I think you have the wrong idea about what I was referencing. I’m not talking about Cloudflare Tunnels but their Encrypted Client Hello. While Cloudflare could intercept the inital ClientHello the rest of the HTTP traffic still is encrypted between Client and Server not between Client and Cloudflare. In that sense they have not turned into more of a MitM than they (or any other DNS Nameserver) were already anyway. So unless governments decide to completely dismantle the trust chain the internet works on they won’t be forced to fuck with ECH for anti-piracy either.
But ultimately anything going over a public DNS Server is susceptible to being compromised. We simply trust that the providers don’t.
I think you have the wrong idea about what I was referencing. I’m not talking about Cloudflare Tunnels but their Encrypted Client Hello. While Cloudflare could intercept the inital ClientHello the rest of the HTTP traffic still is encrypted between Client and Server not between Client and Cloudflare. In that sense they have not turned into more of a MitM than they (or any other DNS Nameserver) were already anyway. So unless governments decide to completely dismantle the trust chain the internet works on they won’t be forced to fuck with ECH for anti-piracy either.
But ultimately anything going over a public DNS Server is susceptible to being compromised. We simply trust that the providers don’t.
Ah. Yes. You are correct. I read the page, and assumed cf as a whole, not only as a DNS.