Jump to content

User:ElijahPepe/Cloudflare

From Wikipedia, the free encyclopedia

Cloudflare, Inc.
Company typePublic
ISINUS18915M1071
IndustryInformation and communications technology
FoundedJuly 17, 2009; 15 years ago (2009-07-17) in San Francisco, California, U.S.[1]
Founders
Headquarters101 Townsend Street, ,
U.S.
Area served
Worldwide
Key people
ProductsSee § Products and services
RevenueIncrease US$975 million (2022)
Decrease US$−201 million (2022)
Increase US$−193 million (2022)
Total assetsIncrease US$2.59 billion (2022)
Total equityDecrease US$624 million (2022)
Number of employees
Increase 3,217 (2022)

Cloudflare, Inc. is an American technology company headquartered in San Francisco, California. Cloudflare provides content delivery network, cloud cybersecurity, DDoS mitigation, and domain registration services. In 2022, the company was used by more than 20% of the entire Internet.[2]

History

[edit]

Founding (2003–2009)

[edit]

Global expansion (2010–2016)

[edit]

In July 2014, Cloudflare signed an agreement with Chinese technology company Baidu creating a service known as Yunjiasu (Chinese: 云加速), which began operating in December. The agreement shared part of Cloudflare's intellectual property, particularly regarding its technology to speed up Internet traffic. By September 2015, the service had attracted 450,000 businesses. The deal faced strenuous passage when an online voting platform for the 2014–2015 Hong Kong electoral reform was affected by a distributed denial-of-service (DDoS) attack mitigated by Cloudflare.[3] Hong Kong-based Internet entrepreneur Charles Mok had praised Prince for defending Occupy Central's voting platform, to which he suggested opening an office in Hong Kong rather than the previously suggested Singapore.[4] Vice journalist Richard Bejtlich noted the potential for the Chinese government to utilize the partnership to circumvent Cloudflare's DDoS prevention and enhancing Great Cannon, a cyberweapon used by the Chinese government to attack the servers of GitHub, an Internet hosting service, and GreatFire, a website that monitors websites blocked by the Great Firewall; Baidu used its analytics platform to facilitate the attack on GitHub and GreatFire.[5]

Growth (2017–present)

[edit]

On February 17, 2017, Project Zero security researcher Tavis Ormandy discovered a vulnerability, later known as Cloudbleed, that exposed HTTP cookies, access tokens, passwords, and other sensitive data. The vulnerability occurred when Cloudflare switched its Ragel-based HTML parser to a new parser known as cf-html, both written as Nginx modules. With unfinished script tags, both parsers would overflow, although the Ragel-based parser inserted a buffer at the end of the tag, preventing memory outside of the end of the pointer from being accessed. When using both the old parser and the new parser, the last buffer may have been removed, thus exposing server memory.[6] The flaw may have been present as early as September 22, 2016, but intensified between February 13 and February 18. Search engines cached the data returned by the parser, presenting an additional problem.[7]

During the Russian invasion of Ukraine, Cloudflare has monitored Internet traffic.[8] Amid concerns hospitals in the United States may be hit by cyberattacks, Cloudflare offered its services to at-risk organizations for free, but faced criticism from Ukrainian politician Mykhailo Fedorov for continuing to offer its services in Russia. In response, Prince wrote that the Russian government would "celebrate us shutting down Cloudflare's services in Russia".[9] A State Department spokesperson said that the flow of information in Russia must be maintained.[10]

Products and services

[edit]

Cloudflare offers its services for free, but charges for additional security measures.[11]

Security

[edit]

In March 2012, Cloudflare introduced Maze, a service that diverts and throttles network traffic from known content scrapers, creating a self-described "virtual labyrinth".[12]

In April 2020, citing privacy concerns, Cloudflare moved from reCAPTCHA to hCaptcha. The company proposed a security key-based replacement for CAPTCHAs in May 2021 using WebAuthn.[13] Cloudflare announced Turnstile, its JavaScript-based CAPTCHA alternative, in September 2088.[14]

Consumer products

[edit]

Cloudflare operates the DNS server 1.1.1.1 and 1.0.0.1, which it launched in April 2018 as a privacy-focused alternative to OpenDNS and Google DNS, supporting DNS over TLS and DNS over HTTPS. The server was launched in partnership with APNIC.[15] Cloudflare retained professional services network KPMG to publish an annual audit on 1.1.1.1. In November, an official iOS and Android app was launched, adding virtual private network (VPN) support.[16] Building off of 1.1.1.1, Cloudflare announced Warp, a VPN for mobile devices that utilizes the WireGuard protocol alongside a subscription, Warp+, that uses Argo to increase speeds.[17]

