问HN:您是否对像Cloudflare Tunnels这样的TLS终止代理感到担忧?
我相信许多服务依赖于Cloudflare隧道或类似产品,这些产品允许您将来自公共互联网的网络请求代理到您的服务器,而无需打开任何端口。<p>这种代理处理TLS(HTTPS),因此无法使用Cloudflare隧道进行原始TCP/UDP的直接传输。这种方式很方便,因为它使使用变得更加简单,但也可能令人担忧,因为从技术上讲,Cloudflare可以访问所有明文流量,尽管从最终用户的角度来看,连接是HTTPS,看起来完全正常。<p>考虑到现在公开的信息,大多数互联网流量会被自动存储,这让我更加担忧(可以参考维基百科的“641A房间”一文作为一个好的起点)。<p>您对此有什么看法?这种代理对于任何严肃的网络服务来说都是不可行的吗?
查看原文
I believe many services rely on Cloudflare Tunnels or similar products that lets you proxy web requests from the public internet to your server without opening any port.<p>This kind of proxy handles TLS (HTTPS), it's not possible to use Cloudflare Tunnels for raw TCP/UDP passthrough. This is convenient because it makes it more simple to use, but may be concerning because Cloudflare technically has access to all the plain-text traffic, even though seen from the end user the connection is HTTPS and looks perfectly normal<p>This is even more concerning to me given it's now public that most of internet traffic is automatically stored (see Wikipedia article "Room 641A for a good start)<p>What are your opinions about this? Are this kind of proxy a no-go for any serious web service?