Turn off CloudFlare on counterparty.co PLz

Please turn off CloudFlare on counterparty.co.

http://www.cloudflare-watch.org/honeypot.html

Thanks

I just see speculation on that link.


http://blog.cloudflare.com/cloudflare-prism-secure-ciphers
http://www.washingtonpost.com/blogs/the-switch/wp/2013/09/12/cloudflare-ceo-says-insane-nsa-gag-order-is-costing-u-s-tech-firms-customers/
http://www.bizjournals.com/sanjose/news/2013/09/12/cloudflare-ceo-the-nsa-is-screwing-up.html
https://www.cloudflare.com/security-policy


We are primarily using Cloudflare for the DDOS protection and CDN capabilities that it offers. You will notice that many other bitcoin-type sites (such as btc-e.com, blockexplorer.com, etc) use it as well. If any information becomes available that Cloudflare has been cooperating/collaborating with the NSA, we will very quickly reconsider our position and take action. From what I can gather above, that is not the case, and their CEO is well aware that if he loses his clients’ trust, he loses his business.

http://blog.bitcoin-central.net/2014/02/19/the-cloudflare-mitm/

http://www.reddit.com/r/Bitcoin/comments/1yj948/the_cloudflare_mitm/

http://www.reddit.com/r/Bitcoin/comments/1au7db/cloudflare_the_panopticon_of_the_bitcoin_economy/

BTC-E? the Geocities of financial services

I’m considering it.


Will talk to the rest of the team here on Monday and this will be one of the topics.


The main reasons are the DDOS protection and CDN. We do have other DDOS protection, and we can use MaxCDN for the CDN.


I don’t believe that Cloudflare is funneling data to the NSA (etc), but I agree with you they are essentially SSL MITM by the nature of their business, and they are US based.

Ok, we’ve moved off of cloudflare, and I’ve reissued the SSL certs and applied them to the servers.


If for some case we get hammered with DDOSes that overwhelm our current defenses, I have to keep the cloudflare option open to a small degree. However, that will most likely not be the answer (we have alternatives). I agree that their SSL handling inherently has issues (i.e. MITM)