this post was submitted on 27 May 2024
853 points (96.7% liked)
Programmer Humor
32380 readers
1118 users here now
Post funny things about programming here! (Or just rant about your favourite programming language.)
Rules:
- Posts must be relevant to programming, programmers, or computer science.
- No NSFW content.
- Jokes must be in good taste. No hate speech, bigotry, etc.
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Remember when google was beloved by everyone back then when they're still have "don't be evil" motto? Cloudflare right now is like google back then: super useful, provides a lot of free services that would be expensive on other providers. But unlike google, if cloudflare go full evil in the future, the impact will be much larger because they're an mitm proxy capable of seeing unencrypted traffics across all websites under their wing. Right now they're serving ~30% of top 10,000 websites and growing.
Oh, okay, so I'm not wrong that they're good right now.
I'm a little unclear on how it works. Do they strip off HTTPS somehow? Otherwise, there's not too much unencrypted traffic around anymore.
One of the services they provide is free SSL certificates. As part of that, they have the private key to decrypt the traffic. They aren’t trying to hide that— this is true of any service that hosts the SSL cert for your site.
Does that mean it wouldn't be an issue if you bring an SSL cert from say ZeroSSL but use Cloudflare for DNS, caching, DDoS protection etc?
For DNS and DDoS protection that wouldn't directly be an issue.
For caching it would be breaking. You cannot cache what you cannot read (encrypted traffic can only be cached by the decrypting party).
It’s not who issues the cert that matters, it is who hosts it. Hosting it includes having the private key. You always have to trust your website host, full stop.