this post was submitted on 09 Jan 2024
40 points (95.5% liked)

Selfhosted

39964 readers
238 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

I read a comment on here some time ago where the person said they were using cloudflared to expose some of their self-hosted stuff to the Internet so they can access it remotely.

I am currently using it to expose my RSS feed reader, and it works out fine. I also like the simplicity of Cloudflare's other offerings.

Any thoughts on why cloudflared is not a good idea? What alternatives would you suggest? How easy/difficult are they to setup?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 10 months ago* (last edited 10 months ago) (2 children)
Subject to the terms of this Agreement, you hereby grant us a non-exclusive, fully sublicensable, worldwide, royalty-free right to collect, use, copy, store, transmit, modify and create derivative works of Customer Content, in each case to the extent necessary to provide the Services.

You'll have to be fine with Cloudflare having any and all rights to the data transmitted through the tunnel, while you in return have none. They pinky promise not to fuck you over, but they also promise to legally burry you for any infringement at their discretion.

For me, this is a non-starter.

[–] [email protected] 2 points 10 months ago (1 children)

This is disingenuous.

The full clause says...

You and your End Users (as such term is defined in the Privacy Policy) will retain all right, title and interest in and to any data, content, code, video, images or other materials of any type that you or your End Users transmit to or through the Services (collectively, “Customer Content”) in the form provided to Cloudflare. Subject to the terms of this Agreement, you hereby grant us a non-exclusive, fully sublicensable, worldwide, royalty-free right to collect, use, copy, store, transmit, modify and create derivative works of Customer Content, in each case to the extent necessary to provide the Services.

So to paraphrase, you retain your interest, but assign sufficient rights to cloudflare for them to provide the service you're using. For example, they can't give you a CDN if you don't give them the right to transmit your data.

[–] [email protected] 1 points 10 months ago (1 children)

Disagree. "Necessary to provide the service" means whatever they want it to mean. If they deem it necessary to monetize your data so they can offer you their service "for free", that is well within their right to do. The fact that you " retain all rights" just means you can use your data too without asking Cloudflare for permission.

[–] [email protected] 1 points 10 months ago (2 children)

Surely you have to acknowledge that it's disingenuous to copy the last sentence of the clause and omit the first sentence that says the exact opposite of the point you're trying to make.

You're reading "bad faith" into the vagaries of a terms & conditions document. T&Cs will never say "we will never monetise this data", that's just not how T&Cs work, and it's naive to conclude that the absence of such a statement means that cloudflare intends to monetise the data.

If you look at cloudlfares strategy here, they want to be the sweetheart of everyone who knows what a VPN is in order that they will be selected by those people for corporate projects. Monetising the data that flows through their network is antithetical to that objective.

Additionally I would venture that the data doesn't really have any value, it would be impossible to use it to build data about an individuals browsing or buying habits.

[–] [email protected] 1 points 10 months ago (1 children)

Surely you have to acknowledge that it's disingenuous to copy the last sentence of the clause and omit the first sentence that says the exact opposite of the point you're trying to make.

No it doesn't. The first sentence does not state anything that is not already clarified by law. Hence, it adds zero value to the actual meaning of the paragraph.

You are a person. Your basic human rights are guaranteed to you by law. Given that, you hereby grant me the right to enter your house and shave your head at my discretion and however often I wish, if I deem it necessary to provide to a free service that I don't classify further in this agreement.

Same thing, you can say if I redact the first two sentences from the quote I'm being disingenuous, but really I'm just trying to get one over on you by making you feel like you have some control in this when in actually you do not.

[–] [email protected] 2 points 10 months ago

The first part of the sentence you quoted says "subject to the terms of this agreement". The most salient part of the agreement is the sentence you omitted.

Your claim was:

You’ll have to be fine with Cloudflare having any and all rights to the data transmitted through the tunnel, while you in return have none.

... and you omitted the sentence which describes the rights you have as the user, contradicting your assertion that users have none. If you don't think that's disingenuous then I don't know what to tell you mate.

[–] [email protected] 1 points 10 months ago (1 children)

If you look at cloudlfares strategy here, they want to be the sweetheart of everyone who knows what a VPN is in order that they will be selected by those people for corporate projects. Monetising the data that flows through their network is antithetical to that objective.

This is just naïve. Cloudflare is a business and if they see more value in selling you out, and legally you agreed they may, then they will. Acting "antiethical" has never stopped a big player from infringing on the rights of small players, especially in the tech industry where individuals essentially have zero rights.

Additionally I would venture that the data doesn't really have any value, it would be impossible to use it to build data about an individuals browsing or buying habits.

Interesting. I would pay you $5 monthly for all the data going through your tunnel under the same conditions that cloudflare requires you to agree to. How about it?

[–] [email protected] 1 points 10 months ago

Cloudflare is a business and if they see more value in selling you out, and legally you agreed they may, then they will.

Exactly. My whole point is that there's no value in selling you out. Their whole strategy is to garner favor with privacy conscious individuals like your good self.

Acting “antiethical”

You realise antiethical is not a word right?

I would pay you $5 monthly for all the data going through your tunnel

I don't actually use any cloudflare products. However, I believe this is more or less the crux of our delightful tête-à-tête: how do you propose to derive value from my data?

[–] [email protected] 1 points 10 months ago

Eh. ISPs in the US are much the same.