[nonrandomstring]

> the issue of Cloudflare as a man-in-the-middle is a smaller issue for people running websites than the damage done by potential attacks.

There is no damage done by potential attacks. Damage is done by actual attacks. I am not simply being pedantic. The damage done by blocking users and the leaking of data via TLS proxying seems very real. One cannot make comparisons between actuality and potentiality.

[trinovantes]

How is this any different than AWS/Azure/GCP (e.g. cloud functions) MITMing your users' connections? If it's not your hardware, it's not your encryption keys.

[nonrandomstring]

> How is this any different than AWS/Azure/GCP

No real difference AFAICS, it's a general problem of poor cybersecurity education and quick/cheap solutions. I certainly don't mean to single out Cloudflare alone on that point.