this post was submitted on 27 May 2024
857 points (96.6% liked)

Programmer Humor

32429 readers
970 users here now

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

founded 5 years ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] redcalcium@lemmy.institute 43 points 5 months ago (18 children)

Remember when google was beloved by everyone back then when they're still have "don't be evil" motto? Cloudflare right now is like google back then: super useful, provides a lot of free services that would be expensive on other providers. But unlike google, if cloudflare go full evil in the future, the impact will be much larger because they're an mitm proxy capable of seeing unencrypted traffics across all websites under their wing. Right now they're serving ~30% of top 10,000 websites and growing.

[–] CanadaPlus@lemmy.sdf.org 9 points 5 months ago (14 children)

Oh, okay, so I'm not wrong that they're good right now.

I'm a little unclear on how it works. Do they strip off HTTPS somehow? Otherwise, there's not too much unencrypted traffic around anymore.

[–] markstos@lemmy.world 13 points 5 months ago (10 children)

One of the services they provide is free SSL certificates. As part of that, they have the private key to decrypt the traffic. They aren’t trying to hide that— this is true of any service that hosts the SSL cert for your site.

[–] SugarSnack@lemm.ee 2 points 5 months ago (2 children)

Does that mean it wouldn't be an issue if you bring an SSL cert from say ZeroSSL but use Cloudflare for DNS, caching, DDoS protection etc?

[–] SirQuackTheDuck@lemmy.world 4 points 5 months ago

For DNS and DDoS protection that wouldn't directly be an issue.

For caching it would be breaking. You cannot cache what you cannot read (encrypted traffic can only be cached by the decrypting party).

[–] markstos@lemmy.world 3 points 5 months ago

It’s not who issues the cert that matters, it is who hosts it. Hosting it includes having the private key. You always have to trust your website host, full stop.

load more comments (7 replies)
load more comments (10 replies)
load more comments (13 replies)