In February 2023, Cloudflare announced Wildebeest, a Mastodon-compatible server that interacts with ActivityPub.[18] Wildebeest runs on Supercloud, a cloud computing platform.[19]

Other services

[edit]

Cloudflare proposed a Domain Name System (DNS) standard in December 2020 known as Oblivious DNS over HTTPS (ODoH), in collaboration with Apple and Fastly. The protocol implements a proxy server in between DNS connections and uses DNS over HTTPS to encrypt the request, thus concealing where the request came from and encrypting it. Cloudflare added ODoH capability to 1.1.1.1 upon its announcement.[20]

In September 2022, Cloudflare announced R2 Storage, a storage solution compatible with Amazon S3. The container registry Chainguard is platformed on R2 and billed as secure.[21]

References

[edit]
  1. ^ "Amended and Restated Certificate of Incorporation of the Corporation". U.S. Securities and Exchange Commission. August 30, 2019. Retrieved May 23, 2023.
  2. ^ Dress, Brad (September 4, 2022). "Web security firm Cloudflare drops anti-trans website over 'threat to human life'". The Hill. Retrieved September 4, 2022.
  3. ^ Mozur, Paul (September 13, 2015). "Baidu and CloudFlare Boost Users Over China's Great Firewall". The New York Times. Retrieved May 23, 2023.
  4. ^ Wong, Alan (June 21, 2014). "Cyberattack on Hong Kong Vote Was Among Largest Ever, Security Chief Says". The New York Times. Retrieved May 23, 2023.
  5. ^ Betjlich, Richard (September 15, 2015). "Dark Cloud: Why CloudFlare's Deal with Baidu Could Haunt US Tech Companies". Motherboard. Retrieved May 23, 2023.
  6. ^ Jan, Shahrez; Estevez, Scarleth; Small, Austin; Winter, Mike (April 8, 2017). "Cloudbleed". Network Security News. Retrieved May 23, 2023.
  7. ^ McCormick, Rich (February 23, 2017). "Passwords and dating site messages leaked by internet giant Cloudflare". The Verge. Retrieved May 23, 2023.
  8. ^ Mann, Joseph (February 25, 2022). "Impact of Ukraine-Russia war: Cybersecurity has improved for all". The Washington Post. Retrieved May 23, 2023.
  9. ^ Mann, Joseph (March 7, 2022). "Three cybersecurity companies to offer free protection to U.S. hospitals and utilities amid concerns of hacking attacks". The Washington Post. Retrieved May 23, 2023.
  10. ^ Mann, Joseph (March 16, 2022). "Apple and Google app stores remain available in Russia. Activists and officials say that's a good thing". The Washington Post. Retrieved May 23, 2023.
  11. ^ Perlroth, Nicole; Wortham, Jenna (April 3, 2014). "Tech Start-Ups Are Targets of Ransom Cyberattacks". The New York Times. Retrieved May 23, 2023.
  12. ^ Urbina, Ian (June 21, 2014). "Hacker Tactic: Holding Data Hostage". The New York Times. Retrieved May 23, 2023.
  13. ^ Peters, Jay (May 16, 2021). "Cloudflare says it's time to end CAPTCHA 'madness', launches new security key-based replacement". The Verge. Retrieved May 23, 2023.
  14. ^ Shakir, Umar (September 28, 2022). "Turnstile is Cloudflare's latest attempt to rid the web of CAPTCHAs". The Verge. Retrieved May 23, 2023.
  15. ^ Warren, Tom (April 1, 2018). "Cloudflare launches 1.1.1.1 DNS service that will speed up your internet". The Verge. Retrieved May 23, 2023.
  16. ^ Warren, Tom (November 12, 2018). "Cloudflare's speedy 1.1.1.1 DNS service now available on iOS and Android". The Verge. Retrieved May 23, 2023.
  17. ^ Porter, Jon (April 1, 2019). "Cloudflare is adding a free VPN to its 1.1.1.1 app". The Verge. Retrieved May 23, 2023.
  18. ^ Porter, Jon (February 10, 2023). "Cloudflare wants to help you set up your own Mastodon-compatible server in 'minutes'". The Verge. Retrieved May 23, 2023.
  19. ^ Hale, Craig (February 10, 2023). "Cloudflare unveils Mastodon-compatible server offering". TechRadar. Retrieved May 23, 2023.
  20. ^ Clark, Mitchell (December 8, 2020). "Cloudflare and Apple made a new DNS protocol to protect your data from ISPs". The Verge. Retrieved May 23, 2023.
  21. ^ Hay Newman, Lily (May 23, 2023). "There's Finally a Way to Secure a Crucial Piece of the Cloud". Wired. Retrieved May 23, 2023.