New standards for a faster and more private Internet
Cloudflare has introduced Zstandard compression for faster data processing and Encrypted Client Hello to enhance user privacy, improving website load times and overall user experience in digital environments.
Read original article
Cloudflare has introduced new standards aimed at enhancing internet speed and privacy, focusing on the implementation of the Zstandard (zstd) compression algorithm and the rollout of Encrypted Client Hello (ECH). Zstandard is a modern compression algorithm that offers data compression speeds 42% faster than Brotli while achieving similar compression levels. It also reduces file sizes by 11.3% compared to GZIP, which is crucial for improving website load times and user experience. The adoption of Zstandard is expected to significantly enhance performance, especially for dynamic content. Additionally, Cloudflare is advancing privacy measures with ECH, which prevents third parties from monitoring users' web activity by masking the Server Name Indication (SNI) during TLS handshakes. This means that only the user, Cloudflare, and the website owner can see which sites are being visited. Cloudflare's commitment to these technologies reflects a broader trend towards optimizing web performance and enhancing user privacy in an increasingly demanding digital landscape.
- Cloudflare has implemented Zstandard compression, which is faster and more efficient than existing algorithms.
- Zstandard compresses data 42% faster than Brotli and reduces file sizes compared to GZIP.
- Encrypted Client Hello (ECH) enhances user privacy by preventing third-party snooping on web activity.
- The new standards aim to improve website load times and overall user experience.
- Cloudflare continues to innovate in web technologies to meet growing demands for speed and security.
Related
The backbone behind Cloudflare's Connectivity Cloud
Cloudflare has increased its backbone capacity by over 500% since 2021, operating data centers in 330 cities globally, utilizing advanced technologies for efficient data transfer and enhancing connectivity, especially in Africa.
Comparing HTTP/3 vs. HTTP/2 Performance (2020)
Cloudflare has launched HTTP/3, enhancing internet performance with UDP, reducing head-of-line blocking, and offering 0-RTT support. Over 113,000 zones have activated it, showing mixed real-world performance results.
Discord Reduced WebSocket Traffic by 40%
Discord reduced websocket traffic by 40% by implementing zstandard compression, improving performance and bandwidth usage, especially on mobile, after adding streaming support and optimizing compression settings.
Speed Brain: helping web pages load 45% faster
Cloudflare's Speed Brain enhances web page loading speeds by up to 45% using the Speculation Rules API for prefetching content. It's free for all plans, with manual activation for paid users.
New standards for a faster and more private Internet (Zstandard, ECH, BBR)
Cloudflare has introduced Zstandard compression, which is 42% faster than Brotli and reduces file sizes by 11.3% compared to GZIP, alongside Encrypted Client Hello for enhanced user privacy.
- Concerns about privacy: Some commenters argue that ECH may not enhance privacy as intended, suggesting it centralizes data control with Cloudflare.
- Technical critiques: Users discuss the effectiveness of Zstandard compared to Brotli, questioning the benchmarks and compression levels used.
- Implications for censorship: ECH is seen as a potential tool for users in repressive regimes, but also raises concerns about enabling malicious actors.
- Performance skepticism: Some believe that the impact of Zstandard on user experience is minimal, primarily benefiting Cloudflare's resource management.
- Debate over trust: There are calls for caution regarding Cloudflare's control over standards and the potential for collusion in data handling.
20 commentsAnd while we're explaining things... ODoH (indirectly mentioned in the article via the Encrypted DNS link) comes with a big bold warning it's based on the fundamental premise that the proxy and the target servers do not collude. When both are operated by the same company, how can you know they aren't colluding? Is there some mechanic in the protocol to help protect users from colluding servers?
This isn't privacy. This is centralized snooping.
It's like Google's approach to third party cookies. Nobody other than Google can have tracking information.
These parameters are described in the v1.5.6 release notes [0]. ZSTD_c_targetCBlockSize is the most notable, but ZSTD_c_maxBlockSize can also be used for a lower CPU cost but larger compressed size.
Are you using these features at Cloudflare? If you need any help using these, or have any questions, please open an issue on Zstandard's GitHub!
Given how branchless algorithms are helping optimize not just network transport (compression) and even OS system libs (no citation for this one, but I’ve heard), that I really wish colleges begin teaching this along with DS/Algo course material.
Edit: just look at how many sites you're locked out of if you don't have JS enabled or run an uncommon configuration.
Given we now have two strictly better algorithms than gzip, I also wonder about a hybrid scheme that starts with Zstandard but switches to Brotli when the compression time is no longer significant for given request. We might even be able to cheaply convert the existing Zstandard stream into Brotli with some restrictions, as they are really LZSS behind the scene?
ECH seems directly opposed to Chinese governments control of the web.
They do not have anybody else's best interests at heart and are actively centralizing that which was explicitly intended to not be centralized.
CF blocks Tor; you can't get past the captcha.
ECH makes it hard to block known scam sites at the network layer, for example.
let the cat and mice game between deep packet inspection (DPI) vendors and the rest of the encrypted internet continue. it’ll be amusing to see what they come up with (inaccurate guessing game ai/ml “statistical analysis” is about all they’ve got left, especially against the large umbrella that is cloudflare).
game on, grab your popcorn, it will be fun to watch.
> Zstandard
I get "faster" but how does it make the internet "more private". The word "private" only shows up exactly once on that page, in the title.
Related
The backbone behind Cloudflare's Connectivity Cloud
Cloudflare has increased its backbone capacity by over 500% since 2021, operating data centers in 330 cities globally, utilizing advanced technologies for efficient data transfer and enhancing connectivity, especially in Africa.
Comparing HTTP/3 vs. HTTP/2 Performance (2020)
Cloudflare has launched HTTP/3, enhancing internet performance with UDP, reducing head-of-line blocking, and offering 0-RTT support. Over 113,000 zones have activated it, showing mixed real-world performance results.
Discord Reduced WebSocket Traffic by 40%
Discord reduced websocket traffic by 40% by implementing zstandard compression, improving performance and bandwidth usage, especially on mobile, after adding streaming support and optimizing compression settings.
Speed Brain: helping web pages load 45% faster
Cloudflare's Speed Brain enhances web page loading speeds by up to 45% using the Speculation Rules API for prefetching content. It's free for all plans, with manual activation for paid users.
New standards for a faster and more private Internet (Zstandard, ECH, BBR)
Cloudflare has introduced Zstandard compression, which is 42% faster than Brotli and reduces file sizes by 11.3% compared to GZIP, alongside Encrypted Client Hello for enhanced user privacy.