Tech drama. A OpenBSD [paranoid] user.

Why not to trust Cloudflare and what about 1.1.1.1

As seen on reddit. CloudFlare's 1.1.1.1 public DNS manually manipulates the .org zone for its users, setting a scary precedent.

This is a list I wrote about a year ago, but it's still accurate:

More details on SSL decryption:

Keyless SSL requires that Cloudflare decrypt, inspect and re-encrypt traffic > for transmission back to a customer’s origin.''

Source: https://www.cloudflare.com/ssl/keyless-ssl/

By doing that, Cloudflare is violating the trust between users and server operators and making the SSL certificate itself worthless. A website cannot be considered “Secure” if the traffic is decrypted by a man in the middle.