Cloudflare’s Zero Trust Browser is a dumb idea if I ever saw one. Here’s why. And as a little bonus, we look at the Mighty browser, which is even more insane.
In today’s episode of The Private Citizen, I look at Cloudflare’s Zero Trust Browsing service and explain why it’s a bad idea and why it doesn’t inspire confidence for the future of technology or, indeed, the planet. We also have some bonus rant content thanks to the audience during the live show, which unearthed a similarly stupid product.
Please excuse this episode being a day late. I was very busy with some writing that couldn’t wait during the last few days. I’ll try not to have this happen again.
This podcast was recorded with a live audience on my Twitch channel. Details on the time of future recordings can usually be found on my personal website. Recordings of these streams get saved to a YouTube playlist for easy watching on demand after the fact.
Cloudflare’s Zero Trust Browser Service
Cloudlflare is offering a new service called Zero Trust Browsing whereby you browse the internet from their servers. They say that this is incredibly secure and it is, at the moment, mostly aimed at enterprises trying to keep their employees secure as they surf the web from home on their private machines.
It works like this: You install software that connects to the nearest Cloudflare server. That server runs a browser locally and all you interactions with the software on your computer get executed in that browser in the cloud. Pages rendered are streamed back to your computer as separate screen images – like frames in a video. It’s essentially remote desktop for browsing. As advertised, this brings some security improvements, especially for everyday users. But it has a huge privacy flaw. And the fact that Cloudflare branded this “zero trust browsing” is just laughable.
The obvious flaw is that you run all your browsing through the servers of another company. They then know everything about everything you do on the web. They can watch each click and every single mouse movement and keystroke in real time. Unsurprisingly, the word “privacy” is never once mentioned on any Cloudflare page talking about this product.
I wouldn’t trust any company with that kind of knowledge. And especially not Cloudflare, who seem intend on taking over the whole internet. It’s bad enough having to deal with the shit they put me through whenever I visit a website of some customer’s of theirs:
At CloudFlare we’ve not explicitly treated traffic from Tor any differently, however users of the Tor browser have been more likely to have their browsing experience interrupted by CAPTCHAs or other restrictions. This is because, like all IP addresses that connect to our network, we check the requests that they make and assign a threat score to the IP. Unfortunately, since such a high percentage of requests that are coming from the Tor network are malicious, the IPs of the Tor exit nodes often have a very high threat score.
With most browsers, we can use the reputation of the browser from other requests it’s made across our network to override the bad reputation of the IP address connecting to our network. For instance, if you visit a coffee shop that is only used by hackers, the IP of the coffee shop’s WiFi may have a bad reputation. But, if we’ve seen your browser behave elsewhere on the Internet acting like a regular web surfer and not a hacker, then we can use your browser’s good reputation to override the bad reputation of the hacker coffee shop’s IP.
This company is already building a huge database of everyone’s browsing habits, for fuck’s sake. And now they also want to literally watch me browse?
On a side note, I really like how they made their whole “Controversies” section on Wikipedia about how they are so amazing at protecting freedom of speech. Apparently, everyone is worried about their hosting of some right wing websites, but not about how they run 81% of all known reverse proxies and handle almost 17% of all internet traffic? Really? Yeah, nothing to worry about that, that was totally how the internet was meant to work. Look over here!
Now, you might be asking yourself: Why is he even talking about this? It’s obvious that this product isn’t aimed at the listeners of this podcast. And you’re right. But beyond all that, this service shows just how far the current trend of put-everything-in-the-cloud has progressed. This kind of attitude is a serious risk to all our digital lives that must be addressed.
While I was recording this live on Twitch, a viewer pointed me towards the Mighty browser, which, as far as I can tell, is even worse. It’s kind of the same idea, but aimed at consumers. And it isn’t even aimed specifically at people who want to be more secure. Their site is full of hilarious statements, like this one:
Protecting your information and your right to privacy is our top priority. We commit to keeping your browser history private, your logged in identity secure, and your information under your control. Let us be clear: your data will never be sold. We recognize that we earn our trust with you every day and that won’t be easy.
Coupled with testimonials by absolute dumb-ass idiots.
It’d would be hilarious, if it wasn’t so bad. It’s almost malicious in its insanity. Wow.
Urban Koistinen says, in reference to my earlier socialism episode, and, I guess, a possible follow-up episode:
I have heard but don’t know that while there is only one party in Vietnam, they still have meaningful elections with different candidates representing different public policy positions.
