CloudFlare should be run by the CIA or something - asthonishing MITM opportunities. The only clear sign the CIA is not deeply involved is that CloudFlare is far too competent.
It blows my mind how most of the otherwise savvy readers of HN completely gloss over the fact that Cloudflare unwraps TLS on most their internet traffic.
I trust that the current leadership might not do something evil, but they are publicly traded. At some point a group of investors are going to figure out that merging Cloudflare with an advertising network would create a level of user targeting that Google and Facebook could never dream of.
Governments in Europe and elsewhere are already working on legislation to mitigate e2e encryption by law. Regulating things like cloudflare as they have already done with ISPs to hand over data is not even much of an imagination leap. For example in the UK all time:srcip:destip:user data must be kept for 1 year for every residential ISP and provided to government departments (not even law enforcement) through a standard system
CloudFlare should be run by the CIA or something - asthonishing MITM opportunities. The only clear sign the CIA is not deeply involved is that CloudFlare is far too competent.