Nearly every website today seems to be hosted behind Cloudflare which is really concerning for the future of privacy on the internet.
Cloudflare no doubt logs, stores, and correlates network telemetry that can be used for a wide array of deanonymization attacks. Not only that, but Cloudflare acts as a man-in-the-middle for all encrypted traffic which means that not even TLS will prevent Cloudflare from snooping on you. Their position across the internet also lends them the ability to conduct netflow and traffic correlation attacks.
Even my proposed solution to use archive.org as a proxy is not a valid solution since I found out today that archive.org is also hosted behind Cloudflare…
So what options do we even have? What privacy concerns did I miss, and are there any workaround solutions?
What’s your threat model? Adjust accordingly.
The situation is, what it is, but there’s a wide range of actions one can take that fall between the two poles of do nothing and burn all internet enabled devices.
Forget about threat model. It’s becoming increasingly an irrelevant concept, as we reach total globalization and centralisation of all of these global companies.
It’s frustrating, but it could be addressed by the EU members just like how they always have blew up Google so many times on so many occasions by suing them millions of dollars.