[crickey]

I would be glad to use cloudflares domain registry. But anyone else worried that to much of the net is already tied up with them

[JohnFen]

I am, yes. Not a slight to Cloudflare, but it's never good when one entity touches so much.

[throitallaway]

Especially considering that their core product is MITM.

[magila]

I've never quite understood this idea that Cloudflare is an MITM. An MITM is by definition a covert intermediary. Cloudflare is a service provider that's deliberately employed by a site operator. If CF is a MITM then so is AWS, GCP, and every other CDN service provider.

[throitallaway]

I guess MITM has a specific (adversarial) definition and I've bastardized it. The only cloud load balancers that I use are layer 4, so they're not unwrapping HTTPS for me, but your point is taken.

[JohnFen]

> An MITM is by definition a covert intermediary.

I've never thought that it had to be covert or even nefarious to be a MITM. It's a man-in-the-middle if it's sitting between two endpoints talking to each other and intercepting the data stream.

For instance, I proxy all of my web traffic in order to be able to filter my HTTPS streams. It's neither covert nor nefarious, but is still a man-in-the-middle. It's just not a man-in-the-middle attack.

[rewmie]

> But anyone else worried that to much of the net is already tied up with them

Yes, and I'd add AWS and Google to the count, albeit for slightly different reasons.

[wahnfrieden]

Yes. Is there a good CF Tunnel alternative for production use?

[e12e]

Not sure how you define production use in this case - but tailscale funnel might be an option even though they're still labeled beta?

https://tailscale.com/kb/1223/tailscale-funnel/

[wahnfrieden]

As opposed to a dev tunnel like ngrok. Thank you