I hope you might clarify if this is so when you do your episode on socialism.
astralc (on the Discord) says:
Listened to the podcast about the Stasi trojan. I don’t get the German government. “We don’t want a totalitarian regime that spies on its citizens every move, so we need to spy on our citizens every move”. Also how does a (domestic) intelligence agency protect the constitution? Isn’t it protecting the government (ideas) from the people (dissenting ideas)?
Steve Hoos comes in with a COVID-19 restrictions update from the wonderful state of Texas in the US:
Here in Texas things are getting back to the real normal. The only places you have to wear a mask is where private businesses require it. Those businesses have no mandate from any health or government organization. I work in a 12 story office building just north of Dallas. This morning between 08:00 - 09:00 the building managers removed all the signs that required masks in elevators and common areas!
My brother’s restaurant nearby is at 100% capacity and no plexiglass. The only thing that is different from pre-COVID times is that servers are still wearing masks, but my brother just told me his restaurant is going no masks on Monday.
He also sends some feedback about German cars:
Sorry to hear about your German made car rusting from the inside out that seems fairly pathetic. There are two German cars which I would love to own but they are both very old. 1980s Mercedes 300D still put around the United States. I have looked at purchasing one but they are well over 20 grand. Seems to have an incredible engine that will not stop. I currently own a 2006 Dodge Ram 2500 with the last of the 5.9 Cummins diesel engines. I’m a fan of a diesel engine that lasts a long time.
Hard to believe about the Mercedes that a used car that is 40 years old even in bad shape could command such a price. The other German car I would love to own is a 1976 BMW 2002 but that is purely for aesthetic reasons.
Mike Small chimes in with a longer email that I’m sharing some excerpts from here:
I’m writing to say I greatly enjoyed these last few episodes. I especially like when you combine a privacy and computing topic with German politics. I have a pretty narrow view of the world, mostly only being familiar with U.S. and Canadian politics, so it’s appreciated.
Oh, if you like Billy Joe Shaver (saw your gemlog), check out the episode of Norm MacDonald has a Show that he’s on. They’re friends. I’m not that big a country fan beyond Johnny Cash and Willie Nelson, but that episode is great, both the music and the stories.
Looking forward to an episode on IPFS. An episode on alternative phone operating systems might be nice too, if there’s enough there to talk about in the present tense. The project I’m most excited about is postmarketOS (German project creator, BTW).
If you have any thoughts on the things discussed in this or previous episodes, please feel free to contact me. In addition to the information listed there, we also have an experimental Matrix room for feedback. Try it out if you have an account on a Matrix server. Any Matrix server will do.
Toss a Coin to Your Podcaster
I am a freelance journalist and writer, volunteering my free time because I love digging into stories and because I love podcasting. If you want to help keep The Private Citizen on the air, consider becoming one of my Patreon supporters.
You can also support the show by sending money to via PayPal, if you prefer.
This is entirely optional. This show operates under the value-for-value model, meaning I want you to give back only what you feel this show is worth to you. If that comes down to nothing, that’s OK with me. But if you help out, it’s more likely that I’ll be able to keep doing this indefinitely.
Thanks and Credits
I like to credit everyone who’s helped with any aspect of this production and thus became a part of the show. This is why I am thankful to the following people, who have supported this episode through Patreon and PayPal and thus keep this show on the air:
Georges, Steve Hoos, Butterbeans,Jonathan M. Hethey, Michael Mullan-Jensen, Dave, Shelby Cruver, Vlad, 1i11g, Jackie Plage, Philip Klostermann, Jaroslav Lichtblau, Michael Small, ikn, Kai Siers, Fadi Mansour, Bennett Piater, Dirk Dede, Joe Poser, Larry Glock, David Potter, Matt Jelliman, Martin, Mika, tobias, m0dese7en, Dave Umrysh, MrAmish, avis, Sandman616, drivezero, RikyM, Barry Williams, Jonathan Edwards, Rizele, Captain Egghead, D, Cam, noreply, RJ Tracey, Robert Forster, Rick Bragg and Eric Le Lay.
Many thanks to my Twitch subscribers: BaconThePork, brigadiersirnilsolav, Flash_Gordo, m0dese7en_is_unavailable, Mike_TheDane, Sandman616, acherontas_vii,redeemerf, harivatana, centurioapertus and Galteran.
I am also thankful to Bytemark, who are providing the hosting for this episode’s audio file.
The show’s theme song is Acoustic Routes by Raúl Cabezalí. It is licensed via Jamendo Music. Other music and some sound effects are licensed via Epidemic Sound. This episode’s ending song is Straight up Heartbreak by Will Harrison.