Quad9 or Cloudflare

what do you prefer ?

Quad9 is a way better choice if you care about privacy, ethics, etc.

5 Likes

Definitely quad9 iirc, they are a nonprofit while cloudflare is a business, so less of a profit motive there as well.

3 Likes

Hang on, why the hate on Cloudflare? In the grand scheme of things as well (big tech), arent they the less naughty one? I like them both.

5 Likes

Thats true, but it doesnt feel like its because of an actual commitment to privacy, rather just by accident :person_shrugging:

2 Likes

A lot of people are resistant to Cloudflare not for any specific technical reason, not for any particular bad thing they have done, but just because they are a large company, with control over a big chunk of the internet. It’s good to be cautious and conscious about this sort of thing, but as far as corporate players go, I think Cloudflare is a pretty good digital citizen, and doesn’t deserve a lot of the negativity they get from parts of the community.

8 Likes

Funny how if they are down, IIRC about a half of the internet is also down.

1 Like

If you are talking about Cloudflare, I (personally) feel this may be somewhat of a mis-impression. My impression is that they have made a conscious decision to try to build a mainstream business that is compatible with and supportive of online privacy & security, and have devoted real time and resources to privacy initiatives. Its just that a lot of the work they do related to privacy is more technical behind the scenes stuff that isn’t always apparent to the consumer/end user.

But Cloudflare has been an influential player, early adopter, (and in some cases a leader) of various privacy initiatives and standards. Things like:

Apart from specific technical things, I see Cloudflare making a positive contribution in a few other ways (A) Privacy and Security education, their blog posts often provide good conceptual overviews of somewhat complicated and esoteric technical topics(B) Pushing for or supporting privacy-preserving or privacy-enhancing web standards (C) Making it easier (or the default) to use emerging security and privacy standards.

My impression is that Cloudflare has demonstrated a meaningful commitment to some privacy initiatives that are making a real and positive impact. And because of their size and reach they are in a somewhat unique position to push privacy in ways that benefit everyone, not just those of us who are already privacy conscious. I don’t think they are perfect, and I don’t fully trust them, especially in some particular contexts, but I don’t think its fair to say they are private ‘by accident’. As far as big tech companies go, I consider them one of the better ones.

With that said, like you, I have a bit more trust-by-default in a non-profit than a large corporation, and I do not trust that any company that controls as much of the internet as cloudflare does will not be a big target for US and other govts intelligence services.

11 Likes

That’s fair, thanks for pointing that out! I am still a bit wary of them, but as you mentioned, their contributions to the privacy space have been expansive.

1 Like

Quad9 is the way to go for me. Speeds are also pretty good with it.

2 Likes

Cloudflare is so big that it’s potentially dangerous. Their CDN, reverse proxy, DDoS protection and various other (often free) services are used by a large chunk of websites already. This gives them a large amount of power, and it’s never good for one player to become too powerful.

In terms of actually doing naughty things:

  • Cloudflare - who pretend to be neutral and against censorship - terminated service for various websites (e.g. 8chan, Daily Stormer, Kiwifarms) while at the same time providing services to terrorist groups including the Islamic State. See here: Cloudflare - Wikipedia
  • Quad9 was founded by the “Global Cyber Alliance”, which was founded in 2015 by the City of London Police, the Manhattan District Attorney’s Office, and the Center for Internet Security. So they’re somewhat government-adjacent. To be fair, that’s not proof of anything, because so are/were Tor and Signal.

In my paranoid-schizophrenic opinion, they both smell like glowies. I’ll stick to Adguard DNS, thank you very much.

3 Likes

I think @Regime6045 points out the two most valid structural concerns with Cloudflare (or any other company that grows to a similar scale).

  1. Any single company with so much control over and access to large swaths of the internet has a lot of power, with the potential to misuse that power intentionally or through negligence. Equally or more importantly any company of that size/scale presents a really attractive target for both targeted and dragnet surveillance by intelligence agencies, illiberal governments, etc.
  2. Any single company with so much control over such a large swath of internet traffic, and specifically DNS traffic, is an attractive target for censors/internet censorship. In some cases this censorship might be forced/coerced, in other cases it might be voluntary, unintentional, or in order to placate some interest group or grassroots movement. In any case, it is a risk (it is a risk with any DNS provider, but the larger the DNS provider the great impact and the more attractive a target they are).

That said, both of these problems are fundamental structural problems with internet centralization in general, not problems specific to Cloudflare itself.

Semi-offtopic

where I do not agree is this characterization:

Cloudflare - who pretend to be neutral and against censorship

At least in the case of the Daily Stormer, a white supremacy website which Cloudflare had previously provided DDOS protection for, in accordance with their policy of neturality, but eventually chose to sever ties with after the website apparently made statements claiming that Cloudflare was secretly aligned with their beliefs. From what I read, it is not a decision they took lightly, and was a decision that the CEO and others at the company wrestled with and were fairly uncomfortable with, but considered the choice they made the least-worst-choice. For anyone interested here is a first party source that explains the companies decision from the point of view of the CEO, and a 3rd party source for an overview. I encourage you to read both articles (they are short).

5 Likes

A Portuguese government agency forbade the government from using Cloudflare services for anything involving personal data, stating that any US based company can be compelled by the US government to handover said data regardless of any contractual terms stating otherwise (RGPD: caça às coimas ou uma decisão exemplar? | Caiado Guerreiro).

As a result, any use of Cloudflare services was ceased. To this day, hospitals are still using google drive to store and internally share medical data, and the police or the tax authority will happily use Microsoft Windows basically everywhere. I find it strange that its only Cloudflare they have an issue with, in practical terms. What do they know that we dont?

3 Likes

Quad9 if I had to choose ✓