How are so many sites OK with using cloudflare when they are basically a MITM? - eviltoast

Regardless of whether or not you provide your own SSL certificates, cloudflare still uses their own between their servers and client browsers. So any SSL encrypted traffic is unencrypted at their end before being re-encrypted with your certificate. How can such an entity be trusted?

  • nemec@alien.topB
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 year ago

    If your threat model includes the U.S. government you are in the very, very, very, very, very minority of the population of selfhosters.

    • amunak@alien.topB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Right, but it’s not necessary only about that; if you care about other people and/or you don’t want to give the US and their spy agencies more power - perhaps if they are opposed to what they do and the idea of mass surveillance in general (and that’s even if it doesn’t affect you directly, which is most likely the case) this is a pretty simple way to make sure that you aren’t contributing to it.

      It’s like with, I dunno, consumerism. If you don’t like it, just don’t do it since it opposes your views anyway. And sure your impact will be pretty small but it’s still easy to do and it’s kind of a win-win situation?