CloudFlare to launch its own 'high security' web domain registrar CloudFlare will this Wednesday launch its own internet domain registrar for wealthy customers who simply cannot have their websites hijacked. The business model of most registrars – the organizations you typically buy domain names from – is based upon volume, ie: selling as many names as possible and making the process as easy …
May domain owners remain completely anonymous for a certain fee? You know, to dissuade individuals from filing a lawsuit. Or maybe the operations of the domain are illegal in some/all countries and the operator does not want to worry about international prosecution. Such a feature would integrate well with other CloudFlare services.
Yep, CloudFlare is definitely the bulletproof service provider of choice for large-scale ROKSO spammers, malware distributors, and Eastern European organized crime.
I track all the spam I get. Right now, I'm receiving an average of 37 spam messages a day that evade my spam filters, 31 (about 84%) of which Spamvertised domains protected by Cloudflare. Cloudflare does nothing at all about spam or malware domains--their "security head" has told me on Twitter point-blank they don't care, so piss off--and phish and malware sites served by Cloudflare tend to remain active on Cloudflare's network forever.
I'm not sure how folks who started out as spam fighters ended up in the pockets of spammers, but it's a sad thing.
And I wish they wouldn't. It has not improved service for me and is just another link to go wrong. Also, I can no longer recommend El Reg articles to my security oriented friends because CloudFlare blocks Tor connections. They need to fix that.
"Also, I can no longer recommend El Reg articles to my security oriented friends because CloudFlare blocks Tor connections."
Eh? I quite regularly visit sites protected by CloudFlare over Tor, and have done so within the last couple of days. I typically have to answer a captcha to convince it I'm not some kind of bot, but it lets me in as long as I can do that.
"I quite regularly visit sites protected by CloudFlare over Tor, and have done so within the last couple of days."
Yes, I'm aware that they've recently changed the captcha so as to be easier. They used to be completely insolvable. Now they often work, though I just now checked and it took me about 5 tries. In any case, it makes a clear statement that CloudFlare and The Register do not support good security and wish to discourage those who do. Shame on them.
it makes a clear statement that CloudFlare and The Register do not support good security and wish to discourage those who do. Shame on them.
I would have 100% agreed with you before, but something has at least improved:
~$ dig +short theregister.co.uk
159.100.131.165
If you track that down, it appears that El Reg has at least switched its email to a UK based service owned by a Canadian supplier (at least the IP addresses are, according to RIPE), so there is hope yet (it used to be Google, accompanied by claims that "they use something more secure for leads" - yeah, right, as if that would convince the Snowdens of this world :) ). This is marginally better.
The problem that Clouidflare solved for volume sites is a reduced/cancelled risk of DDoS, but I would indeed never spool anything through them that needs discretion because you're handing off access data to a provider in what is presently one of the most questionable jurisdictions for privacy in the developed world, straight after China (let that irony sink in for the moment)...
it appears that El Reg has at least switched its email to a UK based service owned by a Canadian supplier
Dude, what's a dig for the A record on the naked domain got to do with where the _email_ is, in the presence of an MX record?
The A record for the naked domain pointing to our hosting provider peer1 simply means that if you type "theregister.co.uk" you hit our naked load balancer, and _then_ get redirected.
If you want to find out where the email is hosted, you ought to ask for the MX record?
➤ dig mx +short theregister.co.uk
If you want to find out where the email is hosted, you ought to ask for the MX record?
Still doesn't always give you the email service, because for many this simply points at the spam filter service (eg. Panda Cloud Anti-Spam) ...
Dude, what's a dig for the A record on the naked domain got to do with where the _email_ is, in the presence of an MX record?
You're right. It means I got up too early, that's all :). Alas, the situation has thus remained unchanged.
El Reg knows me well, because I have been working with email for considerably lot longer than the Net exists. I even had a spell doing nothing but conversions to/from SMTP email when the Internet started to gain prominence, with X400 to SMTP conversions being the most spectacular in ROI (in one case, a single month and a helpdesk getting hit with calls asking why email was suddenly so fast :) ).
.. before you should trust anything confidential to them.
1 - they are a US company. Why is that a problem? Well, Apple vs FBI is but a small example but there are disappointingly many others to choose from, and it's not an easy one to fix (think decades).
2 - there is this:
:~$ dig +short cloudflare.com mx
10 aspmx.l.google.com.
20 alt1.aspmx.l.google.com.
30 alt2.aspmx.l.google.com.
40 aspmx2.googlemail.com.
50 aspmx3.googlemail.com.
Case closed.
In the UHNW world, trust is everything. That requires first that the facts are actually in your favour, and being based in the US or US owned is in that context not exactly a recommendation.
"Well, Apple vs FBI is but a small example "
Lost me...A US company refusing to break customer protections for a government agency is grounds NOT to trust them?
No, it is a sign of a jurisdiction that doesn't see privacy as very important. That case is not about Apple, it is about manipulating the legal system because the Backdoor Zombie just does NOT want to die.
Most media organisations use https://securedrop.org/ for sensitive stuff
securedrop.org? Really?
:~$ dig +short mx securedrop.org
0 smtp.electricembers.net.
:~$ dig +short smtp.electricembers.net.
208.90.215.68
208.90.215.69
208.90.215.67
Plug that into IP bulk geolocation and you end up in..
.. the USA. Bzzzt.
Oh boy, oh boy. So many talk about privacy, so few actually have a clue.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
