16 posts
cloudflare Ending the "silent drop": how Dynamic Path MTU Discovery makes the Cloudflare One Client more resilient 2026-03-05 Koko Uko Rhett Griggs Todd Murray You’ve likely seen this support ticket countless times: a user’s Internet connection that worked just fine a moment ago for Slack…
cloudflare A QUICker SASE client: re-building Proxy Mode 2026-03-05 Koko Uko Logan Praneis Gregor Maier When you need to use a proxy to keep your zero trust environment secure, it often comes with a cost: poor performance for your users. Soon after deploying a client proxy, security teams…
cloudflare Mind the gap: new tools for continuous enforcement from boot to login 2026-03-04 Alex Holland Shahed El Baba Yi Huang Rhett Griggs One of our favorite ask-me-anything questions for company meetings or panels at security conferences is the classic: “What keeps you up at night?” F…
cloudflare Defeating the deepfake: stopping laptop farms and insider threats 2026-03-04 Ann Ming Samborski Trust is the most expensive vulnerability in modern security architecture. In recent years, the security industry has pivoted toward a zero trust model for networks — assuming breach…
cloudflare Moving from license plates to badges: the Gateway Authorization Proxy 2026-03-04 Ankur Aggarwal Alex Holland We often talk about the "ideal" state, one where every device has a managed client like the Cloudflare One Client installed, providing deep visibility and seamless protec…
cloudflare How Cloudy translates complex security into human action 2026-03-03 Ayush Kumar Alex Dunbrack Today’s security ecosystem generates a staggering amount of complex telemetry. For instance, processing a single email requires analyzing sender reputation, authentication results, link…
cloudflare See risk, fix risk: introducing Remediation in Cloudflare CASB 2026-03-03 Alex Dunbrack Michael Leslie Starting today, Cloudflare CASB customers can do more than see risky file-sharing across their SaaS apps: they can fix it, directly from the Cloudflare One dashboard. This laun…
cloudflare Beyond the blank slate: how Cloudflare accelerates your Zero Trust journey 2026-03-02 Michael Koyfman In the world of cybersecurity, "starting from scratch" is a double-edged sword. On one hand, you have a clean slate; on the other, you face a mountain of configurations, best pr…
cloudflare Toxic combinations: when small signals add up to a security incident 2026-02-27 Bashyam Anant Himanshu Anand At 3 AM, a single IP requested a login page. Harmless. But then, across several hosts and paths, the same source began appending ?debug=true — the sign of an attacker pro…
cloudflare Introducing Markdown for Agents 2026-02-12 Celso Martinho Will Allen The way content and businesses are discovered online is changing rapidly. In the past, traffic originated from traditional search engines, and SEO determined who got found first. Now the traffic is increasingly…
cloudflare How we mitigated a vulnerability in Cloudflare’s ACME validation logic 2026-01-19 Hrushikesh Deshpande Andrew Mitchell Leland Garofalo This post was updated on January 20, 2026. On October 13, 2025, security researchers from FearsOff identified and reported a vulnerability in Cl…
cloudflare Astro is joining Cloudflare 2026-01-16 Fred Schott Brendan Irvine-Broque The Astro Technology Company, creators of the Astro web framework, is joining Cloudflare. Astro is the web framework for building fast, content-driven websites. Over the past few years, we’ve seen an incred…
meta Messenger has enhanced the security of its end-to-end encrypted chats by launching key transparency, a system that provides an automated, verifiable record of public encryption keys. By moving beyond manual key comparisons, this feature ensures that users can verify their contacts' identities without technical friction, even when those contacts use multiple devices. This implementation allows Messenger to provide a higher level of assurance that no third party, including Meta, has tampered with or swapped the keys used to secure a conversation. ## The Role of Key Transparency in Encrypted Messaging * Provides a verifiable and auditable record of public keys, ensuring that messages are always encrypted with the correct keys for the intended recipient. * Prevents "man-in-the-middle" attacks by a compromised server by making any unauthorized key changes visible to the system. * Simplifies the user experience by automating the verification process, which previously required users to manually compare long strings of characters across every device their contact owned. ## Architecture and Third-Party Auditing * Built upon the open-source Auditable Key Directory (AKD) library, which was previously used to implement similar security properties for WhatsApp. * Partners with Cloudflare to act as a third-party auditor, maintaining a public Key Transparency Dashboard that allows anyone to verify the integrity of the directory. * Leverages an "epoch" system where the directory is updated and published frequently to ensure that the global log of keys remains current and immutable. ## Scaling for Global Messenger Traffic * Manages a massive database that has already grown to billions of entries, reflecting the high volume of users and the fact that Messenger indexes keys for every individual device a user logs into. * Operates at a high frequency, publishing a new epoch approximately every two minutes, with each update containing hundreds of thousands of new key entries. * Optimized the algorithmic efficiency of the AKD library to ensure that cryptographic proof sizes remain small and manageable, even as the number of updates for a single key grows over time. ## Infrastructure Resilience and Recovery * Improved the system's ability to handle temporary outages and long delays in key sequencing, drawing on two years of operational data from the WhatsApp implementation. * Replaced older proof methods that grew linearly with the height of the transparency tree with more efficient operations to maintain high availability and real-time verification speeds. * Established a robust recovery process to ensure that the transparency log remains consistent even after infrastructure disruptions. By automating the verification of encryption keys through a transparent, audited directory, Messenger has made sophisticated cryptographic security accessible to billions of users. This rollout represents a significant shift in how trust is managed in digital communications, replacing manual user checks with a seamless, background-level guarantee of privacy.
figma Behind the Plugins: Sam Mason de Caires, UX Engineer @ Cloudflare Maker Stories Profiles & interviews Plugins & tooling
figma Behind the Plugins: Sam Mason de Caires, UX Engineer @ Cloudflare Maker Stories Profiles & interviews Plugins & tooling