Regardless of whether or not you provide your own SSL certificates, cloudflare still uses their own between their servers and client browsers. So any SSL encrypted traffic is unencrypted at their end before being re-encrypted with your certificate. How can such an entity be trusted?
Because it’s not always about the encryption. I use Cloudflare tunnels because they are a good way of exposing sites to the internet without exposing my IP or opening ports, which means I don’t have to worry as much about DDoS or other attacks and therefore I don’t need to spend as much effort defending against them.
Even Cloudflare decides to inspect my traffic (and seriously why would they care about a tiny hobbyist website) it’s not like it gives them full access to everything, there are other controls you can use depending what your site is for.
Honestly what I don’t understand is why some on this sub have such strong objections to Cloudflare. Like I get they are a terrible company in a lot of ways, but name a tech company that isn’t?
The good old “eh what do i care i dont have anything to hide” approach to security and privacy. Excellent!
“If you have nothing to hide then you dont have to worry!”
I wont respond further in this thread because i already know how these discussions go.
Why would anyone argue that other companies are saints? Are you aware you are in /r/selfhosting here? The whole point is to regain control of your own data, be in charge of who stores what, where and how.
But if you don’t trust Cloudflare, who do you trust, and why? Do you trust your ISP? Do you trust Intel or AMD? The people who manufacture your router or other networking kit? People’s trust boundaries exist at different levels. If you are happy with your own, fine, but you don’t get to tell other people that they are doing it wrong just because their boundaries are different.
As i already replied to you in another comment… that is the definition of selfhosting of this subreddit, which you are now participating in.
And no, i dont trust anyone. I dont trust my ISP. I dont trust Intel or AMD. I dont even own a computer. And my house is powered by a diesel generator only 2 hours per day, while its covered completely in aluminium foil. I am writing these reddit comments on post-it notes and every few minutes i send one of my kids on their bicycle to drive to a random neighbour and they post them for me.
But youre not getting any more post-its from me, dont worry.
You don’t need to use CF tunnels to get DDoS protection and to hide your IP. If you are using CF tunnels without being undee a CG-NAT then you are getting MITM’d for nothing.