Self-Hosted Main

504 readers

1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

For Example

Service: Dropbox - Alternative: Nextcloud
Service: Google Reader - Alternative: Tiny Tiny RSS
Service: Blogger - Alternative: WordPress

We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.

Useful Lists

Awesome-Selfhosted List of Software
Awesome-Sysadmin List of Software

founded 1 year ago

MODERATORS

[email protected]

How are so many sites OK with using cloudflare when they are basically a MITM? (alien.top)

submitted 11 months ago by [email protected] to c/[email protected]

87 comments fedilink hide all child comments

Regardless of whether or not you provide your own SSL certificates, cloudflare still uses their own between their servers and client browsers. So any SSL encrypted traffic is unencrypted at their end before being re-encrypted with your certificate. How can such an entity be trusted?

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 1 points 11 months ago (2 children)

In regard to enterprises, they don’t give a rats ass about any potential intellectual property theft. That risk has been written off. What matters is compliance and security.

Not having DDOS protection in place can potentially have legal consequences and can be very costly. DDOS protection is either investing millions of dollars in equipment or offloading that responsibility to a company like Cloudflare.

[–] [email protected] 1 points 11 months ago

security

i think you are completely wrong here. big corporations do cost assessments of security vs costs of security breaches. if security is more expensive than data breach, they will accept the breach.

[–] [email protected] 1 points 11 months ago (1 children)

they don’t give a rats ass about any potential intellectual property theft. That risk has been written off

That's not true. It's a mitigated risk through contract.

[–] [email protected] 1 points 11 months ago (1 children)

That's true, I didn't specify the circumstances.

In the case of overt IP theft, the contract is the mitigating factor.

However in the case of convert IP theft through systematic, transparent surveillance of traffic (what OP is alluding to), it's something that you cannot really mitigate apart from just not being digitally present. Cloudflare is a player there, but so is any ISP and nation state who is curious enough. To be on the internet, you have to accept the risk that systematic surveillance can impact your intellectual property.

In some cases, your mitigating factor is the law. But it's really difficult to prove that Cloudflare might be sniffing your data and using the IP unlawfully and it's downright impossible to prove that the NSA or foreign intelligence is using your IP.

[–] [email protected] 1 points 11 months ago

Let’s remember that Cloudflare is engaged in business with USG, so if they were doing that kind of nefarious stuff, it’d result in a bad time for a whole lot of folks.