Hello,

We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.

Connectivity

Centralized Web Services Are Wonderful—Until They Go Wrong

When thousands of companies use a single Web services company, even small mistakes can prove catastrophic.

When you centralize the Web, what happens when things go wrong?

That’s a question some companies will be asking themselves this week, after it came to light that Cloudflare—which helps many companies deliver websites to browsers—has been leaking private data. The firm had been running its services with a flaw, similar to the one that gave rise to the infamous Heartbleed bug of 2014, that meant it occasionally published sensitive user information, such as passwords, cookies, and IP addresses, where it didn't mean to, some of which was cached by search engines.

Cloudflare points out that the flaw meant that its servers leaked private information just once in every 3.3 million Web requests it dealt with. But such is the scale of Cloudflare’s operations that those numbers add up—and quickly. Among its clients are the likes of Uber, Fitbit, OKCupid, 4chan, and 1Password. All told, as many as 120,000 pages per day from 3,438 domains could have leaked data, and the bug remained undiscovered for over five months.

According to Cloudflare’s CEO, John Graham-Cumming, people shouldn’t worry. In a statement issued to the Wall Street Journal that could yet come back to haunt him, he explained that he wasn’t planning to change a single one of his passwords, adding that he thought the risk of them being leaked was “extremely, extremely small.” (If you’re not so confident, here’s what to do.)

But it’s a telling reminder of what can happen when a large number of users rely on a single service—and not every fault can be overcome with a password change. This week, some users of Google Wifi and OnHub wireless routers found that their Wi-Fi suddenly stopped working. The problem wasn’t their phone lines, but the fact that the hardware receives updates from a centralized cloud—and the latest contained a flaw, so lots of devices fell over at once.

And last year, the malevolent forces of a botnet of things was leveled at the domain name system host Dyn, which is used by thousands of websites to manage the process of pointing computers to the correct files when a user requests a Web page. The result: widespread Internet outages across the East coast.

None of this is to suggest that centralized Web services are a totally flawed idea. They're efficient, convenient, and affordable. But what happens when it’s a bank that leaks data? Or when smart locks are updated incorrectly via the cloud? Or when a botnet takes down Amazon Web Services, the cloud computing service that runs everything from Netflix video streaming to Centers for Disease Control and Prevention data analysis?

To be sure, these are pessimistic scenarios. But the stakes are high, and these examples highlight just how important security, reliability, and competency are for those companies that provide centralized Web services. Something, it would seem, that those companies still don’t always quite grasp.

(Read more: Wall Street Journal,  ZD Net,  “Massive Internet Outage Could Be a Sign of Things to Come,” “10 Breakthrough Technologies: Botnets of Things,” “Cybersecurity: The Age of the Megabreach”)

Tech Obsessive?
Become an Insider to get the story behind the story — and before anyone else.

Subscribe today

Uh oh–you've read all of your free articles for this month.

Insider Premium
$179.95/yr US PRICE

More from Connectivity

What it means to be constantly connected with each other and vast sources of information.

Want more award-winning journalism? Subscribe to Insider Plus.
  • Insider Plus {! insider.prices.plus !}*

    {! insider.display.menuOptionsLabel !}

    Everything included in Insider Basic, plus the digital magazine, extensive archive, ad-free web experience, and discounts to partner offerings and MIT Technology Review events.

    See details+

    What's Included

    Unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

    Bimonthly print magazine (6 issues per year)

    Bimonthly digital/PDF edition

    Access to the magazine PDF archive—thousands of articles going back to 1899 at your fingertips

    Special interest publications

    Discount to MIT Technology Review events

    Special discounts to select partner offerings

    Ad-free web experience

/
You've read all of your free articles this month. This is your last free article this month. You've read of free articles this month. or  for unlimited online access.