They get shit on a lot here. Why? What do they do and how is that different from other companies that offer similar services?
What I know of them: they offer DDS brute force/spam protection for websites.
They get shit on a lot here. Why? What do they do and how is that different from other companies that offer similar services?
What I know of them: they offer DDS brute force/spam protection for websites.
I wouldn’t call it hate, just concern.
Cloudflare acts as a front door to many sites and as such your TLS session is terminated at Cloudflare, then CF makes a additional session from themselves to the target site.
This is concerning as that means CF can see all of your data.
It’s worth mentioning the advantage of why they do this. There are several reasons, but the two most common are:
Seeing the data means they can do a better job at detecting attacks and fending them off.
They can issue certificates with longer lives from their private CA which simplifies certificate management for their customers.
considering they are a US company they are bound by US warrantless wiretapping laws.
Plus other capabilities like injecting banners, caching, etc
you say, “caching,” CF says, “ca-ching!”
There is https://developers.cloudflare.com/ssl/keyless-ssl/
If you don’t own your private keys, wtf are you doing anyway? People are fucking lazy and they are paying for it.
If you’re not paying money for a service, you’re paying another way