←back to thread

Stop Breaking TLS

(www.markround.com)
170 points todsacerdoti | 2 comments | 10 Dec 25 07:06 UTC | HN request time: 0.019s | source
Show context
arianvanp ◴[10 Dec 25 09:43 UTC] No.46215864[source]
Complains about TLS inspection, yet fronts their website on the biggest and most widely deployed TLS introspection middle box in the world ...

Why do we all disdain local TLS inspection software yet half the Internet terminates their TLS connection at Cloudflare who are most likely giving direct access to US Intelligence?

It's so much worse as it's infringing on the privacy and security of billions of innocent people whilst inspection software only hurts some annoying enterprise folks.

I wish we all hopped off the Cloudflare bandwagon.

replies(7): >>46216030 #>>46216051 #>>46216089 #>>46217208 #>>46217601 #>>46221412 #>>46226753 #
apexalpha ◴[10 Dec 25 10:10 UTC] No.46216051[source]
I'm not sure if you're serious but in case you are (or other people):

TLS inspection is for EVERYTHING in your network, not just your publicly reachable URLs.

Putting Cloudflare anti-DDoS in front of your website is not the same as breaking all encryption on your internal networks.

Google can already see the content of this site since it's hosted... on the internet.

replies(3): >>46216233 #>>46216504 #>>46216798 #
1. arianvanp ◴[10 Dec 25 11:20 UTC] No.46216504[source]
Given that 50-70% of the critical services I use in my daily life (healthcare, government, banking, insurance) all go through Cloudflare this practically means everything that is important to me as an individual is being actively intercepted by a US entity that falls under NSA's control.

So for all intents and purposes it's equivalent.

My point is: it's very hypocritical that we as industry professionals are complaining about poor cooperates being MITM'd whilst we're perfectly fine enabling the enfringement of fundamental human right to privacy of billions of people by all fronting the shit that we build by Cloudflare in the name of "security".

I find the lack of ethical compass in this regard very disturbing personally

replies(1): >>46225007 #
2. kreetx ◴[10 Dec 25 22:42 UTC] No.46225007[source]
Having an organization install custom root certificates onto your work or personal computer and hosting a public blog on Cloudflare are two entirely different topics.

That your healthcare, government, bank, etc. are using Cloudflare, is a third. In an ideal world I guess I'd agree with you, but asking any of these institutions to deploy proper DDoS protection may just be too much of an ask.