> Isn't cloudflare supposedly not tracking private information in the websites they proxy...?
They are at the very least tracking the users and using that tracking as part of the heuristics they use in their product.
Whether they sell the data for marketing, i don’t know, hopefully not but conceivably, yes.
To which, > I disagree.
Yes, we’ve established that you disagree and explicitly claim “it’s possible to offer ddos protection without mitm”
and now further that “dropping the extra feature of caching” would not adversely affect their technology or their business”
Great, claims though entirely unsupported and in the latter case obviously false if you know anything about how it works.
In particular, they would need to sponsor the free accounts via much poorer economies of scale due to not being able to cache anything, and would not help at all with a “legitimate ddos” such as being on the front page here
> They are at the very least tracking the users and using that tracking as part of the heuristics they use in their product.
They can do that without seeing the proxied contents. So your analogy to asking facebook or google to stop ads and tracking is completely broken.
> and now further that “dropping the extra feature of caching” would not adversely affect their technology or their business”
Yes. (Well, it was stated much earlier but I guess you didn't notice until now?) You're the one saying it would be a problem, do you have anything to back that up?
> in the latter case obviously false if you know anything about how it works.
Caching costs a bunch of resources and still uses lots of bandwidth, what's so obvious about it? And cloudflare users can already cache-bust at will, so it's not exactly something they're worried about.
https://developers.cloudflare.com/cache/how-to/cache-rules/s...
> would not help at all with a “legitimate ddos” such as being on the front page here
Which is not the scenario people were worrying about.
And an average web server can handle that.