Dave

Sealed, airtight, and waterproof but what if both banks burn down at the same time? You didn't mention fire-proof.

I'm not quite sure I get what you're getting at. If you're using Cloudflare (for more than just a nameserver), then the client's browser is connecting to Cloudflare via a Cloudflare SSL certificate. Any password (or other data) submitted will be readable by Cloudflare because the encryption is only between the browser and Cloudflare. They then connect to your reverse proxy, which might have SSL or it might be unencrypted. That's a second jump done by re-encrypting the data.

How does the reverse proxy help, when the browser is connecting to Cloudflare not to the reverse proxy?

They also say "Cloudflare DDoS protection secures websites and applications while ensuring the performance of legitimate traffic is not compromised.", with a tick to indicate this is included in the Free tier.

You are honestly the first person I've heard complain about Cloudflare failing to protect against DDoS attacks. However, I have no doubt that not having Cloudflare, I would fare no better. So still seems worthwhile to me.

They explicitly use free DDoS protection as a way to get you in the door, and upsell you on other things. Have you seen them "drop your tunnel like a hot potato"?

Now obviously if their network is at capacity they would prioritise paying customers, but I've never heard of there being an issue with DDoS protection for free users. But I have heard stories of sites enabling Cloudflare while being DDoSed and it resolving the problem.

If you use DNS with proxy it still applies, you should get a Cloudflare certificate then. But yes, if you use Cloudflare as DNS only, then it should be direct. I believe you get none of the protection or benefits doing this, you're just using them as a name server.

The Cloudflare benefits of bot detection, image caching, and other features all rely on the proxy setting.

Also if proxying is enabled, your server IP is hidden which helps stop people knowing how to attack your server (e.g. they won't have an IP address to attempt to SSH into it). You don't get this protection in DNS only mode either.

Basically if you're using DNS only, it's no different to using the name server from your domain registrar as far as I can tell.

I think concerns come in two flavours:

1. Privacy/security: Cloudflare terminates HTTPS, which means they decrypt your data on their side (e.g. browser to cloudflare section) then re-encrypt for the second part (cloudflare to server). They can therefore read your traffic, including passwords. Depending on your threat model, this might be a concern or it might not. A counterpoint is that Cloudflare helps protect your service from bad actors, so it could be seen to increase security.
2. Cloudflare is centralised. The sidebar of this community states "A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.", and Cloudflare is for sure a service you don't control, and arguably you're locked into it if you can't access your stuff without it. Some people think Coudflare goes against the ethos of self-hosting.

With that said, you'll find several large lemmy instances (and many small ones) use cloudflare. While you'll easily find people against its use, you'll find many more people in the self-hosted community using it because it's (typically) free and it works. If you want to use it, and you're ok with the above, then go ahead.

Where I live, many ISPs tie public IPs to static IPs if they are using CG-NAT. But of course there are other options as well. My point was that the other options don't disappear.

Though I do get the point that Cloudflare aren't giving away something for nothing. The main reason to me is to get hobbiest using it so they start using it (on paid plans) in their work, or otherwise get people to upgrade to paid plans. However, the "give something away for free until they can't live without it then force them to pay" model is pretty classic in tech by now.

We start paying for static IPs. If cloudflare shuts down overnight, a lot of stuff stops working but no data is lost so we can get it back up with some work.

It is illegal where I live. I imagine it's illegal in most developed countries. Bills can only have one purpose, they can't combine unrelated things.

Sorry you're right, site isn't the right word but I hoped the reference to lemmy would explain it.

In regards to WebRTC, isn't it bittorrent over WebRTC which allows bittorrent in a browser?

This says:

PeerTube uses the BitTorrent protocol to share bandwidth between users by default to help lower the load on the server

Piped lets you view youtube videos without being tracked by google (and I guess without ads, though pretty sure uBlock Origin will do that anyway).

Peertube is like an alternative site to youtube. It's a different place to post your video (you can't use it to watch YouTube videos to my knowledge). The site is federated like Lemmy, and it uses bittorrent to download videos so people viewing the video at the same time will send part of the data to each other, reducing load on the server.

I gave up on Peaky Blinders when for some reason Netflix only had season 1 and 3, which I didn't realise until I was at the end of season 1.