> I can be sure that they won't inject ads into my HTML pages. I can be sure that their DNS will not replace NXDOMAIN with fake ad responses. I can be sure that they won't log my VPN traffic trying to extract passwords or something like that.
But they have built the perfect shim in the middle to do ALL of these things at some point in the future.
The only thing preventing it is a handful of moral executives, who someday will move on or retire. At that point a smart Wall Street type is going to figure out that a merger between CloudFlare and $adnetwork is going to generate a shit ton of money (think Google+DoubleClick).
I don't doubt that CloudFlare is full of smart well meaning people, but what they have built is a ticking timebomb. The solution is to have ten CloudFlares so that the path between consumers and websites isn't regulated by a single organization.
Edit: to be clear, the internet was successful because any host could talk to any other host. If people did dumb shit you could work around it in creative ways. Even in the most oppressive countries censorship is still bypassable. CloudFlare's business model is centered around convincing companies to effectively disconnect their services from the internet so they only talk to CF servers.
And yet Cloudflare is just one of many massive internet companies. Are you going to say the same about Akamai? What about all the ISPs and exchanges in the middle? What about all the clouds and datacenters?
The reality is we live in an interconnected world where everyone uses hundreds of vendors to live and work. There's a certain amount of trust involved, backed by business relationships and the law. It's not perfect but it works just fine.
If you really think Cloudflare is excessively risky then of course you don't have to use it, but it's a strange conclusion to arrive at after looking at their actions all this time.
CloudFlare positions itself as an all or nothing frontend to your site, not just a CDN you offload assets to. Even sites that fully front themselves with a CDN you can still poke around and find the origin servers.
For example you can drop requests to fbcdn.net (which last time I bothered to check was a good mix of Akamai) and still make a connection to Facebook itself and at least logged in and view HTML.
Obviously ISPs, internet exchanges, datacenters, and clouds operate very differently. But I imagine you know the difference.
What are you trying to say? You can use Cloudflare in a variety of ways, just like any other CDN.
My point is that there are lots of vendors with lots of control involved in pretty much every business transaction. There's nothing special about Cloudflare in this regard, in the same way you trust your bank or ISP or power utility or office custodial staff. Risk management is a mature process; no wild conspiracies required.
I was with you up until "The solution is to have ten CloudFlares so that the path between consumers and websites isn't regulated by a single organization."
This is hardly a solution, it just spreads the pain around. A solution would be a democratically planned organization, or group thereof, which is responsible to all shareholders including users, employees, executives, and investors.
Basically all of those companies are regulated, and none of them can cut you off, because you did something stupid. You can even murder someone, and they can't cut you off.
Well yeah, sometimes. In some countries (i believe france), they can only limit power to lightning (a couple of hundred watts limit, so not totally off) if you don't pay, and if your only cooking appliance is using electricity (electric stove), they can't even limit that.
> The solution is to have ten CloudFlares so that the path between consumers and websites isn't regulated by a single organization.
There are! Cloudflare is by no means the biggest CDN provider - plenty of others exist out there. Akamai, CDNs from Google/Azure/AWS, Fastly, at least.
What makes Cloudflare so unique in it attracting criticism like this? They're just a bog-standard CDN, the likes of which has existed long before Cloudflare. Is it just because they're the most "visible", having a free plan that people use?
The Cloudflare captcha is ridiculous really and makes sites completely unusable with a VPN. I even get captchas for different pages on the same domain! It used to be you only got captcha for form submissions. But somewhere along the line you started getting it for simply visiting web pages as well. Part of me wonders if I'm just getting played by these companies into labelling all their ML training sets for them.
There's not really any "lock-in" with CloudFlare, though. It'd take me a day, at most, to move off of their free services.
They provide me a lot of value right now, for free. If they ever started doing something shady, I trust that people like you would cause enough of an uproar/pushback that I (and other site owners) would find out about said shady activity... and then move off CF.
I'm not as concerned with the what-ifs of what a company could do in the future as I am with their track record so far.
To me saying any $X big company is a ticking time bomb is nonsense.
The fact is, a number of companies control a huge number of eyeballs. An unethical exec taking advantage of that would cause enormous PR nightmare. If you're making money with a great brand reputation, you don't mess with the recipe.
Yes, they do mess with the recipe. They've got money to mask it out and assist with conditioning the population to the new norm. And they can do this cause the service is sticky. Mass client exodus is very unlikely. And the ones that move out for morals are quickly replaced.
We have plenty of historical data to draw from here. Cynicism is the rational approach.
Corporations (beyond a certain threshold of market control) doing shady, consumer hostile things for profit is the norm. So I don't think the ticking time bomb concept is nonsense at all.
As a recent example, Google was an overwhelming net positive for years. They genuinely made the internet better. But the day they went public their eventual abuse of their market position, intentional or not, became inevitable. We're only in the early stages of seeing what that will look like.
Asking questions about whether we want to help give companies the market position to become abusive makes the most sense early, not after it's already happened.
Perhaps I wasn't clear. The fact that some corporations do shady things does not mean it is inevitable that all corporations do it.
I'm arguing against the logic: "every big company always ends up being a den of advertising evil". Cherry picking examples like Google is not proof of this.
Not every company is Google or Facebook. Is Apple selling its soul to advertisers tomorrow? Is Netflix going to insert ad breaks every 5 minutes any day now? Is Tesla going to have you watch an ad every time you start the car?
I'm not sure how we got to it being strictly about advertising. Nor did I say 'all'. But the vast majority of corporations with the market power to leverage in shady ways for profit, do in fact do just that.
But they have built the perfect shim in the middle to do ALL of these things at some point in the future.
The only thing preventing it is a handful of moral executives, who someday will move on or retire. At that point a smart Wall Street type is going to figure out that a merger between CloudFlare and $adnetwork is going to generate a shit ton of money (think Google+DoubleClick).
I don't doubt that CloudFlare is full of smart well meaning people, but what they have built is a ticking timebomb. The solution is to have ten CloudFlares so that the path between consumers and websites isn't regulated by a single organization.
Edit: to be clear, the internet was successful because any host could talk to any other host. If people did dumb shit you could work around it in creative ways. Even in the most oppressive countries censorship is still bypassable. CloudFlare's business model is centered around convincing companies to effectively disconnect their services from the internet so they only talk to CF servers.