Comment by Sophira
1 day ago
While I understand (and agree with) the general sentiment of what you're saying, you are not correct in saying that this is end-to-end encryption, and HTTPS itself does not guarantee that end-to-end encryption is in use.
In this case, there's an explicit middle point - chatgpt.com resolves to a CloudFlare server, so CloudFlare is actually one of the ends here. It likely acts as a reverse proxy, meaning that it will forward your requests to a different, OpenAI-owned server. This might be over a new HTTPS connection, or it might be over an unencrypted HTTP connection.
It really is super important to emphasize this point. End-to-end encryption is not simply that your data is encrypted between you and the ultimate endpoint. It's that it can't be decrypted along the way - and decrypting your HTTPS requests is something that CloudFlare needs to do in order to work.
(To be clear, I'm not accusing CloudFlare of anything shady here. I'm just saying that people have forgotten what end-to-end encryption really means.)
Great points, of course if you use full strict or flexible SSL you could be ok (safe) from Cloudflare, but no way that is the case here