On 18/10/15 08:34, Ryan Carboni wrote:
It is behind Cloudflare's MiTM service which adds web services names to their existing certs as alternative Names.
So your SSL/TLS connection is terminated on Cloudflare's web application firewalls and NOT the web servers that you think is terminating it.
Given CF handle over 4% of web traffic it is a great place to collect and collate what was encrypted traffic for monitoring and anti-privacy purposes.
Cheers, Oshwm.
Given that it was revealed that ISPs were subsidized in exchange for giving the NSA full take, it makes cloudflare mildly suspicious. Although I personally don't care. It's a free CDN and I suppose one expects some freedom to be lost somewhere.
Not quite... When your ISP (and every other ISP/Peer) logs traffic then you can circumvent this by using a VPN/Tor/i2p etc and so the only logs they get prove that you are a privacy conscious customer who is actively using the internet. You can't use VPN/Tor/i2p to bypass the CDN's because the CDN is the endpoint in your communications. Therefore, the CDN has access to the entire contents of your communications which allows them to gather a massive amount of information about you. When they can do this across multiple websites then the ability to correlate that information into a complete profile of you and your online activities becomes very dangerous. Unfortunately, avoiding CDNs is difficult because they are part of the Corporate and Government effort to centralise the web for exactly the reasons I outlined above. So, the wise person expects to lose freedom but the wiser person does everything they can to reduce the loss. One of the things that surprises me on this list is the number of people who are happy to accept the loss of privacy that the modern web allows. It's as if this isn't the Cypherpunks list after all!!!