Centralized Web Services Are Wonderful—Until They Go Wrong
When you centralize the Web, what happens when things go wrong?
That’s a question some companies will be asking themselves this week, after it came to light that Cloudflare—which helps many companies deliver websites to browsers—has been leaking private data. The firm had been running its services with a flaw, similar to the one that gave rise to the infamous Heartbleed bug of 2014, that meant it occasionally published sensitive user information, such as passwords, cookies, and IP addresses, where it didn't mean to, some of which was cached by search engines.
Cloudflare points out that the flaw meant that its servers leaked private information just once in every 3.3 million Web requests it dealt with. But such is the scale of Cloudflare’s operations that those numbers add up—and quickly. Among its clients are the likes of Uber, Fitbit, OKCupid, 4chan, and 1Password. All told, as many as 120,000 pages per day from 3,438 domains could have leaked data, and the bug remained undiscovered for over five months.
According to Cloudflare’s CEO, John Graham-Cumming, people shouldn’t worry. In a statement issued to the Wall Street Journal that could yet come back to haunt him, he explained that he wasn’t planning to change a single one of his passwords, adding that he thought the risk of them being leaked was “extremely, extremely small.” (If you’re not so confident, here’s what to do.)
But it’s a telling reminder of what can happen when a large number of users rely on a single service—and not every fault can be overcome with a password change. This week, some users of Google Wifi and OnHub wireless routers found that their Wi-Fi suddenly stopped working. The problem wasn’t their phone lines, but the fact that the hardware receives updates from a centralized cloud—and the latest contained a flaw, so lots of devices fell over at once.
And last year, the malevolent forces of a botnet of things was leveled at the domain name system host Dyn, which is used by thousands of websites to manage the process of pointing computers to the correct files when a user requests a Web page. The result: widespread Internet outages across the East coast.
None of this is to suggest that centralized Web services are a totally flawed idea. They're efficient, convenient, and affordable. But what happens when it’s a bank that leaks data? Or when smart locks are updated incorrectly via the cloud? Or when a botnet takes down Amazon Web Services, the cloud computing service that runs everything from Netflix video streaming to Centers for Disease Control and Prevention data analysis?
To be sure, these are pessimistic scenarios. But the stakes are high, and these examples highlight just how important security, reliability, and competency are for those companies that provide centralized Web services. Something, it would seem, that those companies still don’t always quite grasp.
(Read more: Wall Street Journal, ZD Net, “Massive Internet Outage Could Be a Sign of Things to Come,” “10 Breakthrough Technologies: Botnets of Things,” “Cybersecurity: The Age of the Megabreach”)
Geoffrey Hinton tells us why he’s now scared of the tech he helped build
“I have suddenly switched my views on whether these things are going to be more intelligent than us.”
ChatGPT is going to change education, not destroy it
The narrative around cheating students doesn’t tell the whole story. Meet the teachers who think generative AI could actually make learning better.
Meet the people who use Notion to plan their whole lives
The workplace tool’s appeal extends far beyond organizing work projects. Many users find it’s just as useful for managing their free time.
Learning to code isn’t enough
Historically, learn-to-code efforts have provided opportunities for the few, but new efforts are aiming to be inclusive.
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.