1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Cloudflare & HTTPS

Discussion in 'Nerd Out Zone' started by joppiesaus, Sep 16, 2016.

  1. joppiesaus

    joppiesaus Infamous Space-Octopus

    • Member
    Soooo I inspected the HTTPS certificate of this website; and I noticed that this is not Seed of Andromeda's certificate; it's coming from Cloudflare.

    Which means - if there is a seedofandromeda server - all traffic between The client(your pc) & the server(the seedofandromeda.com server) will pass through Cloudflare's network; and it will have to de-encrypt and re-encrypt your data from and to the server. Which means Cloudflare knows what's being said, right?


    Let me illustrate the problem:
    Client(your pc) ↔ ↔ Cloudflare ↔ ↔ Server

    Normally it would be this:
    Client ↔ ↔ Server

    This means that only the pc, Cloudflare, and the Server, know what data means, and not just the client and server.

    If this is the case, this means that you also have to trust Cloudflare to not manipulate or spy on the data that's passing through.
    If many servers use Cloudflare, it will cause centralization, which could make it a bigger target, which could make it harder for this chain to be trusted.

    Am I missing a step here, or could Cloudflare be a potential eavesdropper?
  2. TYHENDER

    TYHENDER Industrial Re-revolutionist

    Possibly.

    But where seedofandromeda.com is hosted? I am sure it used GoDaddy before. Maybe they just use cloudflare as host server?
    So it's more like Client ↔ ↔ CloudFlare(server)?

Share This Page