Regardless of whether or not you provide your own SSL certificates, cloudflare still uses their own between their servers and client browsers. So any SSL encrypted traffic is unencrypted at their end before being re-encrypted with your certificate. How can such an entity be trusted?
The good old “eh what do i care i dont have anything to hide” approach to security and privacy. Excellent!
“If you have nothing to hide then you dont have to worry!”
I wont respond further in this thread because i already know how these discussions go.
Why would anyone argue that other companies are saints? Are you aware you are in /r/selfhosting here? The whole point is to regain control of your own data, be in charge of who stores what, where and how.
But if you don’t trust Cloudflare, who do you trust, and why? Do you trust your ISP? Do you trust Intel or AMD? The people who manufacture your router or other networking kit? People’s trust boundaries exist at different levels. If you are happy with your own, fine, but you don’t get to tell other people that they are doing it wrong just because their boundaries are different.
As i already replied to you in another comment… that is the definition of selfhosting of this subreddit, which you are now participating in.
And no, i dont trust anyone. I dont trust my ISP. I dont trust Intel or AMD. I dont even own a computer. And my house is powered by a diesel generator only 2 hours per day, while its covered completely in aluminium foil. I am writing these reddit comments on post-it notes and every few minutes i send one of my kids on their bicycle to drive to a random neighbour and they post them for me.
But youre not getting any more post-its from me, dont worry.