Stop using Cloudflare for the website -- or at least warn users that their data is shared #257
Comments
|
Thanks for your concern @bruceleerabbit 🙏 (I currently manage libretranslate.com). Cloudflare currently helps the website to stay online when it receives a lot of requests, as well as ban IPs/users that currently abuse the service. If you have an alternative service that is free and open source (and has the same features as cloudflare), send it our way. We're not going to rename the service, but you can certainly host your own server if you have privacy concerns (which you should always do, if these are important to you). |
Trading confidentiality for performance is a bad trade. It’s better to have a sluggish website than one that shares sensitive data with a bad actor.
This is a community bug report. It’s not about me. For me the problem is solved by running locally inside a This is about the people who discover Libretranslate; baited by “libre” and “Free and Open” to grant excessive trust unwittingly. Those words inspire trust. These people think they’ve dodged the surveillance capitalist behind Google Translate -- only to be led into the surveillance trap of another privacy abusing tech giant. You have the guy in that linked thread who was entirely oblivious to Cloudflare thinking he could feed other people’s sensitive medical records into LibreTranslate. Even if I were to publicly host an instance that has no surveillance capitalists in the loop & has a privacy policy suitable for sensitive docs, it doesn’t solve the problem because some people will still find the LibreTranslate trap. There should be a banner on that page that’s hard to miss. It should say: “all queries on this page are shared with Cloudflare, Inc., a separate entity not under our control. This service is not suitable for processing sensitive data. Data submitted on this page is done so at your own risk.” I see no case here for not informing your users. |
It is crazy that libretranslate uses Cloudflare, and allows a privacy-abusing tech giant to access all the sensitive translations that people may be using the service for -- without even warning the users.
First, there is no privacy policy. There should be.
Second, if Cloudflare is going to be used, there should be a loud and clear notice to all users that Cloudflare Inc. has visibility of all their translations despite the HTTPS padlock. And this should not be buried in the fine print of the privacy policy; it should be unavoidably loud.
Some of the Cloudflare risks and harms are documented here:
https://git.disroot.org/cyberMonk/liberethos_paradigm/src/branch/master/rap_sheets/cloudflare.md
Please consider renaming the service if Cloudflare usage continues. There is nothing “libre” about Cloudflare’s exclusive walled garden.
Related issue:
#251
The text was updated successfully, but these errors were encountered: