> Don't use Cloudflare or similar services. See my article here for an explanation on why. If you use a service like this, you're basically already MitMing yourself.
I wish more people would realize that when arguing on the internet about CAA, DNSSEC, NSA, etc. that none of it really matters. We willingly allow a government aligned entity to unwrap 20% of all TLS connections on the internet and peak inside.
Edit: not even going in to the sovereignty issue of having an American private company effectively decide your internet regulations.
The fact that Cloudflare is allowed to continue hosting websites which are obviously illegal, some notorious, is deeply strange. As I wrote in my article on the subject, it makes no sense when you consider the way the US responds even just to copyright infringement; see how they nuked Megaupload's business without trial because they saw them as knowingly enabling piracy. However, it's a known fact that US authorities will keep illegal or disreputable services up if they see them as a source of more intelligence. I can't really see any other explanation for how Cloudflare is allowed to host some of the sites it does without pressure from the US unless it's basically funnelling all of the data to the NSA.
Cloudflare should be viewed the same way - they shield you from DDoS, not from the government. They allow everything to be hosted until proven otherwise. Cloudflare doesn't have to police what's hosted through it, because the police can do it easily enough.
There are lots of pirate websites, explicitly designed for piracy, but saying the opposite on their terms and conditions page to create a little plausible deniability. I can't tell you if Megaupload was one of those and I don't know what evidence the government had.