This content originally appeared on DEV Community and was authored by Lucas Bustamante
tl;dr
Howdy devs, before I raise some questions, I would like to pave the way with some context on exactly WHY I'm raising them. I'm bringing this up for discussion for the sake of internet privacy worldwide.
Why would the government need something like Cloudflare?
We are living in the era of the big data analytics.
When data is collected through means of traffic-sniffing by a man-in-the-middle, such as government agencies, a big problem they face is encryption.
The NSA has already sorted out the part of how to "collect data", but with the big push for encryption after Snowden came out, they collect a bunch of encrypted data that they can't use, even with decryption programs such as BULLRUN.
Cloudflare is the only thing that can break encryption on a large scale, as it holds the SSL encryption for both ends of the connection, since it is a man-in-the-middle itself by definition.
Department of Homeland Security? Didn't Matthew Prince and 2 others invented Cloudflare?
Kind of.
Back in 2003, Lee Holloway and I started Project Honey Pot as an open-source project to track online fraud and abuse. The Project allowed anyone with a website to install a piece of code and track hackers and spammers. We ran it as a hobby and didn't think much about it until, in 2008, the Department of Homeland Security called and said, 'Do you have any idea how valuable the data you have is?' That started us thinking about how we could effectively deploy the data from Project Honey Pot, as well as other sources, in order to protect websites online. That turned into the initial impetus for CloudFlare.
Some interesting facts about Cloudflare:
- It launched in Oct 1, 2010. The Department of Homeland Security did the kick-off call around 2008~2009.
- In 2017, Cloudflare estimated to proxy around 10% of all the traffic of the internet.
- Only 4~5% of the sites it protects are paying customers. (Subjective: If you aren't paying, you are the product)
"Our vision is that we are going to power the internet"
Matthew Prince, at the Cloudflare launch on TechCrunch on 2010.
It's a bold statement for a company that wasn't even being considered to be created a couple months before.
There's no mention about the kick-off from the Department of Homeland Security in 2008~2009 in Cloudflare's Our Story page or Wikipedia.
This is weird, as Cloudflare wouldn't exist without them.
Who built Cloudflare?
What exactly happened between that call from the Department of Homeland Security in 2008~2009 and the launch on Oct 1, 2010?
You can see in the 2010 launch video that Cloudflare was already a mature product at launch, with the basis to achieve the ambition of "powering the internet" from day one, with a seamless integration with Hostgator, which powered 2% of the internet traffic at the time.
You need highly skilled personnel to put that off, how did a Harvard student pull that out in one and a half year?
Questions that needs answers:
Based on this, these are the questions I'd like to raise for discussion with the Dev community to validate/invalidate my claims so far.
- Can we use Cloudflare reverse proxy without giving up encryption of data?
- Am I correct to assume Cloudflare bypasses encryption on a large scale, having access to unencrypted content for all requests/responses it handles? (10% of the internet)
- Am I correct to assume this is the only way of breaking encryption at large scale and still be able to do Big Data analytics with raw traffic sniffing, such as what NSA has been disclosed by Snowden to be doing?
- What is the kind of technical knowledge necessary to create the Cloudflare application from 2010, as you can see a detailed break down of the features available starting from minute 4:20 of this video?
- What's the time frame and expected team size to create such application to be production-ready to be used, for instance, by Hostgator (~2% of the internet traffic at the time)?
This content originally appeared on DEV Community and was authored by Lucas Bustamante
Lucas Bustamante | Sciencx (2021-10-11T21:51:17+00:00) Am I crazy, or Cloudflare is a U.S government spying tool created by the Department of Homeland Security?. Retrieved from https://www.scien.cx/2021/10/11/am-i-crazy-or-cloudflare-is-a-u-s-government-spying-tool-created-by-the-department-of-homeland-security/
Please log in to upload a file.
There are no updates yet.
Click the Upload button above to add an update.