CloudFlare exploits the Tyranny of Convenience

2021-02-28 15:51:51 -05:00 · 2021-02-28 15:51:51 -05:00 · 013c478352
parent 3cb3dffe77
commit 013c478352
1 changed files with 8 additions and 1 deletions
--- a/rap_sheets/cloudflare.md
+++ b/rap_sheets/cloudflare.md
@ -4,10 +4,11 @@ CloudFlare is a vigilante extremist organization that takes the decentralized we

 1. CloudFlare mounts mutlifaceted attacks on **privacy**
    1. CloudFlare is a man-in-the-middle who [sees all traffic](http://cryto.net/~joepie91/blog/2016/07/14/cloudflare-we-have-a-problem) including usernames, unhashed passwords, and financial data within the HTTPS tunnel.  This is done surreptitiously.  CloudFlare sees [all the traffic](https://cypherpunk.is/2015/04/02/why-cloudflare-is-probably-a-honeypot).
+        1. CloudFlare sees all traffic to and from the database of the [Psono password manager](https://psono.com/security).  Even if Psono has an extra layer of encryption for cloud-stored passwords, CloudFlare still sees the password in the clear when supplied to the service that the user is logging into.  If a user has multiple accounts, CloudFlare is given enough information to associate the accounts together.  If a user uses an IP address for Psono that differs from the IP of the site they're logging into, CloudFlare can additionally associate IPs together to identify a Tor user or VPN user.
    1. Cloudflare has a policy to block all Tor users by default. It's a crude, reckless and unsophisticated (but cheap) way to create the illusion of security. [Collateral damage is high](https://blog.torproject.org/trouble-cloudflare). Privacy takes a global hit because Cloudflare has decided what best suits their business to the detriment of everyone else.  The impact is not only privacy while visiting the CloudFlare site. CloudFlare has proliferated to the point that users opt to abandon Tor entirely because solving 50+ CAPTCHAs every day is wholly impractical.  For a user to be effectively forced to abandon Tor is a colossal loss of privacy.
    1. CloudFlare helps spy orgs conduct illegal surveillance two ways:
        * damage to anonymity: CF deployed an [anonymity compromising](https://cryptome.org/2016/07/cloudflare-de-anons-tor.htm) Google reCAPTCHA from 2009 to mid-2020.  Apart from the direct compromise by the CAPTCHA, Tor users are also [driven off](https://people.torproject.org/~lunar/20160331-CloudFlare_Fact_Sheet.pdf) Tor in droves as a consequence of access inequality of Tor/non-Tor users (which constitutes a network neutrality abuse as access equality is central to net neutrality).
-        * centralization of copious data on this immeasurable scale within reach of any spy org will cause that spy org to [foam at the mouth](https://www.reddit.com/r/privacy/comments/b8dptl/another_landmark_day_in_the_war_to_control/ejxmmhq) -- and they will get access to it one way or another.
+        * centralization of copious data on this immeasurable scale within reach of any spy org will cause that spy org to [foam at the mouth](https://old.reddit.com/r/privacy/comments/b8dptl/another_landmark_day_in_the_war_to_control/ejxmmhq) -- and they will get access to it one way or another.
    1. ISPs collect data on their own customers and exploit it for profit in the US.  Under Obama it became illegal for an ISP to sell data collected on their customers without express consent. Trump [reversed](https://www.nbcnews.com/news/us-news/trump-signs-measure-let-isps-sell-your-data-without-consent-n742316) Obama's policy in 2017. In the absence of legal protections, Tor serves as a technical protection from ISP snooping.  CloudFlare's attack on Tor users facilitates privacy abuse by ISPs.
    1. The gratis service also raises the question about how CF is monetizing all that data that's exposed to them (which every CF user carelessly increases). They do not disclose to the public how they monetize that data, but what CF cannot hide is that they [seek to hire](https://web.archive.org/web/20200704235401/www.datayoshi.com/offer/595856/data-scientist-cloudflare) a machine learning data scientist with *big data* expertise for their marketing department.
    1. A CF customer who became increasingly concerned with CF's unchecked power deleted their account.  Two months after CF confirmed that the account was deleted, the customer [received an email](https://shkspr.mobi/blog/2019/11/can-you-trust-cloudflare-with-your-personal-data) from CF, proving the account had not been deleted.
@ -39,6 +40,11 @@ CloudFlare is a vigilante extremist organization that takes the decentralized we
 5. CloudFlare inflicts customers and web users with excessive **vulnerabilty** to exploits.
    1. CloudFlare's immense centralization becomes catastrophic when a single bug emerges.  The degree of damage is acutely heightened when over 10% of the web is subject to vulnerabilities on CloudFlare.  The enticement for malicious hackers to find a zero-day is also greatly heightened as a result of the widespread scale of impact.  *Cloudbleed* was a vulnerability that had serious widespread consequences.  Even a simple accident at CloudFlare like a one-line erroneous regular expression brought down a huge segment of the web on July 17th, 2020.  August 11-12: "Cloudflare went down and took over Discord [and some game program](https://nitter.net/RVWssb/status/1293371696418889730#m) (which proxies packets through Cloudflare)."
    1. A *tragedy of the commons* has manifested.  Website owners are baited to act independantly in their own self interest by using CloudFlare at no charge-- but each website that becomes part of CloudFlare shrinks the ethical decentralized web while incrementing the size of the centralized walled-garden which inflicts harm to everyone collectively.  Each website owner only perceives CloudFlare as solving their problem but unwittingly they create a host of new problems for everyone else.  It's a selfish move that occurs on a much larger scale than the quantity of selfish personalities because most of CloudFlare's patrons are kept in the dark as to the harm they're contributing to.
+        1. CloudFlare's proliferation is a product of the
+           *[Tyranny of Convenience](https://www.nytimes.com/2018/02/16/opinion/sunday/tyranny-convenience.html)*.
+           They've made it so easy for website owners to proxy
+           their website that a rapid spread exacerbates the *tragedy
+           of the commons*.
 1. CloudFlare is detrimental to **availability**
    1. The CAPTCHAs are often broken.
        1. E.g.1: some browsers that block j/s always report errors communicating with the captcha server on all CF-pushed CAPTCHAs
@ -54,6 +60,7 @@ CloudFlare is a vigilante extremist organization that takes the decentralized we
        1. A study [finds](http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.296.9155&rep=rep1&type=pdf) that collective punishment is strictly counterproductive.  <!-- http://www.nyu.edu/gsas/dept/politics/faculty/dickson/dickson_collectivepunishment.pdf-->
 1. CloudFlare's detriment to **democracy**
    1. CF impedes petition signing on change.org, moveon.org, and actionnetwork.org.  Voters who are blocked by CF's access restrictions are effectively denied participation in democratic processes.
+    1. CF blocks voters from accessing information about candidates published on sites like www.opensecrets.org.
    1. Voter suppression: CF impedes voter registration, disenfranchising voters in 8 US states (16% of voter registration sites).
 1. CloudFlare's **censorship** and reduced access to educational material
    1. CloudFlare restricts access to scientific papers.