this post was submitted on 22 Jun 2024
16 points (100.0% liked)

Neurodivergence

3249 readers
1 users here now

All things neurodivergent and relating to the broader neurodivergent community (and communities).

See also this community's sister subs Feminism, LGBTQ+, Disability, and POC


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] t3rmit3 2 points 4 months ago

Cloudflare is a “potential” MITM: they claim not to read the traffic… but as a TLS terminator, they get the ability to read it without anyone’s knowledge.

Yes, and this is also true for AWS ALBs and any other hosted reverse-proxies that do SSL offloading/ termination. Hell, it's even worse for AWS in general, since they also have potential access to your databases and instances, nevermind SecretsManager info that you just directly give them. It's just such a weird thing to specifically only harp on Cloudflare like that site is.

Besides, the only real threat actor I can see them being worried about with CF is the USFG, since they're the only ones I could see being able to compel CF to break their customer contracts like this. And if the USFG is your presumed threat actor, and you're in the US, you're not going to "out-security" them by avoiding Cloudflare.