I understand where you are coming from but there’s a flip side to this.

Cloudflare obfuscating such a huge segment of origin servers gives a privacy advantage to anyone using a private DNS, since most of the IPs you can be seen connecting to are just…Cloudflare.

▲

jjcob 8 days ago | parent | next [-]

It's funny that the original idea for HTTPS was that there should be private communication between clients and service providers, and it somehow got turned on its head and now its just private communication between you and Cloudflare, and they can see all the traffic.

We talk about end to end encryption all the time, but half the web is hosted by a single company with questionable ethics and everyone is like, we trust them! They write technical blog posts!

Even Signal is hosted on Cloudflare...

▲

rsync 9 days ago | parent | prev | next [-]

Or, at least, that’s how it would work if it wasn’t for SNI…

▲

allset_ 9 days ago | parent [-]

Cloud Flare supports ECH. https://developers.cloudflare.com/ssl/edge-certificates/ech/

▲

1vuio0pswjnm7 8 days ago | parent | next [-]

Any examples of Cloudflare client websites that have enabled ECH

▲

immibis 8 days ago | parent | prev [-]

China blocks ECH.

▲

majorchord 8 days ago | parent [-]

do you have a reliable source for this claim?

▲

1vuio0pswjnm7 8 days ago | parent [-]

China's use of SNI-based censorship is well-documented

For example, see

https://censorbib.nymity.ch/pdf/Niere2025a.pdf

	▲	1vuio0pswjnm7 7 days ago \| parent \| next [-]
		China has blocked ESNI https://gfw.report/blog/gfw_esni_blocking/en/ But SNI is not CH and ESNI is not ECH Will China block ECH ECH blocking has been detected in Russia https://github.com/net4people/bbs/issues/417 According to Niere et al. (2025) "Additionally, with the ECH extension not yet being widely used [17], [71] and focusing on privacy protection rather than censorship circumvention [60], it can be censored easily by blocking it entirely [14], [76]." The paper describes various GFW bypass methods that currently work, including removing the SNI extension entirely It does not mention anyone using ECH to bypass GFW Perhaps it is too early to conclude "China blocks ECH" because ECH is not in widespread use
	▲	ranger_danger 7 days ago \| parent \| prev [-]
		Yes, but SNI is not ECH.

▲

lyu07282 8 days ago | parent | prev [-]

Great gaslighting I must admit, terminating SSL of half the internet.. that centralization is actually enhancing privacy... There is a very high probability Cloudflare is a literal NSA front.

	▲	brightball 5 days ago \| parent [-]
		I don't see how that's gas lighting? I'm just suggesting that there are trade-offs involved and value gained by making private origin servers common.