Open Still34 opened 1 year ago
dangeredwolf
commented
1 year ago FixTweet was written with the Cloudflare Workers runtime in mind, so if you want to self-host it you can self-host the workerd platform. For most people though I would recommend just using Workers themselves. I'm not entirely sure what would be the best in this case.
dangeredwolf
commented
8 months ago The Hono rewrite (#479) may make it easier to run things on other platforms so it may become supported
wolfsprite
commented
8 months ago pre-PS: Sorry for the length.
I have to say, "built with privacy in mind" but "written specifically with Cloudflare Workers in mind" do not go together at all. :(
In fact, I have Cloudflare blocked with Noscript by default. Yes that sadly makes a lot of websites break initially. Yes I find that worth it.
For one thing, Cloudflare literally started due to the US Department of Homeland security being interested in data collected from the CEO's previous website, named "Project Honeypot".
Matthew: Back in 2003, Lee Holloway and I started Project Honey Pot as an open-source project to track online fraud and abuse. The Project allowed anyone with a website to install a piece of code and track hackers and spammers. We ran it as a hobby and didn't think much about it until, in 2008, the Department of Homeland Security called and said, "Do you have any idea how valuable the data you have is?" That started us thinking about how we could effectively deploy the data from Project Honey Pot, as well as other sources, in order to protect websites online. That turned into the initial impetus for CloudFlare.
Mr Prince recalls: "They said 'do you have any idea how valuable the data you have is? Is there any way you would sell us that data?'. "I added up the cost of running it, multiplied it by ten, and said 'how about $20,000 (£15,000)?'. "It felt like a lot of money. That cheque showed up so fast."
And he has not shied away from his connections with government; his LinkedIn used to mention his work for law enforcement, though seems to have been replaced with mention of him being a member on the Council of Foreign Relations.
And then there was Cloudbleed. https://www.howtogeek.com/295677/what-is-cloudflare-and-did-it-really-leak-my-data-all-over-the-internet/
Cloudbleed was a Cloudflare buffer overflow disclosed by Project Zero on February 17, 2017. Cloudflare's code disclosed the contents of memory that contained the private information of other customers, such as HTTP cookies, authentication tokens, HTTP POST bodies, and other sensitive data.
This data could have included all kinds of sensitive data, including usernames, passwords, private messages, OAuth tokens, and a lot more. Even worse, some of that data was indexed and cached by some search engines (about 700 pages, according to Cloudflare), so if you knew what to search on Google, you could find sensitive data from users logging in at the time of a specific leak.
Tavis Ormandy initially stated that he was "really impressed with Cloudflare's quick response, and how dedicated they are to cleaning up from this unfortunate issue." However, when Ormandy pressed Cloudflare for additional information, "They gave several excuses that didn't make sense," before sending a draft that "severely downplays the risk to customers."
++ found this out while searching for sources to share.. "security expert" publicly known to have helped cover a breach at Uber went on to work for Cloudflare for a few years, literally the year after.
Sullivan, who was fired from Uber in 2017, was found guilty on two counts, namely obstruction of justice and deliberate concealment of felony.
“Sullivan affirmatively worked to hide the data breach from the Federal Trade Commission (FTC) and took steps to prevent the hackers from being caught,” said Stephanie Hinds, US Attorney for the Northern District of California. The case pertains to a breach at Uber’s systems that affected data of 57 million passengers and drivers. The company did not disclose the incident for a year.
https://www.cnn.com/2022/10/05/tech/former-uber-security-chief-guilty/index.html
In November 2017, Sullivan and Craig Clark, a senior lawyer at the company, were fired for allegedly covering up a major data breach in 2016 and paying hackers $100,000.
