How are so many sites OK with using cloudflare when they are basically a MITM? - eviltoast

Regardless of whether or not you provide your own SSL certificates, cloudflare still uses their own between their servers and client browsers. So any SSL encrypted traffic is unencrypted at their end before being re-encrypted with your certificate. How can such an entity be trusted?

  • spottyPotty@alien.topOPB
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    The question was a more general one, and not specific to my personal data needs.

    The existence of such a ubiquitous centralised service that actually IS a MITM, whether they are malicious or not, seems curious to me.

    As they say, if the product is free, then you are the product. If people accept, but recognise, a loss of privacy when using free services from Google and meta, for example, knowing that the data they provide is used for personalised ads, then how come CF’s free tier isn’t viewed with the same level of scrutiny?