back to article CloudFlare to launch its own 'high security' web domain registrar

CloudFlare will this Wednesday launch its own internet domain registrar for wealthy customers who simply cannot have their websites hijacked. The business model of most registrars – the organizations you typically buy domain names from – is based upon volume, ie: selling as many names as possible and making the process as easy …

  1. Kevin McMurtrie Silver badge
    Pirate

    Bullet proof

    May domain owners remain completely anonymous for a certain fee? You know, to dissuade individuals from filing a lawsuit. Or maybe the operations of the domain are illegal in some/all countries and the operator does not want to worry about international prosecution. Such a feature would integrate well with other CloudFlare services.

    1. Franklin

      Re: Bullet proof

      Yep, CloudFlare is definitely the bulletproof service provider of choice for large-scale ROKSO spammers, malware distributors, and Eastern European organized crime.

      I track all the spam I get. Right now, I'm receiving an average of 37 spam messages a day that evade my spam filters, 31 (about 84%) of which Spamvertised domains protected by Cloudflare. Cloudflare does nothing at all about spam or malware domains--their "security head" has told me on Twitter point-blank they don't care, so piss off--and phish and malware sites served by Cloudflare tend to remain active on Cloudflare's network forever.

      I'm not sure how folks who started out as spam fighters ended up in the pockets of spammers, but it's a sad thing.

      1. Martin Summers

        Re: Bullet proof

        "I'm not sure how folks who started out as spam fighters ended up in the pockets of spammers, but it's a sad thing."

        Money?

  2. leexgx

    Disclosure: El Reg is a customer of CloudFlare and uses its content-distribution network.

    i would not expect less :) (no really a lot of websites use CloudFlare so)

    1. Tom Chiverton 1

      "Disclosure: El Reg is a customer of CloudFlare and uses its content-distribution network."

      Why don't you use their free SSL and sort out the login form then ?

  3. Ole Juul

    El Reg is a customer of CloudFlare and uses its content-distribution network.

    And I wish they wouldn't. It has not improved service for me and is just another link to go wrong. Also, I can no longer recommend El Reg articles to my security oriented friends because CloudFlare blocks Tor connections. They need to fix that.

    1. Anonymous Coward
      Anonymous Coward

      Re: El Reg is a customer of CloudFlare and uses its content-distribution network.

      I believe the "protection" is optional, that you can login and turn it off.

      1. Ole Juul

        Re: El Reg is a customer of CloudFlare and uses its content-distribution network.

        "you can login and turn it off."

        In that case I wish El Reg would do that.

      2. Marco Fontani

        Re: El Reg is a customer of CloudFlare and uses its content-distribution network.

        I believe the "protection" is optional, that you can login and turn it off.

        You're advocating making the website assume the goatse position.

        1. Adam 52 Silver badge

          Re: El Reg is a customer of CloudFlare and uses its content-distribution network.

          I'd hope for something more fine-grained than "block everything suspicious" and "allow everything". Even my 10 year old router has fine grained DOS protection.

    2. zanshin

      Re: El Reg is a customer of CloudFlare and uses its content-distribution network.

      "Also, I can no longer recommend El Reg articles to my security oriented friends because CloudFlare blocks Tor connections."

      Eh? I quite regularly visit sites protected by CloudFlare over Tor, and have done so within the last couple of days. I typically have to answer a captcha to convince it I'm not some kind of bot, but it lets me in as long as I can do that.

      1. Ole Juul

        Re: El Reg is a customer of CloudFlare and uses its content-distribution network.

        "I quite regularly visit sites protected by CloudFlare over Tor, and have done so within the last couple of days."

        Yes, I'm aware that they've recently changed the captcha so as to be easier. They used to be completely insolvable. Now they often work, though I just now checked and it took me about 5 tries. In any case, it makes a clear statement that CloudFlare and The Register do not support good security and wish to discourage those who do. Shame on them.

        1. Anonymous Coward
          Anonymous Coward

          Re: El Reg is a customer of CloudFlare and uses its content-distribution network.

          it makes a clear statement that CloudFlare and The Register do not support good security and wish to discourage those who do. Shame on them.

          I would have 100% agreed with you before, but something has at least improved:

          ~$ dig +short theregister.co.uk

          159.100.131.165

          If you track that down, it appears that El Reg has at least switched its email to a UK based service owned by a Canadian supplier (at least the IP addresses are, according to RIPE), so there is hope yet (it used to be Google, accompanied by claims that "they use something more secure for leads" - yeah, right, as if that would convince the Snowdens of this world :) ). This is marginally better.

