5 comments

[ 2.8 ms ] story [ 24.9 ms ] thread
Remember, when something is free, you are the product. As MITM, they have enormous power to access otherwise encrypted information.
I mean, I'm not using Cloudflare as far as I'm aware. This issue is on the site's end, right?

They're the ones using Cloudflare to prevent bots or whatever

Yes, but what they're saying is that even if the site worked... you're handing over any data that would otherwise be normally encrypted by TLS... to cloudflare.

Signing in to your bank website who uses CF? Now CF has your password too. Buying something online? They have your credit card now. Etc.

> How can I prevent this?

Browse the Internet exclusively from an IP address with a good reputation, on a well known device that hasn't been significantly modified and is exclusively running widely used and explicitly supported software such as Google Chrome™.

And don't worry if that's too much of a hassle. Soon enough we'll have devices with manufacturer-managed identity attestation to enforce all these requirements for you.