralizing the whole Internet.

[avg_dev]

I’m confused by the first claim. Is it really true? I thought TLS prevented anyone from inspecting my traffic. Am I completely off base?

[Crosseye_Jack]

Well with TLS it stops (almost (1)) anyone from seeing which pages you access on a site (with exceptions(2)), but which site you visit is still accessable unless the server supports Encrypted server name indication (ESNI).

When using standard SNI (SNI is used so you can have multiple domains on the same IP address) your connection to the server is not encrypted until after the hostname of the server you are requesting is sent at which point the server knows which cert to use to encrypt the rest of the traffic. So you can pull the host header out of the pre-encrypted traffic and look at which site the user is connecting too.

1) When the webserver you are accessing uses services that terminate TLS before the origin server (Cloudflare and CloudFront to name two) then the operators of those TLS terminators might be able to see which pages on that site you visit

2) You might be able to determine which page someone is accessing via side channels, for example if example.com/naughtypage.html always returns a page of a certain size which is determinable you can presume they connected to example.com/naughtypage.html if the returning data matches that size.

[rjh29]

They know what IPs you are connecting to and when, which is valuable. If Cloudflare serves the site you are connecting to (which is increasingly more common) they have access to all of the data you are transmitting.

[avg_dev]

Somehow I thought they meant more. I’m sure my ISP is after all of my data but I’d rather them than CF. Upon rereading their claim I suspect it is just about IPs and hostnames. I can live with that. Also my browser uses DoH.

[password4321]

Yes, even the router given by my ISP offers Parental Controls with keyword matching against host name, thanks to SNI.

https://en.wikipedia.org/wiki/Server_Name_Indication

> The desired hostname is not encrypted in the original SNI extension, so an eavesdropper can see which site is being requested.

[majou]

SNI reveals which domains.

[rjh29]

ECH (encrypted client hello) is going to become mainstream pretty soon. But if you're doing something dodgy, hostname vs. IP is unlikely to make a difference anyway.

[runnerup]

Is “DOH”ttps needed to hide requests from ISP’s when using VPN? I’d imagine the DNS protocol also runs over VPN?

[Crosseye_Jack]

Well using DoH while using a VPN isn’t going hurt and VPN clients/OS’s have been known to leak DNS queries from time to time.

So think of it like other forms of protection where 2 is better than 1 just in case that one fails.

[joshenders]

Is your web host also deployed within 40ms of every eyeball on earth?

[sejje]

No, but since it's just a VPN for myself, it only has to be close to my eyeballs.

Well, actually it doesn't, since ping time is not particularly important to me, but in theory.

My webhost would be a terrible replacement for Cloudfare's main product, which maybe you're talking about, as it needs a worldwide presence. This product is a VPN for your phone.

[rco8786]

This is a weird criticism. No person can guarantee that some other person in the future will or will not do something.

[sejje]

Maybe I wasn't clear. My criticism is this: they're logging the data. That leaves the door open to bad actors in the future, whether it's the next CEO, whether it's a government, or whether it's criminals who steal the data.

Pointing out that the company will revolve is not a criticism.

I do think it's kinda funny they are trying to oust your ISP and insert themselves, as the keeper of traffic logs. Either way, I guess we're going to choose a big corporation to trust.

Lastly, I don't think your point stands, when the quote says "we won't sell your data, EVER" (my emphasis)

[amcvitty]

Weird in general maybe, but I got the point: if they didn’t store the data, then future people couldn’t sell the data

[evandwight]

The incentives encourage selling the data and there's no reason they can't just change their mind one day.

It's a weak promise and a valid criticism.