The Wikipedia article says Cloudflare has been used to host hate speech, websites with illegal content and forums connected to all sorts of illegal activities. And I see them being used by a lot of decent webservices but shady ones as well.
So my question, can Cloudflare be used for something alike “bulletproof hosting”? Does anyone know if they collaborate with law enforcement or care once someone sends a mail to the abuse contact? Or if there’s a way to find information about a Cloudflare protected server for the public?
Hypothetical question, I’m just curious and I thought maybe someone here has first-hand experience with getting their account terminated or reporting content or doing piracy via them or whatever…
No they do not, and yes they are an American company they have to follow the rules. They also MITM, I wonder how many of the self hosters who use their tunnels realize this. Hosting a password manager behind them would be funny since they can scrape all your passwords.
Yes, I rarely see this being discussed. Cloudflare terminates the encryption, hopefully re-encrypts it on the way upstream, but they have access to all the content in the forwarded traffic. Not sure about the password managers, though. I believe most of them encrypt stuff on the device itself before sending it over the network, and there are no cleartext passwords transferred or stored on the servers.