          The problem that Clouidflare solved for volume sites is a reduced/cancelled risk of DDoS, but I would indeed never spool anything through them that needs discretion because you're handing off access data to a provider in what is presently one of the most questionable jurisdictions for privacy in the developed world, straight after China (let that irony sink in for the moment)...

          1. Marco Fontani

            Re: El Reg is a customer of CloudFlare and uses its content-distribution network.

            it appears that El Reg has at least switched its email to a UK based service owned by a Canadian supplier

            Dude, what's a dig for the A record on the naked domain got to do with where the _email_ is, in the presence of an MX record?

            The A record for the naked domain pointing to our hosting provider peer1 simply means that if you type "theregister.co.uk" you hit our naked load balancer, and _then_ get redirected.

            If you want to find out where the email is hosted, you ought to ask for the MX record?

            ➤ dig mx +short theregister.co.uk

            1. Roland6 Silver badge

              Re: El Reg is a customer of CloudFlare and uses its content-distribution network.

              If you want to find out where the email is hosted, you ought to ask for the MX record?

              Still doesn't always give you the email service, because for many this simply points at the spam filter service (eg. Panda Cloud Anti-Spam) ...

            2. Anonymous Coward
              Anonymous Coward

              Re: El Reg is a customer of CloudFlare and uses its content-distribution network.

              Dude, what's a dig for the A record on the naked domain got to do with where the _email_ is, in the presence of an MX record?

              You're right. It means I got up too early, that's all :). Alas, the situation has thus remained unchanged.

              El Reg knows me well, because I have been working with email for considerably lot longer than the Net exists. I even had a spell doing nothing but conversions to/from SMTP email when the Internet started to gain prominence, with X400 to SMTP conversions being the most spectacular in ROI (in one case, a single month and a helpdesk getting hit with calls asking why email was suddenly so fast :) ).

  4. frank ly

    "there wasn't a tonne that we could do to help"

    Have they gone metric?

  5. Anonymous Coward
    Anonymous Coward

    They have a looooong way to go..

    .. before you should trust anything confidential to them.

    1 - they are a US company. Why is that a problem? Well, Apple vs FBI is but a small example but there are disappointingly many others to choose from, and it's not an easy one to fix (think decades).

    2 - there is this:

    :~$ dig +short cloudflare.com mx

    10 aspmx.l.google.com.

    20 alt1.aspmx.l.google.com.

    30 alt2.aspmx.l.google.com.

    40 aspmx2.googlemail.com.

    50 aspmx3.googlemail.com.

    Case closed.

    In the UHNW world, trust is everything. That requires first that the facts are actually in your favour, and being based in the US or US owned is in that context not exactly a recommendation.

    1. Anonymous Coward
      WTF?

      Re: They have a looooong way to go..

      "Well, Apple vs FBI is but a small example "

      Lost me...A US company refusing to break customer protections for a government agency is grounds NOT to trust them?

      1. Anonymous Coward
        Anonymous Coward

        Re: They have a looooong way to go..

        "Well, Apple vs FBI is but a small example "

        Lost me...A US company refusing to break customer protections for a government agency is grounds NOT to trust them?

        No, it is a sign of a jurisdiction that doesn't see privacy as very important. That case is not about Apple, it is about manipulating the legal system because the Backdoor Zombie just does NOT want to die.

  6. Potemkine Silver badge
    WTF?

    WTF?

    "when you're an organization receiving as many sensitive emails as the Times, this is pretty worrisome"

    Considering emails as an appropriate mean to transfer sensitive information is worrisome :wtf:

    1. Adam 52 Silver badge

      Re: WTF?

      Most media organisations use https://securedrop.org/ for sensitive stuff but it's almost impossible to prevent journalists discussing by email, sharing passwords etc. Actually it's unfair to single out journalists, the IT staff do it to.

      1. Anonymous Coward
        Anonymous Coward

        Re: WTF?

        Most media organisations use https://securedrop.org/ for sensitive stuff

        securedrop.org? Really?

        :~$ dig +short mx securedrop.org

        0 smtp.electricembers.net.

        :~$ dig +short smtp.electricembers.net.

        208.90.215.68

        208.90.215.69

        208.90.215.67

        Plug that into IP bulk geolocation and you end up in..

        .. the USA. Bzzzt.

        Oh boy, oh boy. So many talk about privacy, so few actually have a clue.

      2. Potemkine Silver badge

        Re: WTF?

        the IT staff do it to.

        No one in my staff would dare to do that, except the ones who enjoy being whipped ^^

        1. Anonymous Coward
          Anonymous Coward

          Re: WTF?

          No one in my staff would dare to do that, except the ones who enjoy being whipped

          Now don't you go encouraging them.. :)

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022