They get shit on a lot here. Why? What do they do and how is that different from other companies that offer similar services?

What I know of them: they offer DDS brute force/spam protection for websites.

  • slazer2au@lemmy.world
    link
    fedilink
    English
    arrow-up
    145
    ·
    11 months ago

    I wouldn’t call it hate, just concern.

    Cloudflare acts as a front door to many sites and as such your TLS session is terminated at Cloudflare, then CF makes a additional session from themselves to the target site.
    This is concerning as that means CF can see all of your data.

    • kn33@lemmy.world
      link
      fedilink
      English
      arrow-up
      42
      arrow-down
      3
      ·
      11 months ago

      It’s worth mentioning the advantage of why they do this. There are several reasons, but the two most common are:

      • Seeing the data means they can do a better job at detecting attacks and fending them off.

      • They can issue certificates with longer lives from their private CA which simplifies certificate management for their customers.

      • slazer2au@lemmy.world
        link
        fedilink
        English
        arrow-up
        41
        arrow-down
        1
        ·
        11 months ago

        considering they are a US company they are bound by US warrantless wiretapping laws.

      • lemmyng@lemmy.ca
        link
        fedilink
        English
        arrow-up
        22
        arrow-down
        1
        ·
        11 months ago

        Plus other capabilities like injecting banners, caching, etc

      • Snot Flickerman@lemmy.blahaj.zone
        link
        fedilink
        English
        arrow-up
        17
        ·
        edit-2
        11 months ago

        While true, and I am not a hater of Cloudflare:

        Keyless SSL is only available to Enterprise customers that maintain their own SSL certificate purchased from a valid Certificate Authority. Cloudflare does not supply any certificates for use with Keyless SSL.

        I’m not part of any Enterprise organization and I’m too poor to sign up for Enterprise level service, and so I am unable to use their Keyless SSL.

        Just for example. Sometimes it’s not that we don’t want to but can’t afford to, especially if we’re just Joe Schmoe running a handful of services on a server box.

        Once again, I have no issues with Cloudflare myself, and personally have a decent amount of respect for them.

        I’m just saying getting access to the Keyless SSL is less easy than you made it sound.

        • gencha@lemm.ee
          link
          fedilink
          arrow-up
          2
          ·
          10 months ago

          I get that. If you’re not paying for a service, there’s still a price. There are no companies out there doing you any favors, only those that make you believe they do.

          Clouflare is okay. Don’t trust anything apparently free ever

        • gencha@lemm.ee
          link
          fedilink
          arrow-up
          3
          ·
          10 months ago

          If you’re not paying money for a service, you’re paying another way

      • ISometimesAdmin@the.coolest.zone
        link
        fedilink
        arrow-up
        4
        arrow-down
        3
        ·
        11 months ago

        Right?? To let your website be susceptible to that kind of act by anyone means that you probably didn’t really care about security in the first place, so much as just getting the magic lock icon happy.

        • zeluko@kbin.social
          link
          fedilink
          arrow-up
          3
          ·
          11 months ago

          Magic lock icon is easy, hard is it to block attacks and being able to do very little about it.
          Spoofed packets, server providers not caring what their customers do, many abuse email adresses dont even work.
          Keyless SSL would be nice and i’d use it. I have my own keys, but its for Enterprise customers only.

          I am not using Cloudflare as i dont like them handling like 80% of all traffic. But as website owner i can understand why someone would still choose them…