Skip to Content

Centralized Web Services Are Wonderful—Until They Go Wrong

When thousands of companies use a single Web services company, even small mistakes can prove catastrophic.
February 24, 2017

When you centralize the Web, what happens when things go wrong?

That’s a question some companies will be asking themselves this week, after it came to light that Cloudflare—which helps many companies deliver websites to browsers—has been leaking private data. The firm had been running its services with a flaw, similar to the one that gave rise to the infamous Heartbleed bug of 2014, that meant it occasionally published sensitive user information, such as passwords, cookies, and IP addresses, where it didn't mean to, some of which was cached by search engines.

Cloudflare points out that the flaw meant that its servers leaked private information just once in every 3.3 million Web requests it dealt with. But such is the scale of Cloudflare’s operations that those numbers add up—and quickly. Among its clients are the likes of Uber, Fitbit, OKCupid, 4chan, and 1Password. All told, as many as 120,000 pages per day from 3,438 domains could have leaked data, and the bug remained undiscovered for over five months.

According to Cloudflare’s CEO, John Graham-Cumming, people shouldn’t worry. In a statement issued to the Wall Street Journal that could yet come back to haunt him, he explained that he wasn’t planning to change a single one of his passwords, adding that he thought the risk of them being leaked was “extremely, extremely small.” (If you’re not so confident, here’s what to do.)

But it’s a telling reminder of what can happen when a large number of users rely on a single service—and not every fault can be overcome with a password change. This week, some users of Google Wifi and OnHub wireless routers found that their Wi-Fi suddenly stopped working. The problem wasn’t their phone lines, but the fact that the hardware receives updates from a centralized cloud—and the latest contained a flaw, so lots of devices fell over at once.

And last year, the malevolent forces of a botnet of things was leveled at the domain name system host Dyn, which is used by thousands of websites to manage the process of pointing computers to the correct files when a user requests a Web page. The result: widespread Internet outages across the East coast.

None of this is to suggest that centralized Web services are a totally flawed idea. They're efficient, convenient, and affordable. But what happens when it’s a bank that leaks data? Or when smart locks are updated incorrectly via the cloud? Or when a botnet takes down Amazon Web Services, the cloud computing service that runs everything from Netflix video streaming to Centers for Disease Control and Prevention data analysis?

To be sure, these are pessimistic scenarios. But the stakes are high, and these examples highlight just how important security, reliability, and competency are for those companies that provide centralized Web services. Something, it would seem, that those companies still don’t always quite grasp.

(Read more: Wall Street Journal,  ZD Net,  “Massive Internet Outage Could Be a Sign of Things to Come,” “10 Breakthrough Technologies: Botnets of Things,” “Cybersecurity: The Age of the Megabreach”)

Keep Reading

Most Popular

open sourcing language models concept
open sourcing language models concept

Meta has built a massive new language AI—and it’s giving it away for free

Facebook’s parent company is inviting researchers to pore over and pick apart the flaws in its version of GPT-3

transplant surgery
transplant surgery

The gene-edited pig heart given to a dying patient was infected with a pig virus

The first transplant of a genetically-modified pig heart into a human may have ended prematurely because of a well-known—and avoidable—risk.

Muhammad bin Salman funds anti-aging research
Muhammad bin Salman funds anti-aging research

Saudi Arabia plans to spend $1 billion a year discovering treatments to slow aging

The oil kingdom fears that its population is aging at an accelerated rate and hopes to test drugs to reverse the problem. First up might be the diabetes drug metformin.

Yann LeCun
Yann LeCun

Yann LeCun has a bold new vision for the future of AI

One of the godfathers of deep learning pulls together old ideas to sketch out a fresh path for AI, but raises as many questions as he answers.

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.