Monero exists to protect financial privacy in a world that systematically destroys it. Monero keeps finances confidential and secure. It is an act of resistance against surveillance.

Yet the project's official website getmonero.org sits behind Cloudflare, a corporate MITM layer that inspects, filters, and proxies encrypted connections. Cloudflare is the irresistible hub for mass-surveillance. Its use is fundamentally at odds with Monero's philosophy.

Every visitor to getmonero.org connects first to Cloudflare's infrastructure, not getmonero.org's servers. Cloudflare decrypts the TLS session, reads the traffic, decides whether it's "safe," and then re-encrypts it before forwarding. The result is that Cloudflare holds the keys for all HTTPS sessions on getmonero.org.

This means Cloudflare has full visibility into who visits getmonero.org, when, from where, and what content they retrieve. It builds the perfect telemetry system. It also enables MITM attacks by Cloudflare (e.g. under the pressure of intelligence agencies), they could deliver modified pages or malware to every visitor, or selectively target specific users (by IP, region, or fingerprint).

In 2015, fluffypony explained why getmonero.org uses Cloudflare:

  1. We don't have the money to run and maintain our own DDoS-resistant infrastructure
  2. We don't have the money to run and maintain our own CDN
  3. We have enough script-kiddies in the altcoin scene that CloudFlare is an unfortunate necessity (although we have CloudFlare's paranoia settings dialled as low as we can reasonably go)
  4. We will, in the next few months, have dedicated .onion addresses for the website and the forum that can be used in lieu of direct access

Is this situation still true? Do these arguments remain current?

Projects like torproject.org and wikileaks.org operate just fine without Cloudflare. They arguably face heavier scrutiny, more powerful adversaries, and greater DDoS pressure, yet still manage to uphold their principles.

If the Monero community cannot build resilient infrastructure without relying on Cloudflare, perhaps it's time to seek help from those who already do. If the core obstacle is funding, how much would it actually cost to move off Cloudflare? Could the community raise the necessary resources? Are there alternative solutions worth exploring?

Get your Monero wallet while Cloudflare's keeping a happy eye on you

Get your Monero wallet while Cloudflare's keeping a happy eye on you.