It's Privacy and Compliance week at @Cloudflare highlighting work that
- Enables customers to comply with privacy laws
- Upgrades core Internet protocols to be more privacy-preserving
- Reinforces that Cloudflare doesn't need personally identifiable data for its business
1/
- Enables customers to comply with privacy laws
- Upgrades core Internet protocols to be more privacy-preserving
- Reinforces that Cloudflare doesn't need personally identifiable data for its business
1/
In CEO @eastdakota's introduction to the week, he explains how privacy has always been part of Cloudflare's DNA and why helping customers find solutions that work in today's global privacy landscape is so important.
https://blog.cloudflare.com/welcome-to-privacy-and-compliance-week/
2/
https://blog.cloudflare.com/welcome-to-privacy-and-compliance-week/
2/
CTO @jgrahamc explains the evolution of the Internet from rapid growth in connectivity to a focus on security. He makes the case that the next phase of the Internet should be about building privacy into the Internet.
https://blog.cloudflare.com/internet-privacy/
3/
https://blog.cloudflare.com/internet-privacy/
3/
There will also be segments on http://cloudflare.tv (in multiple languages) with Privacy and Compliance experts and engineers from inside and outside Cloudflare, so stay tuned!
4/
4/
Monday's announcement: The @Cloudflare Data Localization Suite. With this, customers can control which locations Cloudflare
- performs decryption and inspection
- keeps TLS private keys
- keeps/runs Workers durable objects
- delivers logs from
https://blog.cloudflare.com/introducing-the-cloudflare-data-localization-suite/
5/
- performs decryption and inspection
- keeps TLS private keys
- keeps/runs Workers durable objects
- delivers logs from
https://blog.cloudflare.com/introducing-the-cloudflare-data-localization-suite/
5/
Tuesday is all about privacy-preserving protocols.
@Cloudflare has always championed emerging Internet protocols. Today we're doing three deep dives into new protocols that improve the privacy of DNS, TLS, and even passwords.
https://blog.cloudflare.com/next-generation-privacy-protocols/
6/
@Cloudflare has always championed emerging Internet protocols. Today we're doing three deep dives into new protocols that improve the privacy of DNS, TLS, and even passwords.
https://blog.cloudflare.com/next-generation-privacy-protocols/
6/
Two years ago, @cloudflare launched trial support for ESNI, an extension to TLS that keeps hostnames private. Today, @cjpatton_ explains what we've learned and how the IETF specification has evolved to become ECH (Encrypted Client Hello).
https://blog.cloudflare.com/encrypted-client-hello/
7/
https://blog.cloudflare.com/encrypted-client-hello/
7/
DNS privacy has improved lately with the adoption of protocols like DoH and DoT in DNS resolvers. One complaint about moving DNS to the cloud is that it places a lot of trust in these providers to handle this combination of user IP addresses and domain lookups safely.
8/
8/
Resolvers like 1.1.1.1 have privacy policies, but wouldn't it be cool if DNS resolvers never learned your IP address? Enter Oblivious DoH.
Cloudflare and partners (PCCW, SURF, and Equinix) now support this emerging standard to help make DoH private!
9/ https://blog.cloudflare.com/oblivious-dns/
Cloudflare and partners (PCCW, SURF, and Equinix) now support this emerging standard to help make DoH private!
9/ https://blog.cloudflare.com/oblivious-dns/
Not only is ODoH live, but we also open-sourced code in Go and Rust for all parts of ODoH: proxy, server, and client.
This effort was led by Tanya Verma and intern @sudheesh001 with @vavrusam, @armfazh, @__caw__, @cjpatton_, @Lekensteyn and more.
https://github.com/cloudflare?q=odoh
10/
This effort was led by Tanya Verma and intern @sudheesh001 with @vavrusam, @armfazh, @__caw__, @cjpatton_, @Lekensteyn and more.
https://github.com/cloudflare?q=odoh
10/
Finally, another hot privacy issue is passwords.
Today, we explore the emerging OPAQUE standard for password authentication. Research intern @tatianaebradley explains how OPAQUE lets users log without the server ever seeing a plaintext password.
https://blog.cloudflare.com/opaque-oblivious-passwords/
11/
Today, we explore the emerging OPAQUE standard for password authentication. Research intern @tatianaebradley explains how OPAQUE lets users log without the server ever seeing a plaintext password.
https://blog.cloudflare.com/opaque-oblivious-passwords/
11/
We have an interactive demo of OPAQUE to see how it works under the hood:
https://opaque.research.cloudflare.com/
The code behind it was developed by @claucece and @tatianaebradley with @armfazh, @thibmeu, @__caw__, and @marwanfayed. It is available on Github.
https://github.com/cloudflare/opaque-core
12/
https://opaque.research.cloudflare.com/
The code behind it was developed by @claucece and @tatianaebradley with @armfazh, @thibmeu, @__caw__, and @marwanfayed. It is available on Github.
https://github.com/cloudflare/opaque-core
12/
If you're interested in building your own implementation of any of the protocols announced today or interoperating with our implementations, or just have any questions, reach out to us at ask-research at cloudflare dot com!
13/
13/
Wednesday: deprecating the __cfduid cookie.
Years ago, @alxdavids and I helped add the "Secure" flag to this cookie to improve privacy for HTTPS-only sites. What's better for privacy than a secure cookie? No cookie at all. It's going away.
https://blog.cloudflare.com/deprecating-cfduid-cookie/
14/
Years ago, @alxdavids and I helped add the "Secure" flag to this cookie to improve privacy for HTTPS-only sites. What's better for privacy than a secure cookie? No cookie at all. It's going away.
https://blog.cloudflare.com/deprecating-cfduid-cookie/
14/
Cloudflare's business is based on helping make websites and web services faster and more secure, not on tracking and profiling users for advertising purposes.
Cloudflare Web Analytics: optimize for your users, not for advertisers.
https://blog.cloudflare.com/privacy-first-web-analytics/
15/
Cloudflare Web Analytics: optimize for your users, not for advertisers.
https://blog.cloudflare.com/privacy-first-web-analytics/
15/
Thursday: Compliance
Privacy is a broad discipline that has legal, technological, and regulatory components and is inseparable from compliance. Cloudflare has many tools to help customers dealing with compliance issues.
https://blog.cloudflare.com/work-jurisdiction-records-for-teams/
https://blog.cloudflare.com/cloudflare-certifications/
16/
Privacy is a broad discipline that has legal, technological, and regulatory components and is inseparable from compliance. Cloudflare has many tools to help customers dealing with compliance issues.
https://blog.cloudflare.com/work-jurisdiction-records-for-teams/
https://blog.cloudflare.com/cloudflare-certifications/
16/