WingNews logo WingNews
top | item 23179249

(no title)

quit32 | 5 years ago

For one cloudflare is a lot more reputable than most US ISPs. Cloudflare explicitly says "We committed to never writing the querying IP addresses to disk and wiping all logs within 24 hours." https://blog.cloudflare.com/announcing-1111/

If gov tried to force CF to change that they would likely put up a huge public legal fight to prevent it whereas ATT / Verizon and Comcast would bend over backwards to secretly comply while also simultaneously seeing if they could inject some ads into the pages you visited.

discuss

order

quit32|5 years ago

Also worth noting that cloud flare is a large driving force behind encrypted SNI which is the last nail in the coffin for putting ISPs in the dark when your average consumer is browsing the net. https://blog.cloudflare.com/encrypted-sni/

Basically when you connect over https using TLS 1.2 to a site that is hosted on a shared server or behind a load balancer, your browser must tell it in clear text which host name it is trying to connect to. Encrypted SNI in TLS 1.3 also encrypts this info such that if you are also using DoH or DNS over TLS to encrypt DNS query then the ISP can only see the IP of server you connect to which is often going to be a huge cloud provider's load balancer that might serve hundreds or more different sites throughout the day / at the same time.

lonelappde|5 years ago

Does CloudFlare have multiple external auditors verifying their claims?

quit32|5 years ago

Literally the next para in that blog - "we committed to retaining KPMG, the well-respected auditing firm, to audit our practices annually and publish a public report confirming we're doing what we said we would."

In addition Mozilla put them through a rigorous process when selecting them as their default DoH provider which included them contractually agreeing to adhere to their stated policy. https://wiki.mozilla.org/Security/DOH-resolver-policy

billme|5 years ago

[deleted]