Witty Intro Quote: “Use of Cloudflare will permanently and irreversible damage the trust users have in F-Droid.” --Tad
TL;DR: For users, where is the list of F-Droid mirrors, how chosen, and pros-cons of using each? Where is the list of corporate “sponsors” (aka infiltrators?), how chosen, and pros-cons of using each?
Why this post now: Background: I remember some discussions around here about needing to improve infrastructure because of increasing traffic and slowness. I didn’t remember discussion of using “services” like Cloudflare (aka Crimeflare). Today: I did a little DDG search for a topic of interest, wireless sftp android f-droid at DuckDuckGo As usual I bit my tongue and held back the urge to vomit while using DDG, but what else to use, Mojeek, Monocles, MetaGer…? So what suddenly appears as result #2, for me (YMMV)? Not a sleigh and reindeer, but a cloudflare subdomain of f-droid.org: | F-Droid - Free and Open Source Android App Repository
So, turns out, around the time I was whining about Cloudflare (aka Crimeflare) I cannot update Tor Browser - #4 by anon46495926 , using it for F-Droid was being discussed in Tor and search-unfriendly Gitlab:
Cloudflare is one of the companies who speed up access for some web services, for some people, and slow down access for other web services or other people. They decide who they protect, and who they don’t. They are corporations that profit from this control of the internet.
Some think some of these companies have shady deals with other, criminal(?) groups who do malicious activities like ddos or spam to create the “need” for companies like cloudflare.
To a random internet user like me, a ddos slowdown from criminals or a captcha slowdown from cloudflare has similar effect on me.
Yeah, aren’t AWS and Digitalocean and others guilty of same? Are there folks that block cloudflare in consideration of that?
Every service provider puts you on a much faster server/system if you pay more… right?
Cloudflare blocks Tor users, that would be the first reason to hate these fuckheads and every company who uses their services. CloudFlare is one of the companies who are responsible for the fact that using your to protect privacy when browsing online, has become impossible.
Good service, yes. But only if you show your real IP address and identity.
Also CloudFlare is another manifestation of the centralised internet. Everyone who believes in a decentralized internet and everyone who thinks that centralising the whole internet in a single point/company should strictly avoid CloudFlare.
Apart from the fact that they are an asshole company who enjoy the abuse of their monopoly.
TL;DR: For users, where is the list of F-Droid mirrors, how chosen, and pros-cons of using each? Where is the list of corporate “sponsors” (aka infiltrators?), how chosen, and pros-cons of using each?
By discussion on matrix, IRC channel; reddit discussion; as well as BBB voice chat.
Sponsored account from Cloudflare’s Project Galileo
If you are asking why isn’t everybody making their own software libraries, not funding their projects by begging for money at the local train station, and denying funding from entities that assured they won’t intervene in the project in executive ways or deny services that the project desperately needs, then I can assure you without using libraries funded by someone else you don’t agree with and taking funds from company that does something wrong but the project believes is acceptable when not added as default, then this project won’t progress, You can think your download speed in europe is good, but it sure isn’t the case in other places and cloudflare is the easiest way to ensure it is accessible.
Cloudflare makes both criminals(harassers, ddoser etc.) more likely but also allows site like f-droid to be accessible where it would otherwise be blocked. TLS1.3 will ensure that the cost for blocking f-droid is too high if we use cloudflare or other CDN provider.
Everyone didn’t chose cloudflare. But, a sizable portion accepted it as a viable service for the problems stated above and chose to implement it in a non-default way.
For the record, I think that Cloudflare is dangerous for the internet because it is a MITM, it is a centralizing force, and they are actively trying to snub out real privacy tools like Tor. But they also do some good things, like ECH. A mirror on Cloudflare also makes f-droid.org accessible in some places where we currently do a bad job of reaching. So I appreciate the skepicism and critique in this thread. It is only through such pushback that we as a community can carefully walk the line of working on good things, even when we have to work the powers that be that do many bad things.
To become an official mirror, it would helpful to have a privacy policy that describes what happens to the logs and metadata (for example FAU, PLUG, Lysator).
Looks very easy. Who wouldn’t meet that - an entity without a stated policy. Sigh.
