this a bad idea?

  • ubergeek77@lemmy.ubergeek77.chat
    link
    fedilink
    English
    arrow-up
    5
    ·
    edit-2
    1 year ago

    You linked their DNS server, which is not their proxy, but yes I use both.

    Cloudflare often comes under fire for privacy concerns, but that’s literally true of every public DNS server out there. No one can feasibly run their own DNS server at home. Those requests ultimately have to go somewhere.

    I don’t use Google’s DNS server, because their business model relies on their ability to spy on you. Cloudflare’s business model relies on providing reliable network services, and maintaining public trust. In addition, the scale of surveillance they would have to do with the volume of requests they get per second is entirely unfeasible. They simply have too much data flowing through their servers for it to be reasonable.

    Could they be spying on me? Yes, but so could anyone, and among the options, they are the least motivated to do so.

    • Saik0@lemmy.saik0.com
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      No one can feasibly run their own DNS server at home. Those requests ultimately have to go somewhere.

      Recursive DNS servers will contact root DNS servers. You CAN run a recursive DNS at home quite easily. The only downfall is that root DNS typically doesn’t support any of the encrypted DNS options.

      • ubergeek77@lemmy.ubergeek77.chat
        link
        fedilink
        English
        arrow-up
        4
        ·
        edit-2
        1 year ago

        Right, and I would prefer to not accidentally make my home DNS server vulnerable to zone transfer attacks, or have all my requests leave my home unencrypted regardless. This can be done, but the risks and overhead outweigh the benefits.

        For my threat model (and probably most everyone’s), using Cloudflare’s encrypted DNS is good enough for me.

    • manitcor@lemmy.intai.techOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      the WARP proxy is the renamed ARGO proxy from thier Enterprise product. You can find info in thier docs. Its both thier DNS and the download page for the proxy software, scroll down.

  • tardigrada@beehaw.org
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    In 2016, CEO and co-founder Matthew Prince told the BBC about the beginnings of Cloudflare.

    Cloudflare’s roots go back to 2004 when Mr Prince and Cloudflare co-founder Lee Holloway were working on a computer industry project they called Honey Pot.

    The idea was that people with websites signed up for free, to install software which then tracked people who sent unsolicited emails.

    Five years later Mr Prince was doing a Master of Business Administration (MBA) at Harvard Business School, and the project was far from his mind, when he got an unexpected phone call from the US Department of Homeland Security asking him about the information he had gathered on attacks.

    Mr Prince recalls: "They said ‘do you have any idea how valuable the data you have is? Is there any way you would sell us that data?’.

    "I added up the cost of running it, multiplied it by ten, and said ‘how about $20,000 (£15,000)?’.

    “It felt like a lot of money. That cheque showed up so fast.”

    Mr Prince, who has a degree in computer science, adds: “I was telling the story to Michelle Zatlyn, one of my classmates, and she said, ‘if they’ll pay for it, other people will pay for it’.”

    And so the idea for Cloudflare was born, with Ms Zatlyn as its third co-founder.

  • Saik0@lemmy.saik0.com
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    I do. It can be a bad idea depending on your needs. But it’s possible to make it work and can have great benefits too.

    My lemmy instance (if that’s what you’re asking about) is proxied through Cloudflare too.

    I think I have like 3 things that need to skip their proxy to work properly. Email, Meshcentral, and TeamSpeak I think?

    • manitcor@lemmy.intai.techOP
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      I’ve been using it for small apps like this and served a minor data-api through it a couple years back, I found it mostly smooth and easy, I dont usually need more composition and if I do Ill use AWS or Azure. I found it to give a lot for your dollar if you are familiar with working things in cloud deploys to be cost effective.

      I’m considering expanding into the zero trust area and setting up some tunnels and support infra for my company.

      I’m concerned mainly with any pricing gotchas but If anyone has terrible horror stories of bad service, lost data or dodgy mgmt I am all ears.

      • Saik0@lemmy.saik0.com
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        I’ve not hit any pricing gotchas. They’ve made it really clear when you’re about to go somewhere that costs money (with clear “upgrade to pro” or “purchase” buttons if your account doesn’t have access to a feature) in my experience. Personally I run the free tier on all my domains (although I’m getting to the point where I’m thinking about the 20$ personal tier) and professionally I run a few sites on the 200$ business tier. In all cases and for all domains I’ve not seen anything that red-flagged for me as a problem. I think I’m quite sensitive to that sort of stuff personally. I’ve dropped vendors for pretty petty stuff professionally. Actually in the professional environment I have a case of a managed SIEM arguing about Cloudflare being at fault for an integration problem. Cloudflare’s documentation has been stable and actually leads me to believe cloudflare over the SIEM.

        Lost data would instantly make me look for alternatives. I don’t know much about dodgy management… but official support has been stellar and account managers have been very helpful while not pushing me into products that are not a good fit (literally had one of their engineers outright say, this isn’t the right product for you based on what you’ve told us while on a sales call).

        Your experience may vary… I could just be really lucky and happen to get the “right people”.

        • manitcor@lemmy.intai.techOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          thank you, this has been my experience as well, I have found them to have a solid system but its not for people use to CPanel or Wordpress.

          I have been well impressed, time to dive in some.

  • mrmanager@lemmy.today
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    1 year ago

    You are sending all sites you visit to Cloudflare instead of your ISP. Trust them more?

    I’m using https://www.quad9.net which I trust more personally. They explicitly say nothing is logged, and they provide automatic filter of known bad actors on the web.

    • manitcor@lemmy.intai.techOP
      link
      fedilink
      English
      arrow-up
      3
      ·
      edit-2
      1 year ago

      What specifically about CF is the problem?

      You are only the 2nd to seem to have an issue, Ive heard hate before but no one is ever specific.

      Is it just a “feeling”?

      • mrmanager@lemmy.today
        link
        fedilink
        English
        arrow-up
        0
        ·
        edit-2
        1 year ago

        I like my dns records private and not shared with a corporation. How about you?

        There is always Google dns otherwise. :)

          • mrmanager@lemmy.today
            link
            fedilink
            English
            arrow-up
            2
            ·
            edit-2
            1 year ago

            For me it’s excellent, I switched from Google dns to Cloudflare a few years back and now to quad. I honestly can’t say I notice any difference at all. You should try them. My impression is really good.

            I run a pihole dns server on my network configured to use quad with dnssec, so everyone in my family uses it and no complaints. :)

    • CodePy@livy.one
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      This is the best. DNS over TLS. It’s natively supported by Android, even iOS with a profile.