Do you use Cloudflare?

Do you use Cloudflare with XenForo?

  • Yes, I pay for it on at least one of my sites

    Votes: 22 23.9%

  • Yes, I use the free version

    Votes: 41 44.6%

  • No, but I've been thinking about it though

    Votes: 4 4.3%

  • No, I choose not to use it

    Votes: 24 26.1%

  • Never heard of it

    Votes: 1 1.1%
  • Total voters
    92
MySiteGuy said:
They are in fact correct that Google's services can be a privacy violation.

For that matter, visiting any website their web server logs can have sites people are visiting from, what browser is used (and in many cases, the browser's plug-ins), IP addresses and from IP addresses, geo-location.
Click to expand...
Oh really? Who would have guessed that... :rolleyes:

MySiteGuy said:
If you think you're any better off with other countries, looked up the recent raids and server confiscations in the Netherlands, a country famed for its so-called privacy protections.
Click to expand...
The netherlands have historically been famous for very liberal hosting and freedom of speech. The have a long tradition for hosting sites, that in other countries were endangered to be shut down. It got a little stricter in recent years as far as I can judge, however - most of the filthy traffic that hits my forum and comes from within the EU comes from the Netherlands. Raids and server confiscations there typically would have a very good reason. Anyway it would be way way bette than hosting in the US (or using US based services or services providers) where since the patriot act from 2001 no privacy is guaranteed and even less if you are not a US citizen. It got way worse since then and with the current government it is no better than any dictatorship state. With the system of subpoemas you can be spied at easily and to not even get informed. There is a reason why there are such things as warrant canaries...

en.wikipedia.org

Warrant canary - Wikipedia

en.wikipedia.org en.wikipedia.org

A company that decypts large amounts of web traffic and has so full access to it's content is a perfect target for "agencies". If this company resides in a country where those agencies not only can force companies to secretly hand over user data but also have a proven history in doing so I would call that a problem.

ES Dev Team said:
They're a publicly traded corporation and have incentives to do evil things to make money.
Very few publicly traded corporations don't eventually start abusing the market position that users give them.
But once they get a large amount of the market, that's usually when the abuse starts.
Click to expand...

MySiteGuy said:
Cloudflare already has 82% of the reverse proxy market share, and 20% of all websites go through them. Rather than abusing their market position, I've seen them increase efforts at transparency, and they are one of the most transparent companies out there.
Click to expand...
You may want to read this blogpost and the comments below it:

robindev.substack.com

Cloudflare took down our website after trying to force us to pay 120k$ within 24h

TL;DR:
robindev.substack.com robindev.substack.com

Cloudflare seems pretty dedicated and pretty transparent but it also seems they do have a dark side.
 
Last edited:
We also start to see the issue that happens when you have a single point of failure - which there is with cloudflare: In Spain, during football matches cloudflare is blocked due to antipiracy. This has been ruled by a court and does affect most sites that use cloudflare as it seems - if you use couldflare your forum will not be reachable from Spain during football matches:

La Liga: Blocking of Cloudflare IPs in Spain – Cybersecurity Advisors Network

cybersecurityadvisors.network cybersecurityadvisors.network

www.laliga.com

Official statement

In relation to the blocking of IPs during the recent EA SPORTS LALIGA matchdays linked to illegal Cloudflare practices.
www.laliga.com www.laliga.com

techlapse.com

Spanish ISPs Block Cloudflare IPs during LaLiga Matches

Spanish users experience widespread outages of Cloudflare-hosted websites as of October 18, after LaLiga initiates IP blocks to stop illegal football streams.
techlapse.com techlapse.com
 
smallwheels said:
Oh really? Who would have guessed that... :rolleyes:


The netherlands have historically been famous for very liberal hosting and freedom of speech. The have a long tradition for hosting sites, that in other countries were endangered to be shut down. It got a little stricter in recent years as far as I can judge, however - most of the filthy traffic that hits my forum and comes from within the EU comes from the Netherlands. Raids and server confiscations there typically would have a very good reason. Anyway it would be way way bette than hosting in the US (or using US based services or services providers) where since the patriot act from 2001 no privacy is guaranteed and even less if you are not a US citizen. It got way worse since then and with the current government it is no better than any dictatorship state. With the system of subpoemas you can be spied at easily and to not even get informed. There is a reason why there are such things as warrant canaries...

en.wikipedia.org

Warrant canary - Wikipedia

en.wikipedia.org en.wikipedia.org

A company that decypts large amounts of web traffic and has so full access to it's content is a perfect target for "agencies". If this company resides in a country where those agencies not only can force companies to secretly hand over user data but also have a proven history in doing so I would call that a problem.




You may want to read this blogpost and the comments below it:

robindev.substack.com

Cloudflare took down our website after trying to force us to pay 120k$ within 24h

TL;DR:
robindev.substack.com robindev.substack.com

Cloudflare seems pretty dedicated and pretty transparent but it also seems they do have a dark side.
Click to expand...
You're not telling me something I don't already know. I've made note of warrant canaries since the mid-early 2000s. Cloudflare has finer grained canaries than most - listing things they don't do - and when one of those things disappears you know law enforcement forced them.

Not using Cloudflare isn't going to protect a site from law enforcement's prying eyes if they want access, and anyone thinking they are safer from law enforcement by not using a proxy is living under a false sense of security. Unless you're hosting on your own locked location, it's not much harder for law enforcement to get a warrant for direct access to a server, or VM, than it is to get it from Cloudflare.

And a company complaining about Cloudflare removing them, and yet admitting they were likely violating Cloudflare's terms*, is a terrible example, especially since we only have one side of the story. Things like this can happen with companies on Cloudflare, AWS, Azure, etc. and pretty much every cloud provider if you violate their terms. Considering the millions of websites using them without these sorts of complaints, their track record is damn good.

(PS. Frankly, if anyone is worried about the content they have being accessed by law enforcement, they are probably not someone I want to do business with.)
 
You must log in or register to reply here.

Similar threads

Grover
Setup Cloudflare on vBulletin 3.8.11 (preparing to switch to Xenforo)
Replies
12
Views
269
Ricsca
Ricsca
V
Using XenForo With Cloudflare
Replies
1
Views
93
Mr. Jinx
Mr. Jinx
Jeffin
Migrate forum off Centmin Mod → Ubuntu 24.04 (DO) + Cloudflare – build, move, harden, document
Replies
3
Views
145
Slavik
Slavik
Mike Fara
Session Validator for Cloudflare [Deleted]
Replies
5
Views
138
Mike Fara
Mike Fara
turtile
How to Configure DirectAdmin/Cloudflare for DKIM
Replies
2
Views
59
Alvin63
A
Back
Top Bottom