They’re all uppity that to use cloudflare proxy they have to terminate the ssl connection there. So technically cloudflare can sniff all the traffic. But that’s kind of the point of WAFs and Reverse Proxies.
I would argue that the sheer amount of data throughput that Cloudflare has, you’d have to really be on a list to be monitored… and they certainly cannot just log all data willy nilly.
I suppose this one is quite simple. How can they cache, if they don’t MitM the connection? I don’t think it would be technically possible. If you want the cache/CDN you just need to use a company you trust. If you don’t trust them then you don’t get the cache/CDN.
Correct. But people are viewing the DDOS protection, Cache, WAF, etc… functions as evidence that Cloudflare is obviously malicious and storing 100% of all data traversing them.
I’ve seen no evidence of that yet, and will certainly discontinue use of them if they show such tendencies. Until then, I will absolutely leverage their platform for my use as a paying customer.
I do understand the fear with their free platform though… They’ve gotta make money somehow, and I feel there’s probably a fear that is data collection.
I might be missing something but the document seems to be comparing Cloudflare to the great firewall of China and calling them criminal because of things they could potentially do?
What’s cloudflare done?
Cloudflare has human checks before you can access some sites. Some apps and screenreaders no longer work with those sites.
They’re all uppity that to use cloudflare proxy they have to terminate the ssl connection there. So technically cloudflare can sniff all the traffic. But that’s kind of the point of WAFs and Reverse Proxies.
I would argue that the sheer amount of data throughput that Cloudflare has, you’d have to really be on a list to be monitored… and they certainly cannot just log all data willy nilly.
I suppose this one is quite simple. How can they cache, if they don’t MitM the connection? I don’t think it would be technically possible. If you want the cache/CDN you just need to use a company you trust. If you don’t trust them then you don’t get the cache/CDN.
Correct. But people are viewing the DDOS protection, Cache, WAF, etc… functions as evidence that Cloudflare is obviously malicious and storing 100% of all data traversing them.
I’ve seen no evidence of that yet, and will certainly discontinue use of them if they show such tendencies. Until then, I will absolutely leverage their platform for my use as a paying customer.
I do understand the fear with their free platform though… They’ve gotta make money somehow, and I feel there’s probably a fear that is data collection.
No high-profile cases yet, but some people are already concerned: https://crimeflare.eu.org/
Doesn’t load, maybe they need Cloudflare lol (i’m joking don’t send me to internet hell) Wayback doesn’t seem to work with it either
I might be missing something but the document seems to be comparing Cloudflare to the great firewall of China and calling them criminal because of things they could potentially do?
Only works on http, and just redirects to https://0xacab.org/dCF/deCloudflare/-/blob/master/README.md
It would help if that site wouldn’t look like it was written by some crazy person trying to make a shitpost…