Drew Naylor's Website banner image

Website SSL/TLS Certificate Update and Dumping Cloudflare

Just writing a quick blog post to let everyone know that I've switched my website to using Google's default nameservers and the "force HTTPS" option in the GitHub Pages settings, so that a Let's Encrypt certificate is now being used for HTTPS on my website instead of Cloudflare's one. What does this change offer you? Well,

  1. The peace-of-mind that I'm not using a service that (last I checked) is the registrar for, hosts part of, and protects a hate, harassment, doxxing, and stalking forum that has hacked, doxxed, SWATted, and driven its targets to suicide and doxxed, harassed, and hacked (etc.) their family members and their friends (this is enough reason to dump Cloudflare on its own, but there are more things I want to list)
  2. Fewer cookies due to not having Cloudflare's stuff here
  3. Probably better security in transit from GitHub to Google (my domain registrar, because I weirdly enough trust Google to not mess with me regarding my domain) since I don't think there's a chance for data to go over HTTP, unlike when I was using Cloudflare (due to how it had to be done when GitHub Pages didn't offer HTTPS for custom domains)
  4. Slightly unrelated, but I'm also using DNSSEC now, and that's being provided by Google

I thought Cloudflare would've acknowledged the problem and dropped them sooner, which is why I waited as long as I did to drop them. Plus I thought there would be a lot of work involved, but it was actually really easy. I feel uneasy about the idea of naming that forum because it just gives me a bad feeling, so I don't really want to take the chance of typing their name out.

On August 30, 2022, I updated this post to give a more accurate picture of the horrible nature of that forum, as well as updating the title to directly mention dumping Cloudflare.