this post was submitted on 26 Aug 2025
27 points (96.6% liked)

Privacy

2462 readers
220 users here now

Icon base by Lorc under CC BY 3.0 with modifications to add a gradient

founded 2 years ago
MODERATORS
Ategon@programming.dev
danielintempesta@programming.dev
27
TIL something curious about Cloudflare (ani.social)
submitted 2 weeks ago by hisao@ani.social to c/privacy@programming.dev
4 comments fedilink hide all child comments
 

I've been reading this about Cloudflare and realized they require any site using their services to install their certificate to then proceed to fully sniff and analyze, and sometimes even modify https traffic. This is something I didn't realize before. Here are the relevant screenshots:

you are viewing a single comment's thread
view the rest of the comments
[–] who@feddit.org 10 points 2 weeks ago

Yes indeed.

Ever try visiting an overloaded HTTPS site and get an HTTP 524 error page? Cloudflare's ability to insert those pages in place of the expected response makes it clear that your "secure" connection only reaches as far as Cloudflare, who can read and modify everything you send to and receive from the site you're visiting.

Given how much of the web runs behind Cloudflare, along with their position as the early default DNS-over-HTTPS provider in browsers, they are a massive man-in-the-middle constantly watching and capable of modifying much of our web activity.