Hyperscaling Have I Been Pwned with Cloudflare Workers and Caching

14 points by yashgarg

johnklos

While I generally trust Troy, I do not trust Cloudflare. I’d trust Troy more if he wasn’t putting Cloudflare between everyone and Have I Been Pwned.

altano

You don’t trust Cloudflare to do, or not do, what exactly? Concerned they’ll have a security breach and someone will be able to alter the responses? Or that they’re going to maliciously do so themselves? Something else?
- johnklos
  
  Cloudflare is a for-profit company based in the US. They protect scammers and make money by protecting people from the scammers they host and protect.
  
  Do I trust them to not turn over or sell data to US three letter agencies? Hell, no. Do I trust them to not monetize data they collect? Hell, no. Do I expect them to attempt to continue down the path of trying to become a monopoly that punishes the poor, punishes non-westerners, punishes people who don’t run common browsers on common OSes? Absolutely.
  
  So why would I trust them to relay data to an important web site? I wouldn’t, and I don’t.
allan

he’s blogging about pwning himself, lol.
- ThinkChaos
  
  He literally did that here! https://www.troyhunt.com/a-sneaky-phish-just-grabbed-my-mailchimp-mailing-list/
  - allan
    
    jeez