I’ll agree with you now that CloudFlare has the ability, for the most part, to break SSL on many websites. But even without them specifically, I believe there would still be that risk with services or organizations such as Let’s Encrypt so I think if this is something that matters to you, you should really consider your suppliers.
I don’t know how much of that is useful data - e.g. I don’t at all use CloudFlare or third party SSL for API domains for example.
Finally, I don’t believe there is enough evidence to suggest that CloudFlare was created or is/was owned by the DHS.
I understand the DHS claim might be weak, but the founder of Cloudflare, Matthew Prince, said to a BBC reporter that Cloudflare started after DHS got really interested in the data he had built up with the Honeypot project, and DHS acquired it for the price that Matthew asked: 20k.
Five years later Mr Prince was doing a Master of Business Administration (MBA) at Harvard Business School, and the project was far from his mind, when he got an unexpected phone call from the US Department of Homeland Security asking him about the information he had gathered on attacks.
Mr Prince recalls: "They said 'do you have any idea how valuable the data you have is? Is there any way you would sell us that data?'.
"I added up the cost of running it, multiplied it by ten, and said 'how about $20,000 (£15,000)?'.
"It felt like a lot of money. That cheque showed up so fast."
Fast forward 1 and a half year from that call, and Cloudflare was a fully-fledged application integrated with tech giants such as Hostgator. They were tremendously efficient to develop the tool and commercialize it so fast. I think they got help.
All of those claims isolated don't tell much, but when you put everything together, a very clear picture appears. It's a picture that makes sense, based on observable facts, but yes, I'm fully aware it's a theory, that's one of the reasons why I asked those questions, to validate crucial aspects of this theory, such as the decryption power of Cloudflare.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
So, what do you think, after all?
I’ll agree with you now that CloudFlare has the ability, for the most part, to break SSL on many websites. But even without them specifically, I believe there would still be that risk with services or organizations such as Let’s Encrypt so I think if this is something that matters to you, you should really consider your suppliers.
I don’t know how much of that is useful data - e.g. I don’t at all use CloudFlare or third party SSL for API domains for example.
Finally, I don’t believe there is enough evidence to suggest that CloudFlare was created or is/was owned by the DHS.
I understand the DHS claim might be weak, but the founder of Cloudflare, Matthew Prince, said to a BBC reporter that Cloudflare started after DHS got really interested in the data he had built up with the Honeypot project, and DHS acquired it for the price that Matthew asked: 20k.
Fast forward 1 and a half year from that call, and Cloudflare was a fully-fledged application integrated with tech giants such as Hostgator. They were tremendously efficient to develop the tool and commercialize it so fast. I think they got help.
All of those claims isolated don't tell much, but when you put everything together, a very clear picture appears. It's a picture that makes sense, based on observable facts, but yes, I'm fully aware it's a theory, that's one of the reasons why I asked those questions, to validate crucial aspects of this theory, such as the decryption power of Cloudflare.