Shields: Evaluate other CDNs

KeyCDN offers opensource sponsoring https://www.keycdn.com/open-source-cdn

Perhaps tangentially related... Food for thought from FOSDEM https://blog.powerdns.com/2019/02/07/the-big-dns-privacy-debate-at-fosdem/

@techknowlogick Have you used KeyCDN?

I haven't used them, but I some open source project I use are sponsored by them. Fastly (another CDN I don't have direct experience with, although some open source projects I use are also sponsored by them) does sponsor projects as well https://www.fastly.com/open-source

This probably goes without saying, but I assume we'd want a CDN provider that maintains the DOS features we want/need just minus tracking cookies 😉

Market share trends for reverse proxy services for websites TTM /cc @jesusvazquez

Just want to reiterate that the Shields application can be self-hosted really easily, guide on self hosting can be found here

I do this myself at my day job (via Docker) so we can connect to private projects/services, but if anyone has any pressing needs/concerns around the CloudFlare cookie that comes with the Shields.io service at the moment, then running a self-hosted instance of the Shields application is definitely an option we'd recommend.

You'd have access to all the same capabilities/badges, but there'd be no CDN/CloudFlare cookie

It should run just fine, even on a small server (you could probably even run it on an f1-micro VM in GCP which Google offers for free in perpetuity😄 )

@calebcartwright could you open your CI and docker images? if not, that's okay too.

@jhabdas - Sorry unfortunately I can't make that visible (it all resides on a private corporate network).

I think one day we'll try to get around to publishing the Shields image out on Dockerhub, but for now folks will have to first build the docker image themselves.

If you (or anyone else) run into any errors/issues, have any questions, etc. while trying to build the image and/or run the container let us know! Just open a new issue with the relevant info and we'll be happy to help.

Another reason _not_ to use CloudFlare:

https://github.com/bitpay/copay/issues/9070

Depending on which country you are, CloudFlare, our Content Delivery Network provider might be blocking your request.

They're centralized enough they could be blocking requests to use Bitcoin SPV clients such as the one linked. Cookies are just icing on the cake. Please leave this provider.

Cloudflare could disable cookie, for example, jsDelivr has Cloudflare disabled cookie for their domain cdn.jsdelivr.net.

It looks like Enterprise customers can do that. I think we could get a free enterprise plan as an OSS project (though currently we're on the free plan).

Also worth considering, from https://support.cloudflare.com/hc/en-us/articles/200170156-Understanding-the-Cloudflare-Cookies:

Enterprise customers may request to disable the _cfduid cookie by contacting Cloudflare Support, but Cloudflare’s ability to detect and mitigate the impact of malicious visitors to a Customer’s website will be significantly impacted. While some speed recommendations suggest eliminating cookies for static resources, the performance implications are minimal.

I think until cloudflare cookie is removed the "no tracking" promise should be removed from the homepage.