LGR has a Patreon, I signed up and sent over fifty bucks. Least I could do for the many, many years of entertainment.

https://www.patreon.com/LazyGameReviews

I’m all for healthy paranoia, keeping my attack surface small. That’s just professional IT ops.

Incendiary statements like saying US intelligence compromised the supply chain with hidden backdoors, those really do need to be substantiated to not sound like a crazy uncle. Our adversaries have counterintelligence also, they aren’t incompetent, and if Cisco or Juniper or whatever planted backdoors in hardware shipped to China, the Chinese would make a ton of noise about it. And so would we; Huawei was banned without any substantiated proof, out of fears that if used, their 5G infra could have hidden backdoors and the hardware would be so widely distributed that it would be onerous to replace.

Yes there are a bunch of self-hosted options like frp, all of which require an endpoint on the internet somewhere, typically a cheap or even free VM. Here’s a pretty comprehensive list:

https://github.com/anderspitman/awesome-tunneling

Cloudflare is a MITM by design. Calling it an attack is disingenuous; you’re signing up for the service of your own free will, not a victim.

If a substantiated news article came out showing that Cloudflare shared SSL keys or otherwise gave direct access to various intelligence agencies without a court order, that would essentially destroy the company. So they certainly aren’t doing that.

So then the question becomes whether those nefarious three letter agencies penetrated Cloudflare with APT tools and are silently listening to everything. Our adversaries are certainly trying, China, Russia, Iran, etc. If the NSA (which lacks a mandate to act on US soil, and CF is a US company) or perhaps the FBI hacked a US company, particularly one that covers like a third of the internet like Cloudflare, that would be a truly enormous scandal.

But in the end, yes, it is a MITM. If you need your data to be E2E encrypted, don’t use it.