- Nov 8, 2016
- 574
Despite the issues, i'm glad with Cloudflare results. It was better than i expected... It had some flaws but they weren't critics and they seem committed to be clear about them.
For example, Cloudflare originally stated that no querying IP addresses are ever written to disk. The KPMG audit, though, discovered that Cloudflare Netflow/Sflow network-wide monitoring implementation would retain ".05% of all packets" passing through their network, including the IP addresses of DNS queries.
"We want to be fully transparent that during the examination we uncovered that our routers randomly capture up to 0.05% of all requests that pass through them, including the querying IP address of resolver users. We do this separately from the 1.1.1.1 service for all traffic passing into our network and we retain such data for a limited period of time for use in connection with network troubleshooting and mitigating denial of service attacks," John Graham-Cumming, CTO of Cloudflare, stated in a blog post.
Cloudflare had also stated that all logs were wiped within 24-hours, but the audit revealed that the logs are wiped within 25 hours and some anonymized data is kept indefinitely.
According to KPMG's audit, while there were some issues found, Cloudflare was found to be configured in a way that supports their public commitments to privacy.