|
|
|
|
|
|
by parliament32
2657 days ago
|
|
|
Not really accusing them of anything, but CF is a giant vuln in how you'd expect TLS to work. TLS is supposed to guarantee that data between your browser and the web server is encrypted in transit, but with the CF business model there's a very convenient decryption/re-encryption step right in the middle of that. Infiltrating CF is far, far easier than any of the other TLS-snooping methods (breaking the encryption, generating a fake cert via bad CA and intercepting, etc); it's not ridiculous to think the bogeyman-du-jour probably has fingers in CF (with their knowlege or not, doesn't really matter), and it'd be irresponsible to assume that TLS traffic going through CF is any more secure plaintext. |
|
|
If you use CloudFlare/Akamai/Cloudfront/etc. as a CDN, a hacker could view your site's traffic.
If you use G Suite/Microsoft 365/etc. for email or document storage, a hacker could access your corporate documents and communications.
If you use EC2, Azure, or GCE, a hacker could access your storage buckets or dump your VM's RAM.
It all comes down to your threat model. Is your threat model such that you absolutely can't trust any third party with your data? If the answer is "yes" then you should completely self-host and not use a CDN or anything similar. (I.E. an email provider that specializes in providing services to whistleblowers/political dissidents should definitely not use CDNs or public cloud providers.)
But for most businesses it's an acceptable risk, especially since these giant tech companies probably have better security than they do themselves.