I'm starting to understand the very real danger CDN's (content delivery network) pose to internet security, privacy, and anonymity. Someone correct me if I'm wrong in the following:
You've probably noticed those cloudflare windows that popup. Cloudflare is a popular CDN.
So, imagine you're doing this: home computer->vpn->youtube.
Well, you're actually going through cloudflare in there, so it actually is: computer->vpn->cloudflare->youtube.
You're still pretty anonymous, but cloudflare creates a fingerprint ID of your browser's settings.
So you go on and visit a bunch of other sites through your vpn, assuming all of it is anonymous. It is, still, but you're also going through cloudflare for many of those sites as well, and cloudflare is attaching that fingerprint ID to each.
And this is where your anonymity and privacy can be broken: When you then log into any website that holds any real, personal identifying information (gmail, youtube to earn money, twitch to earn money, bank account, telegram which you opened using a phone number thus attaching your real identity), cloudflare may now possibly acquire that personal identifying information.
You may say, 'But I connected through an SSL or HTTPS tunnel!'
Okay, but how does that work?
There are two kinds of encrypted tunnels: end-to-end and terminated tunnels. And it is the WEBSITE that determines which will be used for any given content it sends. So, you have to trust that that website is using end-to-end when real identifying information is being sent. Let's say the website lets you log in using an end-to-end encryption tunnel, but then for the rest of the session it uses a terminated encryption tunnel, meaning the information is sent to the CDN which then decides which content (pictures, video, etc.) it to deliver, encrypts it and sends on to you. So, in this situation, the CDN is able to see your real name and other personal identifying information that passes through it from the website.
It can then go and append that real identifying information to all your other connections that it knows of via the fingerprint ID it made identifying your browser.
So, the question becomes, how can I minimize this privacy, security threat posed by websites using CDNs?
Installing a browser extension like Decentraleyes may help. Although, I'm not sure how much it helps.
The other is to use a vpn that actively helps your efforts to fight these types of identifying tricks. I haven't done a lot of research for in this, so I currently know only of: https://simplifiedprivacy.com/ I'm sure there must be others.