undefined | Better HN

0 pointsxvector1y ago0 comments

Users cannot consent to Cloudflare seeing their traffic and it's not an issue.

Users consent to Facebook seeing their traffic and it's suddenly a problem?

0 comments

> Users cannot consent to Cloudflare seeing their traffic

Users consent to the website seeing their traffic and the website consents to Cloudflare doing the SSL termination. This isn't too much different from the website consenting to analytics scripts monitoring webpage activity (i.e. Hotjar). If they did something shady, then users & the website would both be rightfully mad at them. But Cloudflare hasn't, so far at least.

Meanwhile, Facebook is known to do literally everything shady that is possible to do with a user's data, as well as plenty of things that weren't even a thing before they invented entirely new methods of tracking and selling data, so it's rightfully insane to trust them with anything, especially website traffic that they have no rights to.

viraptor1y ago

Why would you idea stop at CF? Did they consent to hetzner / digital ocean / AWS / whatever hosting company seeing the traffic? The idea that the content producer decides how the content is served on the internet is the default.

LoganDark1y ago

They don't see the traffic unless they analyze the memory of your running server, because the SSL termination happens inside the server. Encrypted traffic passes through their network, which they don't have the keys for. Cloudflare, on the other paw, literally offers to do the SSL termination for you, as in they hold the private keys and perform the decryption on their servers that they control. Then they pass the decrypted traffic through their network in order to do things like "optimize" your images, or inject JavaScript into your pages. Website owners consent to this, but I guess the question here is whether users should need to consent to this website's traffic being handled in decrypted form by Cloudflare before that is actually done.

viraptor1y ago

They can see the traffic if you're using one of their load balancers. And even if not, snooping on VMs is pretty trivial. For example this project https://github.com/KVM-VMI/kvm-vmi makes it easy to look at memory / processes on a VM.

1 more reply

j / k navigate · click thread line to collapse

0 comments

LoganDark1y ago

> Users cannot consent to Cloudflare seeing their traffic

viraptor1y ago

LoganDark1y ago

viraptor1y ago

1 more reply

j / k navigate · click thread line to collapse