How are so many sites OK with using cloudflare when they are basically a MITM? - eviltoast

Regardless of whether or not you provide your own SSL certificates, cloudflare still uses their own between their servers and client browsers. So any SSL encrypted traffic is unencrypted at their end before being re-encrypted with your certificate. How can such an entity be trusted?

  • mkosmo@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    they don’t give a rats ass about any potential intellectual property theft. That risk has been written off

    That’s not true. It’s a mitigated risk through contract.

    • Emiroda@alien.top
      cake
      B
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      That’s true, I didn’t specify the circumstances.

      In the case of overt IP theft, the contract is the mitigating factor.

      However in the case of convert IP theft through systematic, transparent surveillance of traffic (what OP is alluding to), it’s something that you cannot really mitigate apart from just not being digitally present. Cloudflare is a player there, but so is any ISP and nation state who is curious enough. To be on the internet, you have to accept the risk that systematic surveillance can impact your intellectual property.

      In some cases, your mitigating factor is the law. But it’s really difficult to prove that Cloudflare might be sniffing your data and using the IP unlawfully and it’s downright impossible to prove that the NSA or foreign intelligence is using your IP.

      • mkosmo@alien.topB
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Let’s remember that Cloudflare is engaged in business with USG, so if they were doing that kind of nefarious stuff, it’d result in a bad time for a whole lot of folks.