And when Cloudflare is the proxy for a web site, it’s Cloudflare that provides the HTTPS connection, meaning that you don’t actually have an encrypted channel directly to the site. Cloudflare is the man-in-the-middle eavesdropping on all of your communications with that site. Your bank transactions, your medical records, your personal messages, etc.
Weird how much of a monopoly cloudflare has on the internet. I guess it’s going to start being an indicator for me for services that have becomes “too big for their britches.”
What is MITMed?
“Man in the middle”. They are used by a lot of web services as a proxy, usually to prevent DDOS attacks.
And when Cloudflare is the proxy for a web site, it’s Cloudflare that provides the HTTPS connection, meaning that you don’t actually have an encrypted channel directly to the site. Cloudflare is the man-in-the-middle eavesdropping on all of your communications with that site. Your bank transactions, your medical records, your personal messages, etc.
Lol what?
I thought they just did rate limiting and such, I can’t believe they do SSL as well.
Interesting. I’m going to keep this in mind.
Weird how much of a monopoly cloudflare has on the internet. I guess it’s going to start being an indicator for me for services that have becomes “too big for their britches.”
Small companies use CF as well. It really is one of the best ways to prevent all sorts of bad actors