CloudFlare is the biggest MITM attack in the history of the internet. Why are we putting this much power in the hands of a few US citizens, who are legally obliged to record all that unencrypted data passing through their servers?
Most sites which are not on HTTPS now are static sites like blogs etc. Google recently announced HTTPS will be determining SERP so many webmasters are going to use it anyway even with a MITM.
who are legally obliged to record all that unencrypted data
They may be compelled to do that. It was actually a European directive, and subsequent regulations in each member state, that forced providers to retain data pre-emptively, and even that didn't require them to record all traffic.
I'd be interested in a source pointing out the origin of that obligation. I very much agree that end-to-end encryption is superior for transactions that need it. Some don't need it though, and MITM'd encryption does at least protect the end user from any untrusted parties on their local subnet like in coffee shops, which are far more untrusted than upstream operators.
