[Shakahs]

Another HN hot take about the Cloudflare bogeyman.

The CDN can't give you content you're asking for without knowing which content you're asking for.

This improvement prevents your ISP and the government from reading your packets to get that same information.

[hn_throwaway_99]

Especially since, as another top comment put it, ECH only gives privacy benefits if the serving IP is serving multiple domains.

I'm all for being wary of large-scale consolidation, but I feel like these lazy gripes aren't assessing the pros and cons dispassionately.

[apitman]

The internet is moving towards a place where it might not be possible to self-host anything important without getting DDoS'd. Companies like Cloudflare provide a solution to this problem, but that also creates a crutch that means no effort is expended to solve the problem at the root, which means the day may come when you don't have any option left other than Cloudflare.

I think these are important issues and worth talking about.

[Shakahs]

Those issues are absolutely worth discussing, in a reasonable way. Cloudflare isn't the bad actor perpetuating these DDoS attacks, and they aren't forcing website operators to use their services either.

[apitman]

They don't need to be a bad actor. They just need to be big enough and follow their incentives.

Companies aren't binary good or bad. They go through a lifecycle. Today's young and scrappy startup fighting for the people and the CEO making house calls is tomorrow's big tech with AI chat support.

It's worth noting where a company is in its lifecycle, and what the world is likely to look like if it continues to grow.

[Animats]

> Cloudflare isn't the bad actor perpetuating these DDoS attacks

How do we know that? Who else benefits from most of them?

[cebert]

What makes you believe CloudFlare wouldn’t do this? They may have state actor employees or be compelled by a government to surveil users.

[Shakahs]

So now the government needs to compel a corporation to hand over some data, because they are no longer able to read it straight off the wire like they could before. That sounds like a significant improvement to privacy.

[naivety]

People trafficking drugs into Australia were using a secure, encrypted messaging service developed by a private third party provider.

They eventually found out that the third party provider was in fact the Australian Federal Police, reading all their messages in clear and in real time.

The government only needs to compel a corporation if that corporation has an adversarial relationship with them.

We have tried the centralized model pushed by Cloudflare before, it was called the Minitel.

[apitman]

Sounds like an interesting story. Do you have a link to a summary?

[schoen]

> The CDN can't give you content you're asking for without knowing which content you're asking for.

Maybe some PIR protocol can also eventually change this (if the users and Cloudflare don't mind the computational and network overhead!).