Ask HN: Are you concerned by TLS-terminating proxies like Cloudflare Tunnels?
I believe many services rely on Cloudflare Tunnels or similar products that lets you proxy web requests from the public internet to your server without opening any port. This kind of proxy handles TLS (HTTPS), it's not possible to use Cloudflare Tunnels for raw TCP/UDP passthrough. This is convenient because it makes it more simple to use, but may be concerning because Cloudflare technically has access to all the plain-text traffic, even though seen from the end user the connection is HTTPS and looks perfectly normal This is even more concerning to me given it's now public that most of internet traffic is automatically stored (see Wikipedia article "Room 641A for a good start) What are your opinions about this? Are this kind of proxy a no-go for any serious web service? 4 comments on Hacker News.
I believe many services rely on Cloudflare Tunnels or similar products that lets you proxy web requests from the public internet to your server without opening any port. This kind of proxy handles TLS (HTTPS), it's not possible to use Cloudflare Tunnels for raw TCP/UDP passthrough. This is convenient because it makes it more simple to use, but may be concerning because Cloudflare technically has access to all the plain-text traffic, even though seen from the end user the connection is HTTPS and looks perfectly normal This is even more concerning to me given it's now public that most of internet traffic is automatically stored (see Wikipedia article "Room 641A for a good start) What are your opinions about this? Are this kind of proxy a no-go for any serious web service?
I believe many services rely on Cloudflare Tunnels or similar products that lets you proxy web requests from the public internet to your server without opening any port. This kind of proxy handles TLS (HTTPS), it's not possible to use Cloudflare Tunnels for raw TCP/UDP passthrough. This is convenient because it makes it more simple to use, but may be concerning because Cloudflare technically has access to all the plain-text traffic, even though seen from the end user the connection is HTTPS and looks perfectly normal This is even more concerning to me given it's now public that most of internet traffic is automatically stored (see Wikipedia article "Room 641A for a good start) What are your opinions about this? Are this kind of proxy a no-go for any serious web service? 4 comments on Hacker News.
I believe many services rely on Cloudflare Tunnels or similar products that lets you proxy web requests from the public internet to your server without opening any port. This kind of proxy handles TLS (HTTPS), it's not possible to use Cloudflare Tunnels for raw TCP/UDP passthrough. This is convenient because it makes it more simple to use, but may be concerning because Cloudflare technically has access to all the plain-text traffic, even though seen from the end user the connection is HTTPS and looks perfectly normal This is even more concerning to me given it's now public that most of internet traffic is automatically stored (see Wikipedia article "Room 641A for a good start) What are your opinions about this? Are this kind of proxy a no-go for any serious web service?
Hacker News story: Ask HN: Are you concerned by TLS-terminating proxies like Cloudflare Tunnels?
![Hacker News story: Ask HN: Are you concerned by TLS-terminating proxies like Cloudflare Tunnels?]()
Reviewed by Tha Kur
on
April 27, 2026
Rating:
No comments: