Stop Breaking TLS

(www.markround.com)

170 points todsacerdoti | 1 comments | 10 Dec 25 07:06 UTC | HN request time: 0s | source

Show context

arianvanp ◴[10 Dec 25 09:43 UTC] No.46215864[source]▶

Complains about TLS inspection, yet fronts their website on the biggest and most widely deployed TLS introspection middle box in the world ...

Why do we all disdain local TLS inspection software yet half the Internet terminates their TLS connection at Cloudflare who are most likely giving direct access to US Intelligence?

It's so much worse as it's infringing on the privacy and security of billions of innocent people whilst inspection software only hurts some annoying enterprise folks.

I wish we all hopped off the Cloudflare bandwagon.

replies(7): >>46216030 #>>46216051 #>>46216089 #>>46217208 #>>46217601 #>>46221412 #>>46226753 #

phito ◴[10 Dec 25 10:07 UTC] No.46216030[source]▶

>>46215864 #

I wish so too, same for all the self-hosters using tailscale...

replies(3): >>46216106 #>>46216426 #>>46216429 #

1. dns_snek ◴[10 Dec 25 11:07 UTC] No.46216426[source]▶

>>46216030 #

Tailscale connections don't get terminated by a middle box, it's just end-to-end encrypted Wireguard under the hood. Cloud-hosted control panel is a risk because they could push malicious configuration changes to your clients (ACLs and new nodes if you're not using the lock feature), but they can't do it without leaving a trace like Cloudflare can.

↑