This post explains what those changes are, and why I'm making them.
The change (apart from some whitespace adjustment) is fairly simple - it adds a new section dealing with 3rd party CDNs:
Essentially this section has been added to disclose that I now deliver some content via a 3rd party CDN (currently BunnyCDN).
Reason for the Change
Back when GDPR came into effect, I wrote a post musing about the decision I needed to make around keeping the site online: do I continue with Google ads (since disabled) in order to fund infra, do I serve via Cloudflare (bringing it's own privacy issues)?
Running your own infra brings great privacy benefits for users, but also carries a real cost - not just the cost of the infra, but needing to be available to troubleshoot issues, do upgrades etc. For various reasons, I've decided that it's a cost I can't continue to bear.
However, the concerns I previously had with Cloudflare still niggled - they're a de-facto gatekeeper to the modern internet. I did run a limited trial though, and concluded the following
- Their engagement model absolutely sucks (having to point to their NS's unless you're paying >$200/mo? really? Just let me CNAME in)
- Their lower tiers lacks quite a lot of configurability unless you're willing to start stacking prices on top
I also looked at the rest of the consumer/retail CDN market - Fast.ly being an obvious contender. Ultimately, though, the mix of feature-set, privacy related features and cost differentiated BunnyCDN.
Having run A/B tests, I've reduced the amount of infra that I'm personally managing, and started routing most traffic via BunnyCDN - this has reduced my running costs (financial and mental) quite considerably, helping ensure the future of the site and it's various subdomains.
I do currently still have some infra - certain of my services are sufficiently privacy-sensitive that I decided against introducing a 3rd party. Other services (like mailarchives) was based purely on financial gut-feeling: do I really want to pay a 3rd party to deliver those bytes?
Tor users (whether direct via
.onion or opportunistic Tor connections) are unaffected by this change - those connections will continue to connect directly (well, via Tor) to my infra rather than transiting a 3rd party CDN.
The change is relatively minor, but helps me to protect the future of the services I offer - it reduces my financial and mental overheads, whilst mitigating the concerns I have with some of the other players in the CDN space.
It does also mean that end-user information is better insulated away from me too (I no longer know the IP address of anyone connecting), which is a little odd and might take a little bit of getting used to when troubleshooting.