[grokkedit]

not sure that MITM definition applies here: cloudflare is serving the data, they're not in the middle, they're either alice or bob

[marginalia_nu]

They do host some data, but they delegate a lot of connections as well. One of their biggest products is bot mitigation, where they'll inspect incoming connections/traffic and pass them through if they don't seem to be bots.

This is essentially MITM-as-a-service.

[chii]

But i think they terminate the SSL connection, and then re-establish a new one right? It's not like your backend server didnt know it's been MITM'ed. I suppose they should've named MITM as Surprise-MITM.

[marginalia_nu]

It's still a MITM, and a MITM for a good chunk of all the web's traffic. Given the Snowden revelations, it's pretty much a given they're snooping.