frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Ask HN: What does your agentic software dark factory look like?

4•ElFitz•1h ago•0 comments

Tell HN: An app is silently installing itself on my iPhone every day

550•_-x-_•1d ago•184 comments

Ask HN: Is there a good CV review service for tech roles in Switzerland?

3•swissdom•2h ago•0 comments

Ask HN: Can you tell the difference between Claude Sonnet and Opus?

4•muddi900•2h ago•4 comments

Ask HN: RedHat for Personal Use

3•bozdemir•4h ago•4 comments

Ask HN: Are you concerned by TLS-terminating proxies like Cloudflare Tunnels?

4•thom-gtdp•4h ago•4 comments

Ask HN: Is Ubuntu 26.04 LTS Consider GNU/Linux?

3•xlmnxp•5h ago•2 comments

Tell HN: Claude 4.7 is ignoring stop hooks

95•LatencyKills•2d ago•86 comments

Ask HN: Anyone want to collaborate on a local-first AI-based research assistant

4•venkatram-s•15h ago•5 comments

Ask HN: Do you read differently now that anything could be AI generated?

18•dwa3592•1d ago•24 comments

Ask HN: How I find a job where what is needed is solid code, not firefighting?

19•speeder•22h ago•9 comments

Tell HN: Medvi (telehealth) hardcodes 999 patient emails in public JavaScript

14•g48ywsJk6w48•1d ago•16 comments

Ask HN: Is anyone working on Gov Digital IDs or have implementation docs / FOSS

7•lifeisstillgood•1d ago•2 comments

Ask HN: How did the industry settle on weekly limits?

10•saratogacx•1d ago•9 comments

Ask HN: Which is Better–Android or iOS?

10•wasimsk•18h ago•8 comments

Batteries Included CLI Framework

9•maxalbarello•1d ago•7 comments

Ask HN: How do solo devs protect their work in the age of vibe coding?

33•langs•3d ago•16 comments

Ask HN: Anyone managed to get Google trends API?

13•visox•1d ago•1 comments

Ask HN: What file sharing apps do you guys use?

9•samarthv•1d ago•11 comments

Ask HN: Is Zuckerberg just a „one-hit-wonder"?

22•fandorin•2d ago•28 comments

Ask HN: Oh, What Places to Go (Seriously Tho)

11•thx•1d ago•7 comments

Ask HN: MicroVM setup for VS Code Dev Container-like experience?

10•Erndob•2d ago•2 comments

Tell HN: Anthropic won't reset usage limits for those who downgraded

17•vintagedave•2d ago•0 comments

Tell HN: YouTube RSS feeds no longer work

48•019•4d ago•14 comments

Ask HN: Scaling a targeted web crawler beyond 500M pages/day

27•honungsburk•3d ago•10 comments

Ask HN: Do you waste AI assisted time looking for answers?

8•Haeuserschlucht•1d ago•2 comments

GPT-5.5 – No ARC-AGI-3 scores

25•AG25•3d ago•3 comments

Ask HN: Cyberdecks are cool but do they serve a purpose?

10•hamiecod•1d ago•2 comments

Anthropic bans orgs without warning

46•alpinisme•5d ago•20 comments

Hey, it's Earth Day today

30•burnt-resistor•4d ago•18 comments
Open in hackernews

Ask HN: Are you concerned by TLS-terminating proxies like Cloudflare Tunnels?

4•thom-gtdp•4h ago
I believe many services rely on Cloudflare Tunnels or similar products that lets you proxy web requests from the public internet to your server without opening any port.

This kind of proxy handles TLS (HTTPS), it's not possible to use Cloudflare Tunnels for raw TCP/UDP passthrough. This is convenient because it makes it more simple to use, but may be concerning because Cloudflare technically has access to all the plain-text traffic, even though seen from the end user the connection is HTTPS and looks perfectly normal

This is even more concerning to me given it's now public that most of internet traffic is automatically stored (see Wikipedia article "Room 641A for a good start)

What are your opinions about this? Are this kind of proxy a no-go for any serious web service?

Comments

zhouzhao•4h ago
For European web services it should be a no-go.

I understand the easiness of that approach, but companies should realize that relying on a giant American company for stuff like that, is going to bite them in the ass, eventually.

andy_pl•4h ago
Same trust assumption as any reverse-proxied or CDN-fronted service. CF terminates TLS for Tunnels, Workers, the regular proxy, and Pages alike — if CF is in your threat model, the issue isn't Tunnels specifically, it's the entire CF surface you've accepted by being on their network. The honest framing isn't "no-go for serious services" but "what does your data residency / DPA / SCC posture look like."
thom-gtdp•3h ago
Yup Workers has similar risks as Tunnels. Cloudflare Pages isn't the same threat as Tunnels, as Pages only gives CF public data access. On Pages you trust Cloudflare for not altering the data served, while on Tunnels you trust CF for handling secret data. I actually don't really have a data residency / DPA / SCC policy because I was considering using Tunnels for my homelab only
andy_pl•2h ago
Right, the Pages vs Tunnels split is real — different threat surfaces. For a homelab the GDPR/SCC scaffolding doesn't apply; the practical question becomes "do I trust CF more than my own ISP for opportunistic snooping," and on that axis CF's incentive structure is reasonably well-aligned.