Registry Registrant ID:
Registrant Name: WHOISGUARD PROTECTED
Registrant Organization: WHOISGUARD, INC.
The same server also hosts a site with this fine page: http://www.namebase.net/books52.html suggesting AIDS is a bio weapon engineered by the USA. Given that they appear to have been designed by the same person with unlimited access to MSPaint, version Windows 3.1, I think it is safe to assume this is by the same people.
Even if the original idea (which btw, the origin story was shared on TechCrunch when they launched, was maybe even on their about page, etc.) was from this honeypot project, CloudFlare is a different beast. Moreover, there's now the company-wide "we'd all have to be in on it" perspective. If you read through the posts from folks like jgrahamc and others, you'd hopefully conclude that selling visitor data would be much less interesting than their actual business.
Here's the important thing about those FREE customers: many of them turn into high-paying customers later. For example, it is very common for CIO/CTO at $BIG_CORP to quietly test their personal blog on a Cloudflare FREE plan and we have no idea they are doing it. Later CIO/CTO uses that experience and decides to spend $BIG_DOLLAR from $BIG_CORP with Cloudflare.
From what I could find, it looks like they're still under 300 employees, and not everyone "would have to be in on it." Only the search team.
I know CDN services are meant to be fast and they try to minimize any type of slowdown, but many still keep logs and preform analytics. Also, employees often sign NDAs.
I don't know how CloudFlare SSL termination works, but I remember Akamai had SSL off-loading and they could, in theory, control payloads.
I assume the MITM-SSL complaint is about their "Flexible SSL" which as they admit is not as good as SSL end-to-end but better than nothing.
Note: I have no affiliation with CloudFlare (I just dislike unsubstantiated attacks).
There is nothing particularly dangerous about accepting claims from strangers on the internet at face value. I don't use their service, so I'm not going to be harmed by anything he says if he is lying or if he is telling the truth. If I decide later to use their service or if he says something that seems false or misleading when taken at face value, I can adjust my level of skepticism accordingly.
Still, I would assume by signing their ToS you are agreeing to some hefty terms.
Equating John Graham-Cumming to a random engineer has, on HN at least, about the same weight as equating PG to a financially succesful blogger. The statement is factually accurate but deliberately ignores the wider context.
Yes - I'm painfully aware that I just used the halo effect as a weapon. But the fact is that provenance and pedigree matter.