Centralized Web Services Are Wonderful—Until They Go Wrong
When you centralize the Web, what happens when things go wrong?
That’s a question some companies will be asking themselves this week, after it came to light that Cloudflare—which helps many companies deliver websites to browsers—has been leaking private data. The firm had been running its services with a flaw, similar to the one that gave rise to the infamous Heartbleed bug of 2014, that meant it occasionally published sensitive user information, such as passwords, cookies, and IP addresses, where it didn't mean to, some of which was cached by search engines.
Cloudflare points out that the flaw meant that its servers leaked private information just once in every 3.3 million Web requests it dealt with. But such is the scale of Cloudflare’s operations that those numbers add up—and quickly. Among its clients are the likes of Uber, Fitbit, OKCupid, 4chan, and 1Password. All told, as many as 120,000 pages per day from 3,438 domains could have leaked data, and the bug remained undiscovered for over five months.
According to Cloudflare’s CEO, John Graham-Cumming, people shouldn’t worry. In a statement issued to the Wall Street Journal that could yet come back to haunt him, he explained that he wasn’t planning to change a single one of his passwords, adding that he thought the risk of them being leaked was “extremely, extremely small.” (If you’re not so confident, here’s what to do.)
But it’s a telling reminder of what can happen when a large number of users rely on a single service—and not every fault can be overcome with a password change. This week, some users of Google Wifi and OnHub wireless routers found that their Wi-Fi suddenly stopped working. The problem wasn’t their phone lines, but the fact that the hardware receives updates from a centralized cloud—and the latest contained a flaw, so lots of devices fell over at once.
And last year, the malevolent forces of a botnet of things was leveled at the domain name system host Dyn, which is used by thousands of websites to manage the process of pointing computers to the correct files when a user requests a Web page. The result: widespread Internet outages across the East coast.
None of this is to suggest that centralized Web services are a totally flawed idea. They're efficient, convenient, and affordable. But what happens when it’s a bank that leaks data? Or when smart locks are updated incorrectly via the cloud? Or when a botnet takes down Amazon Web Services, the cloud computing service that runs everything from Netflix video streaming to Centers for Disease Control and Prevention data analysis?
To be sure, these are pessimistic scenarios. But the stakes are high, and these examples highlight just how important security, reliability, and competency are for those companies that provide centralized Web services. Something, it would seem, that those companies still don’t always quite grasp.
(Read more: Wall Street Journal, ZD Net, “Massive Internet Outage Could Be a Sign of Things to Come,” “10 Breakthrough Technologies: Botnets of Things,” “Cybersecurity: The Age of the Megabreach”)
The inside story of how ChatGPT was built from the people who made it
Exclusive conversations that take us behind the scenes of a cultural phenomenon.
How Rust went from a side project to the world’s most-loved programming language
For decades, coders wrote critical systems in C and C++. Now they turn to Rust.
Design thinking was supposed to fix the world. Where did it go wrong?
An approach that promised to democratize design may have done the opposite.
Sam Altman invested $180 million into a company trying to delay death
Can anti-aging breakthroughs add 10 healthy years to the human life span? The CEO of OpenAI is paying to find out.
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.