I remember back when they started offering DNS, asking myself "Why should I trust them? I trust my ISP more than Cloudflare given that we already have a business relationship."
Now they're doing dodgy things like this. A little bell rang in my head "I knew it!"
There's a good bet that soon SSL will be fully required by major browsers. This is good for security, but it's also symbolic:
Now you need someone's permission to put up a web server.
Now, LetsEncrypt is great and grants SSL certs freely. But what if they go away?
Maybe I'm overreacting, or being needlessly paranoid, but I don't like the way the Internet is going. As soon as too few hands have too much power, those hands can become corrupt.
Anyway, that's another rambly thread from me. :)
@zorinlynx *sighs* yeah.
It'd be really good if we normalized self-signed certs and pinning, like Mumble does.
@zorinlynx I don't think this is needlessly paranoid: Cloudflare's prevalence has already caused major global disruptions to Web traffic when they've had an outage.
@zorinlynx hear me out: decentralized "dns" except it's a new naming system. The system in use is just weird, and not so decentralized.
@zorinlynx I fully agree with the points you make in this thread.
Let's Encrypt is fine and dandy now, but if they go away it will be barrier for site owners to get SSL working. They might don't have the money or knowledge to get it otherwise.
Other people are fucked in that situation as well, because a lot of webhosts who offer SSL with their plan use Let's Encrypt for that...
But yeah, the way the internet s going it is not going to be inclusive at all. Which is worrying.
@zorinlynx It's not even that impenetrable, what with deep packet inspection and such; it causes trouble with self-signing; and maybe you've heard how it prevents caching, and thus good service, in remote locales with poor connection.
@zorinlynx It's a gung-ho kind of security and privacy, typical of tech-happy techies who don't know much about anything else (and when all you have is a hammer...)
@emacsen @zorinlynx definitely think you missed the point here
yes, you can still technically put up a website without ssl in the situation that's described here, but if everyone's browser requires it and there isn't a free method of getting SSL certificates and everyone's browser mandates SSL, well now you've just made a website no one can look at
I don't think I missed it at all.
The point was "What it takes to put up a website?" and more precisely- do we have a reliance on centralized entities for putting up a website.
SSL is such a centralized mechanism.
And so is DNS. DNS is a system that is controlled by a central entity, where your name is rented, not owned, and can be taken from you at any time.
This is no joke and very concerning.
@emacsen @zorinlynx @Lyude All of these problems could be solved easily by using Tor.The .onion domains don't belong to anyone and are automatically generated.It doesn't use centralized certificate authorities but its own encryption instead which works fully decentral (yes,it's encrypted,even if the browser shows http) and additionally you get great privacy and anonymity.I really don't understand why .onion sites aren't used more 🤔
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!