> As the visitor, you there's no big sign saying 'Cloudflare can read this content as well as the origin website'. They're trusted to not be malicious sure, but there's a massive risk with using any sort of service like this that you don't control.

In that case there is no way that company is not hooked into the intelligence services. I am certain they do go through the ceremony of legality for many actions but it is unreasonable to think no intelligence service has attempted to critically penetrate it. Add the mix of ideology du jour of the SV "VC intelligentcia" and software youth brigades.

You are entirely correct to point out that it is our "trust" that is taken for granted. And granted to CloudFlare by SV, YCombinator, and of course HackerNews itself that dumps on any voices raising concerns over these obvious "massive risks" so that the unauthorized delegation of trust is done behind our backs by capital and other interested parties. DDoS prevention is kind of like kiddie porn prevention, a perfect pretext for openning the door to equally serious violations, of our trust and rights.