←back to thread

Stop Breaking TLS

(www.markround.com)
170 points todsacerdoti | 1 comments | 10 Dec 25 07:06 UTC | HN request time: 0s | source
Show context
arianvanp ◴[10 Dec 25 09:43 UTC] No.46215864[source]
Complains about TLS inspection, yet fronts their website on the biggest and most widely deployed TLS introspection middle box in the world ...

Why do we all disdain local TLS inspection software yet half the Internet terminates their TLS connection at Cloudflare who are most likely giving direct access to US Intelligence?

It's so much worse as it's infringing on the privacy and security of billions of innocent people whilst inspection software only hurts some annoying enterprise folks.

I wish we all hopped off the Cloudflare bandwagon.

replies(7): >>46216030 #>>46216051 #>>46216089 #>>46217208 #>>46217601 #>>46221412 #>>46226753 #
apexalpha ◴[10 Dec 25 10:10 UTC] No.46216051[source]
I'm not sure if you're serious but in case you are (or other people):

TLS inspection is for EVERYTHING in your network, not just your publicly reachable URLs.

Putting Cloudflare anti-DDoS in front of your website is not the same as breaking all encryption on your internal networks.

Google can already see the content of this site since it's hosted... on the internet.

replies(3): >>46216233 #>>46216504 #>>46216798 #
1. dns_snek ◴[10 Dec 25 10:40 UTC] No.46216233[source]
> Putting Cloudflare anti-DDoS in front of your website is not the same as breaking all encryption on your internal networks.

You misunderstood, they're complaining about it as a user. If your website uses Cloudflare then our conversation gets terminated by Cloudflare, so they get to see our unencrypted traffic and share it with whomever they want, compromising my privacy.

Which wouldn't be such a problem if it was just an odd website here or there, but Cloudflare is now essentially a TLS middle box for the entire internet with most of the problems that the article complains about, while behind hosted behind Cloudflare.