Hacker News new | past | comments | ask | show | jobs | submit login

While this might improve user experience for some, I don't see the greater value in a VPN solution like this.

It's the fast path to replacing the decentralized internet with a few proprietary CDNs. I'm much more excited about those projects that actually try to fix the raised issues:

Unencrypted connections -> TLS / Letsencrypt

TCP sucks on mobile/roaming devices -> QUIC & HTTP/3




Cloudflare pushed out free TLS years before Let's Encrypt and we are actively working on and supporting QUIC and HTTP/3. But QUIC/HTTP/3 aren't here today, not everyone is using HTTPS and there are other worries in coffee shops etc. hence a VPN service makes sense.


There is a bit of a difference between LetsEncrypt and Cloudflare TLS termination though... one is TLS for everyone, the other is TLS for Cloudflare customers (paying or not). For instance can an Iranian website use Cloudflare TLS? I would wager not. (ironic as they probably need secure transport the most).

I'm not saying Cloudflare isn't doing good things for the Internet but it's a bit disingenuous to equate the 2 efforts. Cloudflare could have done LetsEncrypt, but as a CDN that would make no business sense - which is why we need LetsEncrypt, so they can continue to do the things that don't make good business sense for Cloudflare.


CF is at the mercy of the CAs (DigiCert/Comodo), and at least based on LetsEncrypt's stance [0], they should be OK to issue .ir certificates as long as the customer is not a Gov't entity. The only issue is that these CA's are just playing it safe by not issuing any .ir domains, making CF also unable to issue .ir.

I believe CF is working on LetsEncrypt certificates, at least based on letsencrypt.org being included in the 'automatic' CAA records[1].

0: https://community.letsencrypt.org/t/issuance-criteria-for-ir...

1: https://support.cloudflare.com/hc/en-us/articles/11500031083...


Having Cloudflare's weight behind Wireguard seems like a great thing for an open decentralized Internet.


If only they were willing to work with Wireguard: https://lists.zx2c4.com/pipermail/wireguard/2019-March/00404...


Should Cloudflare go evil in some way then I would guess other services would pick up the ball and would keep delivering the same level of service as this one.


My ISP is rate-limiting specific services -> VPN

Which, incidentally, allows you freer access to the open Internet.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: