@selea That depends on what you call "ethical".
In theory it can, but it's highly difficult, it's always based on "trust", so you'd need to have some way for people to be able to verify you are actually keeping your word, which is a difficult issue to solve.
@selea for which of the many services Cloudflare provides these days? WAFaaS? CDN? DNS (authoritative)? FaaS? DNS (recursive, DoH, DoT)? VPN? SNTP? …
Or all of them at once?
@selea mhm, WAFaaS requires a deep insight into protocols and therefore getting hands on user data. Now the question is: what makes Cloudflare unethical?
Is it the claim that they are scraping all user data? Is it the fact that Cloudflare is becoming a centralized distributor for web traffic? Or is it the fact that they are able to scrape user data due to the deep insight they get into traffic?
If I even understand what that WAFaaS acronym means, I don't think so, encryption needs to be mitmd for it to work, then the question is where to place the damn snoop, so that the required integrity and secrecy of the packets remain intact.
A controversial question could be:
Do we encrypt too much if we need to break encryption to protect agains congestion issues?
@selea I think... it depends. Like others in this thread have mentioned, the specific Cloudflare service matters, as does the definition of “ethical” here.
I think it also depends on the thing using Cloudflare as a service provider, and for what.
Anything is possible, IMHO. More a question of how hard the technical challenge is, and any UX/cost/speed trade-offs get in the way of adoption.
A instance dedicated - but not limited - to people with an interest in the GNU+Linux ecosystem and/or general tech. Sysadmins to enthusiasts, creators to movielovers - Welcome! Just give a reason why we should approve your application into this instance, and our team will review it. Please include the word "excited" in the application, otherwise your application will be rejected.