|
|
|
|
|
|
by Avamander
271 days ago
|
|
|
> Cloudflare has become a highly attractive target for state-sponsored attacks, suffering from recurring breaches. Their sheer scale, considering that they are serving a substantial portion of the internet, means that an outage or compromise could have widespread, costly consequences. I'm unsure how much of these can actually be called "attacks" rather than "complying with local laws" that lets them operate in a lot of countries. Including hostile ones. They really don't segment customer data sufficiently to mittigate this either. CloudFlare even officially says that they don't actually enforce even Regional Services and you have to do that yourself as a customer. Rest of customers get even fewer guarantees than that. Have fun, three-letter agencies. https://developers.cloudflare.com/data-localization/limitati... > Regional Services operates on your hostname's IPs. We recommend using DNSSEC and/or DNS over HTTPS to ensure that DNS responses are secure and correct. This of course is funny considering how CloudFlare has used the same DNSSEC key signing key for ⪆10 years. It also doesn't mention BGP hijacks or similar MITM attacks, because there's also not much anyone besides CloudFlare can do against that. |
|
|
* someone is a homosexual * someone had sex out of wedlock * someone is a communist * someone is right-wing * someone is a Muslim * someone is _not_ a Muslim * someone spoke ill of the current ruler * someone hosted a messaging service, and didn’t ask users for a copy of their id