10% of internet traffic is routed through cloudflares CDN, this is a large portion of traffic to smaller websites. Even if the traffic is encrypted, this is a large percentage of the independent traffic and thus makes it a massive target for centralised drag net surveillance by the US government.
As far as I can tell, a no log policy means very little when the government can enforce mandatory backdoors and gag orders. Combine this with the fact that the vast majority of cloudflare customers pay nothing for this hugely costly infrastructure, I expect mass packet collection at cloudflare is much cheaper and more pervasive than at the ISP level. I would trust most commercial VPN providers more than I trust cloudflare.
The fact that they have a valid CA they use to issue TLS certs for any domain on their CDN means they could theoretically use the same CA to issue their own certs for any site you visit with HTTPS. If they did that you wouldn’t be able to easily tell they are proxying the HTTPS connection because there wouldn’t be any HTTPS alert in the browser since the cert would be trusted.
However, if they ever did that I expect the various CA organizations and Chrome specifically would fall on their heads like a ton of bricks, like they did with Symantec. Only an idiot would fuck around with the golden goose that is a money printing machine of a valid CA.
The last US dependency gets severed tomorrow at 15h Zurich time, assuming my train arrives on time, the notary doesn’t get COVID, etc., etc., etc.
Not really, the system displays it as a VPN but it is kind of a « virtual » VPN. Only because of system design flaws.
I really recommend using Quad9 instead, you can use u/nitrohorse profiles for a whole system encrypted DNS on iOS that won’t enable the VVPN, allowing you to use a real one if needed.
iOS profiles : https://www.reddit.com/r/Adblock/comments/koowte/encrypted_dns_profiles_for_ios_14/
That’s kinda fair. Their “warp” thing is paid tho
Oh shit you’re right. That would probably be the loudest incident in decade 
but yeah it’s totally technically possible
Excellent! Can you let us know when it’s complete ?
The last papers were signed and notarized this afternoon. They go to the companies registry in the morning, and should be visible online in a week or so. I’ll try to remember to update this again at that point.
Aaaaand… Here we go!
More like a month than a week, but, you know, government bureaucracy.
but yeah it’s totally technically possible