In May 2018, Sullivan joined Cloudflare as the company's first Chief Security Officer.
https://en.wikipedia.org/wiki/Joe_Sullivan_(Internet_security_expert)
Some more thoughts by others below. Sadly a lot of the older sites providing evidence about Cloudflare being sketchy seem to be gone, delisted, or hard to search for.
https://web.archive.org/web/20170721161127/http://www.crimeflare.us/honeypot.html
https://www.reddit.com/r/privacy/comments/d52kop/eli5_why_cloudflare_is_depicted_as_evil_and_whats/
https://web.archive.org/web/20180307003557/https://www.crimeflare.org/
edit: Kind of wishing I had posted this as its own issue, now looking back on it, but I'm iffy on deleting and reposting after the fact. :/
dangeredwolf
commented
8 months ago @wolfsprite I understand that people have reservations about using Cloudflare. My main focus with FixTweet is to deliver as good of a user experience as possible to as many people as possible. I have my own concerns with Cloudflare (outside of the reasons you linked), but ultimately still use them because Cloudflare has a massive CDN and I am just one person. I'm already delivering terabytes of data per week before even factoring in how much Cloudflare caching helps. That's not to mention the DDoS protection. Basically no one else can accommodate something this large without charging me more money than Cloudflare will, so my hands feel fairly tied there. Also by far the most popular user agent sending us requests is Discordbot and Discord requests also go through Cloudflare, so even if we didn't use Cloudflare it's likely that much of the traffic we receive already went through Cloudflare anyway.
I do think I should de-emphasise Cloudflare in the project as ultimately, especially after moving to ES Module worker and rewriting the router in Hono, it should probably work fine in other standards-compliant environments (other than worker bindings and some diagnostic stuff maybe like fxtwitter.com/version). FixTweet is architected for the edge, but it doesn't necessarily have to be Cloudflare's. That said, my latest efforts recently have been focused less on features and more on pure reliability and better positioning the project for the future than trying to adapt my build process to accommodate more runtimes.
We talk about privacy in the project referencing that we don't have permanent logs for requests (other than from runtime errors [Sentry] and security events [Cloudflare]). It's mainly listed for historic reasons (because TwitFix, a different project, had a public tweet ledger and people did not take that well) FixTweet is designed to not require any kind of permanent database to work like some other similar projects, instead using edge caching to bridge the gap and serve requests faster.
I saw your comment before about my site requiring JavaScript. JavaScript is such an essential part of the modern web these days that it's something I don't really consider much for this specific case. My website is pretty out of date as it is anyway. Also that bad gateway on my legacy site means my php on my server I host my website on is fucked lol
wolfsprite
commented
8 months ago I really appreciate you taking the time out to reply, especially so detailed. :3
I had felt pretty anxious doing such an infodump about Cloudflare being icky, but it's something I've felt strongly about for a while, and I like to spread awareness when I can. Sounds like you're aware of issues and doing what you can, and I really respect that. I know that trying to decouple (especially from such an integrated part) is not an easy or quick task, and I thank you very much for addressing this issue.
I saw your comment before about my site requiring JavaScript. JavaScript is such an essential part of the modern web these days that it's something I don't really consider much for this specific case. My website is pretty out of date as it is anyway. Also that bad gateway on my legacy site means my php on my server I host my website on is fucked lol
I deleted that comment cos it looked like you fixed it a few minutes after? X3 and also I felt that leaving it there detracted from my other comment, especially after my own realization that I certainly had no way of knowing how that subdirectory mapped, :P
Also gosh, I haven't touched PHP much in almost a decade. flashbacks to errors
dangeredwolf
commented
8 months ago @wolfsprite oh yeah no I can't stand PHP xD
I only used some php to add some basic interactivity to my legacy website where older browsers have very hit-or-miss JavaScript implementations. I'm surprised if it randomly started working again cause I didn't change anything. I also use it to control the splash on my main website, where it says "Hello World" if php is broken oops
Summary
In the current README, the project expects the developer/user to deploy the system onto a Cloudflare Worker - perhaps a clarification could be added for users who do not wish to deploy onto such service?