Cloudflare Canaries

Cloudflare is awesome – in many ways. Not the least of which is their support for Internet freedom. Twice a year, CF issues a Transparency Report, with the opening statement …

An essential part of earning and maintaining the trust of our customers is being transparent about the requests we receive from law enforcement and other governmental entities. To this end, Cloudflare publishes semi-annual updates to our Transparency Report on the requests we have received to disclose information about our customers.

A key component of each Transparency Report is the list of canaries. The concept is based on the old practice of keeping a canary in coal mine. If the canary dies, the air has gone bad so …. Run Away!

If the government comes after my data, they would certainly forbid Cloudflare from letting me know. But nothing forbids Cloudflare from letting me know that the government has not come after my data.

To date, the canaries include …

  • Cloudflare has never turned over our encryption or authentication keys or our customers’ encryption or authentication keys to anyone;
  • Cloudflare has never installed any law enforcement software or equipment anywhere on their network;
  • Cloudflare has never terminated a customer or taken down content due to political pressure;
  • Cloudflare has never provided any law enforcement organization a feed of customers’ content transiting their network.
  • Cloudflare has never modified the intended destination of DNS responses at the request of law enforcement or another third party;
  • Cloudflare has never weakened, compromised, or subverted any of its encryption at the request of law enforcement or another third party.

Cloudflare has stated that if it were ever ordered to do any of the above, the company would “exhaust all legal remedies” to protect customer data. If forced to comply, CF guarantees to remove the relevant canary from its Transparency Report.

If CF were forced to install law enforcement software, for example, they would not be permitted to announce it. But, canary #2 would fly away, disappearing from the list, loudly informing the CF community of exactly what has happened.

WPPOV supports freedom from Net Neutrality and the GDPR. The Internet of the people, by the people, for the people, shall not perish from the Earth.