• 8 Posts
  • 46 Comments
Joined 1 year ago
cake
Cake day: June 28th, 2023

help-circle
  • If you look at cloudlfares strategy here, they want to be the sweetheart of everyone who knows what a VPN is in order that they will be selected by those people for corporate projects. Monetising the data that flows through their network is antithetical to that objective.

    This is just naïve. Cloudflare is a business and if they see more value in selling you out, and legally you agreed they may, then they will. Acting “antiethical” has never stopped a big player from infringing on the rights of small players, especially in the tech industry where individuals essentially have zero rights.

    Additionally I would venture that the data doesn’t really have any value, it would be impossible to use it to build data about an individuals browsing or buying habits.

    Interesting. I would pay you $5 monthly for all the data going through your tunnel under the same conditions that cloudflare requires you to agree to. How about it?


  • Surely you have to acknowledge that it’s disingenuous to copy the last sentence of the clause and omit the first sentence that says the exact opposite of the point you’re trying to make.

    No it doesn’t. The first sentence does not state anything that is not already clarified by law. Hence, it adds zero value to the actual meaning of the paragraph.

    You are a person. Your basic human rights are guaranteed to you by law. Given that, you hereby grant me the right to enter your house and shave your head at my discretion and however often I wish, if I deem it necessary to provide to a free service that I don’t classify further in this agreement.

    Same thing, you can say if I redact the first two sentences from the quote I’m being disingenuous, but really I’m just trying to get one over on you by making you feel like you have some control in this when in actually you do not.



  • Subject to the terms of this Agreement, you hereby grant us a non-exclusive, fully sublicensable, worldwide, royalty-free right to collect, use, copy, store, transmit, modify and create derivative works of Customer Content, in each case to the extent necessary to provide the Services.
    

    You’ll have to be fine with Cloudflare having any and all rights to the data transmitted through the tunnel, while you in return have none. They pinky promise not to fuck you over, but they also promise to legally burry you for any infringement at their discretion.

    For me, this is a non-starter.


  • ck_@discuss.tchncs.detoSelfhosted@lemmy.worldVPNs, self hosting and security
    link
    fedilink
    English
    arrow-up
    4
    arrow-down
    1
    ·
    11 months ago

    I have tailscale, which is great for ssh-ing onto my Nas from the outside world. But to access my services, is a VPN the best way to do it?

    The main point about Tailscale that I see people on here often get wrong is that they compare it to a “classic” hub-and-spoke VPN, when in fact it is an end-to-end zero trust encrypted mesh network. End-to-end does not mean machine-to-machine, it means user to service. So in your case, you should place one tailscale node in each pod (collection of containers that make up one service) as a sidekick. That way, a user need to authenticate in order to even open a network connection for a specific service, which is a very secure solution.



  • ck_@discuss.tchncs.detoSelfhosted@lemmy.worldShould I move to Docker?
    link
    fedilink
    English
    arrow-up
    28
    ·
    edit-2
    11 months ago

    The main downside of docker images is app developers don’t tend to play a lot of attention to the images that they produce beyond shipping their app. While software installed via your distribution benefits from meticulous scrutiny of security teams making sure security issues are fixed in a timely fashion, those fixes rarely trickle down the chain of images that your container ultimately depends on. While your distributions package manager sets up a cron job to install fixes from the security channel automatically, with Docker you are back to keeping track of this by yourself, hoping that the app developer takes this serious enough to supply new images in a timely fashion. This multies by number of images, so you are always only as secure as the least well maintained image.

    Most images, including latest, are piss pour quality from a security standpoint. Because of that, professionals do not tend to grab “off the shelve” images from random sources of the internet. If they do, they pay extra attention to ensure that these containers run in sufficient isolated environment.

    Self hosting communities do not often pay attention to this. You’ll have to decide for yourself how relevant this is for you.