@robert_a : Clouflare is primarily a CDN company.
CDN proxy servers
———————————
Cloudflare owns proxy servers in most worldwide networking centers, typically one near you:
you <--> proxy server <--> real server
Their proxy servers (like Fastly) typically cache static comtent.
Advantages:
———————
• Faster speed for you.
• DDoS protection for the actual servers.
Disadvantages for you:
—————————————
• Your browser has an E2EE connection to a Cloudflare proxy server, NOT to the actual server. You have no idea regarding the security of the connection between the Cloudflare proxy server and the actual server, nor how well Cloudflare checks the authenticity of the remote server (even http, a self signed or a revoked certificate might be used without you knowing it).
• You don't know the server's IP address (and therefor you don't know which party hosts it in which country - which may be Russia or China) allowing malicioius servers to "hide" behind Cloudflare IP addresses.
• You can't block Cloudflare IP adresses without experiencing a lot of false positives (one Cloudflare IP adress is used to proxy thousands of servers). Cloudflare IP-addresses for a server often change, making it harder to block anything. This makes CDN's the perfect hiding place for malicious websites.
• Cloudflare has access to HUGE amounts of -unencrypted- internet traffic, which is an ENORMOUS privacy risk.
• As a US company, Cloudflare has to deal with FISA section 702. Three-letter agencies love Cloudflare.
Hosting
—————
In addition, Cloudflare hosts mostly free *.pages.dev and *.workers.dev sites which are abused *A LOT* for malicious purposes. One year ago (it didn't stop, on the contrary): https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/its-raining-phish-and-scams-how-cloudflare-pages-dev-and-workers-dev-domains-get-abused/
Root cause of rising cybercrime stats
—————————————————————
Cybercriminals can, mostly anonymously, obtain domain names and hire server space. And the get https certificates for free (*). That would not be a big problem if browsers would distinguish between cheap junk on the web and reputable web sites (they don't because that would cause big tech to earn less).
(*) If websites like the following *look* real, how can one possibly know that they're fake? (a few of loads of examples):
• https:⁄⁄formula1-tickets.com
• https:⁄⁄paris24tickets.net
• https:⁄⁄robbiewilliams-tickets.com
• https:⁄⁄page.facebook-guidelines.com
• https:⁄⁄adobe-pdf-online.com
• https:⁄⁄accounts.hetzner.com.do
Internet is criminalizing more every day.
@GossiTheDog @campuscodi
#CloudFlare #Fastly #InfoSec #Cybercrime #FakeSites