Hacker News new | comments | show | ask | jobs | submit login

> I often feel a bit bad about using Cloudflare for my blog, as it exposes users to a potential layer of tracking.

We're not tracking your users.

Which is why I said potential rather than actual. Having users terminate their connection at Cloudflare always adds an extra layer, and a dependency on a US corporation and therefore subject to the US legal system.

It's not totally ideal. But I'm glad to hear you're trying your best.

We're not tracking your users.

As far as you're allowed to admit by NSL's, you mean :-)

Intentions != Guarantees

I was under the impression a NSL could not force the recipient to do work to comply. For example, they could hand over information they currently have, but they cannot insert a backdoor/vulnerability to start collecting data they previously didn't.

They presumably have some short term logging. Collecting those over a longer period = tracking.

> We're not tracking your users.

Which is why the parent poster said "potential". You're not tracking, but you could be.

Couldn't the same be said about any web service, like DuckDuckGo?

It could, and OP would probably feel icky about serving their site through DuckDuckGo as well.

It's not just about serving the sites, it's about any company that claims they don't track users.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact