Comment by zzzcpan
8 years ago
"Cloudflare undermines that entirely. "
In their defense, this is a flaw of the whole SSL/TLS security model. I think even Google did that before Snowden, presented you with https:// urls but proxied everything in clear text (they claim they don't do it now). Still, you can be pretty sure that many https websites might pass traffic in clear text to their backends and not necessary take security even a little bit seriously.
Google at least proxied everything over their own private fiber. Cloudflare proxies it over the public internet on a long route (since they terminate SSL as close to the client as possible).
Private fiber in other people's datacenters. Better I suppose, but not much.
Unencrypted over private fiber and unencrypted over the public internet are worlds apart.
1 reply →