{"id":1969,"date":"2023-04-05T00:23:41","date_gmt":"2023-04-04T18:53:41","guid":{"rendered":"https:\/\/judepereira.com\/blog\/?p=1969"},"modified":"2023-04-05T00:23:45","modified_gmt":"2023-04-04T18:53:45","slug":"cloudflare-zero-trust-gateway-and-net-neutrality","status":"publish","type":"post","link":"https:\/\/judepereira.com\/blog\/cloudflare-zero-trust-gateway-and-net-neutrality\/","title":{"rendered":"Cloudflare Zero Trust Gateway and Net Neutrality"},"content":{"rendered":"\n

TL;DR: This post isn’t merely a rant after Cloudflare’s recent outages, but rather meant to serve as an after-thought: is Cloudflare ruining the entire concept of a distributed internet? Is it on a path to violate Net Neutrality?<\/p>\n\n\n\n

Let’s analyse it a little bit.<\/p>\n\n\n\n

What is it?<\/h1>\n\n\n\n

Cloudflare’s Zero Trust Gateway<\/a> routes all internet traffic from your devices such as your laptop, via Clouldflare’s internet backbone. Most likely, your personal device wouldn’t be connected to the zero trust Gateway, since it’s almost always deployed by enterprise companies.<\/p>\n\n\n\n

What’s wrong with it?<\/h1>\n\n\n\n

The internet is de-centralised – no single authority can take it down, nor can control traffic across it. In its literal sense, “internet” means inter<\/strong>connected net<\/strong>works. This means that you’re reading this post through a bunch of networks that eventually connect to the host where this blog is hosted, in Amsterdam via Digital Ocean. The source of your connection could be anything – from a 5G capable device, a wired network connection being shared in a building, your ISP, etc. The list goes on an on. <\/p>\n\n\n\n

However, Cloudflare Zero Trust Gateway routes ALL<\/strong> your traffic through a bunch of proxies that Cloudflare exclusively controls:<\/p>\n\n\n\n

\"\"
Yes, Cloudflare actually runs an active MITM attack, decrypting all your TLS data.
Fuck off Cloudflare!<\/figcaption><\/figure>\n\n\n\n

And now we get to the real problem<\/strong>: when Cloudflare deploys a buggy version of their software, to the end user, that is to you, it appears as if the entire internet is down. You can’t get work done, nor can you do anything productive with that \u20ac3000 MacBook you’ve just bought. Surprisingly, this happens more often than not, especially in recent times.<\/p>\n\n\n\n

In the future, if Cloudflare Zero Trust Gateway captures any significant market share (hopefully unlikely), they can suddenly start to make decisions that violate Net Neutrality<\/a>.<\/p>\n\n\n\n

Net Neutrality<\/h1>\n\n\n\n

If you’ve never watched John Oliver’s take on Net Neutrality, watch it here<\/a>. ISPs have done such things in the past, and have managed to get away with it, albeit far fewer of those severely offending ISPs exist today (if somebody finds a valuable source for or against this, please post it in the comments). Of course, the giants still continue to live on.<\/p>\n\n\n\n

Final Notes<\/h1>\n\n\n\n

In order to preserve Net Neutrality, the openness of the internet, no single company should own a significant chunk of the internet traffic. If your company is pushing for Cloudflare Zero Trust Gateway, push your IT administrator to read this post<\/strong>, and help point them in the right direction.<\/p>\n","protected":false},"excerpt":{"rendered":"

Is Cloudflare ruining the entire concept of a distributed internet? Is it on a path to violate Net Neutrality? What can you do to prevent this?<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[12],"tags":[673,569,681,682],"class_list":["post-1969","post","type-post","status-publish","format-standard","hentry","category-misc","tag-cloudflare","tag-gateway","tag-net-neutrality","tag-zero-trust"],"aioseo_notices":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/pqtyx-vL","jetpack-related-posts":[{"id":2055,"url":"https:\/\/judepereira.com\/blog\/colima-cloudflare-zero-trust-on-apple-silicon\/","url_meta":{"origin":1969,"position":0},"title":"Colima & Cloudflare Zero Trust on Apple Silicon","author":"Jude Pereira","date":"March 18, 2024","format":false,"excerpt":"Install Colima via Homebrew: $ brew install colima $ colima start Add the Cloudflare Certificate Get inside the VM that Colima spawns: $ colima ssh jude@colima:\/Users\/Jude$ <\u2014 make sure that your prompt changes Download the Cloudflare Zero Trust certificate: $ sudo curl -k https:\/\/developers.cloudflare.com\/cloudflare-one\/static\/Cloudflare_CA.pem --output \/usr\/share\/ca-certificates\/cloudflare.crt $ sudo dpkg-reconfigure ca-certificates\u2026","rel":"","context":"In "miscellaneous"","block_context":{"text":"miscellaneous","link":"https:\/\/judepereira.com\/blog\/category\/misc\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1950,"url":"https:\/\/judepereira.com\/blog\/getting-the-aws-cli-to-accept-cloudflare-warps-root-certificate\/","url_meta":{"origin":1969,"position":1},"title":"Getting the AWS CLI to accept Cloudflare WARP’s root certificate","author":"Jude Pereira","date":"August 11, 2021","format":false,"excerpt":"Download, convert, and install the Cloudflare WARP root certificate into your local set of trusted root CAs, and then tell the AWS CLI to use it.","rel":"","context":"In "miscellaneous"","block_context":{"text":"miscellaneous","link":"https:\/\/judepereira.com\/blog\/category\/misc\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/judepereira.com\/blog\/wp-content\/uploads\/Screenshot-2021-08-11-at-17.27.10.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/judepereira.com\/blog\/wp-content\/uploads\/Screenshot-2021-08-11-at-17.27.10.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/judepereira.com\/blog\/wp-content\/uploads\/Screenshot-2021-08-11-at-17.27.10.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/judepereira.com\/blog\/wp-content\/uploads\/Screenshot-2021-08-11-at-17.27.10.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":1786,"url":"https:\/\/judepereira.com\/blog\/contributing-to-go-in-54-days\/","url_meta":{"origin":1969,"position":2},"title":"Contributing to Go in 54 days","author":"Jude Pereira","date":"October 8, 2017","format":false,"excerpt":"With absolutely zero knowledge of Go 54 days ago, I decided to contribute to the Go project. Why? Put simply, I was bored. The thrill of learning something new, and contributing to a massive OSS project like Go caught my attention. How? Find an issue that's tagged as\u00a0HelpWanted. There's a\u2026","rel":"","context":"In "another snippet | code"","block_context":{"text":"another snippet | code","link":"https:\/\/judepereira.com\/blog\/category\/code\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/judepereira.com\/blog\/wp-json\/wp\/v2\/posts\/1969","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/judepereira.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/judepereira.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/judepereira.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/judepereira.com\/blog\/wp-json\/wp\/v2\/comments?post=1969"}],"version-history":[{"count":4,"href":"https:\/\/judepereira.com\/blog\/wp-json\/wp\/v2\/posts\/1969\/revisions"}],"predecessor-version":[{"id":1974,"href":"https:\/\/judepereira.com\/blog\/wp-json\/wp\/v2\/posts\/1969\/revisions\/1974"}],"wp:attachment":[{"href":"https:\/\/judepereira.com\/blog\/wp-json\/wp\/v2\/media?parent=1969"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/judepereira.com\/blog\/wp-json\/wp\/v2\/categories?post=1969"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/judepereira.com\/blog\/wp-json\/wp\/v2\/tags?post=1969"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}