Hacker News new | past | comments | ask | show | jobs | submit login

CloudFlare is the biggest MITM attack in the history of the internet. Why are we putting this much power in the hands of a few US citizens, who are legally obliged to record all that unencrypted data passing through their servers?



We are not recording the data that passes through our servers.


Most sites which are not on HTTPS now are static sites like blogs etc. Google recently announced HTTPS will be determining SERP so many webmasters are going to use it anyway even with a MITM.


> Google recently announced HTTPS will be determining SERP

Seriously? So now I have to buy into the corrupt CA system in order to rank well in searches? :/


It's supposed to be a minor ranking signal for now.

http://googleonlinesecurity.blogspot.com/2014/08/https-as-ra...


who are legally obliged to record all that unencrypted data

They may be compelled to do that. It was actually a European directive, and subsequent regulations in each member state, that forced providers to retain data pre-emptively, and even that didn't require them to record all traffic.

https://en.wikipedia.org/wiki/Data_Retention_Directive


I'd be interested in a source pointing out the origin of that obligation. I very much agree that end-to-end encryption is superior for transactions that need it. Some don't need it though, and MITM'd encryption does at least protect the end user from any untrusted parties on their local subnet like in coffee shops, which are far more untrusted than upstream operators.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: