Their tunnel uses TLS termination. When we use TLS/SSL certificates on a server, we want the data to be encrypted between your server and the clients connecting to it. When you use Cloudflare’s tunnel, that TLS connection is terminated, that is, decrypted on their servers and then it is re-encrypted and sent to your client. So, theoretically, they can look at all the data going through. But do they sniff in to your data, that is upto what you believe.
If you are self-hosting for privacy, this is a bad idea. Free solutions like Cloudflare and Tailscale all do TLS termination. What you want is TLS pass through. You can rent a small VPS and set up TLS pass through using something very simple, like HAProxy, NGINX Proxy etc.
Cloudflare is one of the biggest privacy violators. They effectively act as a MITM which has your SSL keys and can read all the traffic between your browser and a website. Now imagine a single entity having the SSL keys to read the traffic of an important portion of the internet.
What does “cloudflare so who cares lol” mean exactly?
Cloudflare is so good that you don’t even have to care about your privacy because they’ve got it covered?
or
Nobody who uses Cloudflare would care about privacy, and for some reason that’s worthy of a “lol”?
or what?
Cloudflare is bad.
Care to explain? I just set up zero trust Tunnel with them 😶
Their tunnel uses TLS termination. When we use TLS/SSL certificates on a server, we want the data to be encrypted between your server and the clients connecting to it. When you use Cloudflare’s tunnel, that TLS connection is terminated, that is, decrypted on their servers and then it is re-encrypted and sent to your client. So, theoretically, they can look at all the data going through. But do they sniff in to your data, that is upto what you believe.
If you are self-hosting for privacy, this is a bad idea. Free solutions like Cloudflare and Tailscale all do TLS termination. What you want is TLS pass through. You can rent a small VPS and set up TLS pass through using something very simple, like HAProxy, NGINX Proxy etc.
Cloudflare is one of the biggest privacy violators. They effectively act as a MITM which has your SSL keys and can read all the traffic between your browser and a website. Now imagine a single entity having the SSL keys to read the traffic of an important portion of the internet.
Oh and they block Tor and VPN users too.