Skip to Content

Centralized Web Services Are Wonderful—Until They Go Wrong

When thousands of companies use a single Web services company, even small mistakes can prove catastrophic.
February 24, 2017

When you centralize the Web, what happens when things go wrong?

That’s a question some companies will be asking themselves this week, after it came to light that Cloudflare—which helps many companies deliver websites to browsers—has been leaking private data. The firm had been running its services with a flaw, similar to the one that gave rise to the infamous Heartbleed bug of 2014, that meant it occasionally published sensitive user information, such as passwords, cookies, and IP addresses, where it didn't mean to, some of which was cached by search engines.

Cloudflare points out that the flaw meant that its servers leaked private information just once in every 3.3 million Web requests it dealt with. But such is the scale of Cloudflare’s operations that those numbers add up—and quickly. Among its clients are the likes of Uber, Fitbit, OKCupid, 4chan, and 1Password. All told, as many as 120,000 pages per day from 3,438 domains could have leaked data, and the bug remained undiscovered for over five months.

According to Cloudflare’s CEO, John Graham-Cumming, people shouldn’t worry. In a statement issued to the Wall Street Journal that could yet come back to haunt him, he explained that he wasn’t planning to change a single one of his passwords, adding that he thought the risk of them being leaked was “extremely, extremely small.” (If you’re not so confident, here’s what to do.)

But it’s a telling reminder of what can happen when a large number of users rely on a single service—and not every fault can be overcome with a password change. This week, some users of Google Wifi and OnHub wireless routers found that their Wi-Fi suddenly stopped working. The problem wasn’t their phone lines, but the fact that the hardware receives updates from a centralized cloud—and the latest contained a flaw, so lots of devices fell over at once.

And last year, the malevolent forces of a botnet of things was leveled at the domain name system host Dyn, which is used by thousands of websites to manage the process of pointing computers to the correct files when a user requests a Web page. The result: widespread Internet outages across the East coast.

None of this is to suggest that centralized Web services are a totally flawed idea. They're efficient, convenient, and affordable. But what happens when it’s a bank that leaks data? Or when smart locks are updated incorrectly via the cloud? Or when a botnet takes down Amazon Web Services, the cloud computing service that runs everything from Netflix video streaming to Centers for Disease Control and Prevention data analysis?

To be sure, these are pessimistic scenarios. But the stakes are high, and these examples highlight just how important security, reliability, and competency are for those companies that provide centralized Web services. Something, it would seem, that those companies still don’t always quite grasp.

(Read more: Wall Street Journal,  ZD Net,  “Massive Internet Outage Could Be a Sign of Things to Come,” “10 Breakthrough Technologies: Botnets of Things,” “Cybersecurity: The Age of the Megabreach”)

Keep Reading

Most Popular

Scientists are finding signals of long covid in blood. They could lead to new treatments.

Faults in a certain part of the immune system might be at the root of some long covid cases, new research suggests.

Large language models can do jaw-dropping things. But nobody knows exactly why.

And that's a problem. Figuring it out is one of the biggest scientific puzzles of our time and a crucial step towards controlling more powerful future models.

OpenAI teases an amazing new generative video model called Sora

The firm is sharing Sora with a small group of safety testers but the rest of us will have to wait to learn more.

Google’s Gemini is now in everything. Here’s how you can try it out.

Gmail, Docs, and more will now come with Gemini baked in. But Europeans will have to wait before they can download the app.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.