[akpa1]

I have unrelated issues with Cloudflare becuase they're a single entity that controls access to far too much of the internet, in my opinion.

In this case specifically, I moved the domain away since they want you to pay extra money to use custom DNS servers.

[ocdtrekkie]

Wait, let me get this straight... you moved from Cloudflare, because you were worried about the scale of their control of the Internet... and you chose to migrate to... Google, the company that definitively actually controls the Internet, via monopoly-scale shares of search, email, web browsing, and has authored nearly every new Internet protocol specification in the last ten years to subtly make their ads harder to escape?

[akpa1]

No, I said the first point was unrelated to my decision to move my domain.

[foolswisdom]

Cloudflare is known for controlling infra, while those Google examples are end user applications. Just saying.

[throwaway810]

GCP? Google Domains? Google Workspaces? Gmail? QUIC?

[ocdtrekkie]

The protocols Google is redefining to be user hostile are a layer below even infrastructure. The very nature of HTTP and DNS are being rewritten to serve Google's business interests.

[mardifoufs]

Hostile to what? Enterprise middleware that wants to snoop on their users (sure, fair) so they demand entire standards to allow for said snooping? Enterprise users are a small minority of end users.

I guess DNS over https can be antiuser (even for normal consumers) in the sense that it makes it harder to block ads at the dns level but quic?

[ocdtrekkie]

DoH is now being used by malware to covertly communicate with C&C servers, blending in with all the other encrypted traffic routed through Google DNS. QUIC is quite similar in that the goal is to mandate encryption and obscure traffic and content from security devices. The only supposed benefit to consumers is for websites which need to load an excessive amount of ad content and scripts, again, doubling down on their core competencies at the expense of everyone else. HTTP/1 is more than serviceable for any website that isn't, at minimum, shoving ten times more ad content than actual content.

Honestly, I think that's a core misconception Google has managed to sell people on: That enterprise middleware is somehow bad and malicious, as opposed to the ad company that distributes malware as a primary revenue stream which tells you that the middleware that catches it is bad.

If network traffic is on my home network, I have a right to inspect it. If network traffic is on my work's network, my work certainly has a right to inspect it. To be blunt, with some regulatory supervision assumed, if you're using an ISP's network, they absolutely have the right to manage their network. Why in the actual heck did anyone buy Google's narrative that somehow enabling them to convert the Internet into an end-to-end encrypted ad delivery and spyware platform was a good idea?

The marketing acumen to pull that off, now that's legendary.

[mschuster91]

> If network traffic is on my home network, I have a right to inspect it. If network traffic is on my work's network, my work certainly has a right to inspect it. To be blunt, with some regulatory supervision assumed, if you're using an ISP's network, they absolutely have the right to manage their network. Why in the actual heck did anyone buy Google's narrative that somehow enabling them to convert the Internet into an end-to-end encrypted ad delivery and spyware platform was a good idea?

Because there are quite the number of countries that run massive nation-scale censorship and surveillance campaigns. Google going all-in on encryption of everything, LetsEncrypt being founded - all of that is a direct response to the actions of the US government wiretapping everything including Google's internal datacenter communications and countries like China, Russia and Iran running massive disruption campaigns.

And that doesn't even touch private entities messing with the Internet traffic of their customers - most notably ISPs not just delivering wrong answers on non-existent domains on their own DNS servers to serve ads instead of NXDOMAINs, but going as far as to hijack and rewrite all DNS traffic for that purpose. Or that sniff on DNS requests to sell that data to advertisers (or to the NSA).

And to make it worse, the various "middleboxes" along the Internet placed there by employers forced to comply with dumbass laws, by ISPs doing above-mentioned DPI and manipulation, or by governments of all kind have led to an ossification of Internet protocols because even trivial stuff could lead to issues (remember DCC SEND STARTKEYLOGGER 0 0 0?).

Yes, it is a good thing that Google leads the way in making encryption ubiquitous. Fuck governments, fuck ISPs, fuck everyone who thinks they have a right to intercept, snoop on, track or analyze my communication.

PS: If an employer (or you) wish to inspect traffic, there are many solutions - the most obvious being a private CA root cert to be installed on the client.

[tomklein]

iirc, custom DNS at CF refers to using your own subdomains as name servers for CF instead of the regular *.ns.cloudflare.com. Basically a form of whitelabelling.

Specifying 3rd party name servers as your domain’s name server was (still is?) not possible with Cloudflare Registrar.

(Disclaimer: I work there)

[lpgauth]

It’s pretty crazy that you can’t setup a custom 3rd party name server. I can’t even transfer my domain from one Cloudflare account to another without transferring my domain to another registrar…

[1una]

That's the strategy. They offer "at-cost pricing", but force you to use their own name server.

[account42]

Kinda feels like restrictions on what you can submit to the registry (NS and glue records) should be something ICANN forbids.

[rekoil]

Thank you for this information, I was planning to move my domains.google domains to Cloudflare, but now I think I won't do that. I'll still use Cloudflare, but the inability to use my own NS is a dealbreaker for using Cloudflare as a registrar in my opinion.

[qodeninja]

exactly. just as I was considering moving to CF this changed my entire mind.

[pokoblond]

Makes sense! That worries me too. I thought it was a new issue with them. Personally I use Porkbun and NameSilo (cheapest .ca domains) and am very happy with both.