Cloudflare: Difference between revisions
m Up to template standards |
Added password scanning incident |
||
| Line 6: | Line 6: | ||
[https://en.wikipedia.org/wiki/Cloudflare Cloudflare, Inc.] is an American company that offers a wide range of web services. Due to its widespread adoption, Cloudflare's services play a critical role in the modern web infrastructure. | [https://en.wikipedia.org/wiki/Cloudflare Cloudflare, Inc.] is an American company that offers a wide range of web services. Due to its widespread adoption, Cloudflare's services play a critical role in the modern web infrastructure. | ||
== Consumer impact summary == | ==Consumer impact summary== | ||
{{Placeholder box|Overview of concerns that arise from the company's conduct regarding (if applicable): | {{Placeholder box|Overview of concerns that arise from the company's conduct regarding (if applicable): | ||
* User Freedom | * User Freedom | ||
| Line 15: | Line 15: | ||
==Anti-consumer practices== | ==Anti-consumer practices== | ||
=== Forced ID theft and face recognition<!-- NEEDS more refs covering this incident --> === | ===Forced ID theft and face recognition<!-- NEEDS more refs covering this incident -->=== | ||
A full day after the sale of domain names, Cloudflare sends the customer a demand to present an ID card and their face in an automated video call with the third party Stripe within 24 hours to be analyzed by a face recognition system, threatening to cancel the sale unless the customer fulfills this requirement that the customer was not informed about before the sale, thereby making the domain names available for squatters to grab. The customer can lose their domain names either by simply not checking their email for 24 hours, which is likely as the sale has already completed and the customer has no reason to check their email again, or by the customer not agreeing to the procedure, which the customer should not, as ID cards are not made for use online. The customer's bank already has a procedure for verifying online purchases by popping up the bank app that has already been verified by visiting the bank in person, showing an ID card to a real person and signing a paper by hand. Stripe could have done like everyone else and delegate the procedure to the bank instead of inventing their own. | A full day after the sale of domain names, Cloudflare sends the customer a demand to present an ID card and their face in an automated video call with the third party Stripe within 24 hours to be analyzed by a face recognition system, threatening to cancel the sale unless the customer fulfills this requirement that the customer was not informed about before the sale, thereby making the domain names available for squatters to grab. The customer can lose their domain names either by simply not checking their email for 24 hours, which is likely as the sale has already completed and the customer has no reason to check their email again, or by the customer not agreeing to the procedure, which the customer should not, as ID cards are not made for use online. The customer's bank already has a procedure for verifying online purchases by popping up the bank app that has already been verified by visiting the bank in person, showing an ID card to a real person and signing a paper by hand. Stripe could have done like everyone else and delegate the procedure to the bank instead of inventing their own. | ||
| Line 29: | Line 29: | ||
</gallery> | </gallery> | ||
== References == | === Password scanning of website visitors === | ||
From September to November 2024 Cloudflare was scanning the passwords users entered on websites without obtaining the users' consent<ref>https://blog.cloudflare.com/password-reuse-rampant-half-user-logins-compromised/</ref> | |||
==References== | |||
<references /> | <references /> | ||
[[Category:Cloudflare]] | [[Category:Cloudflare]] | ||