Comment by aborsy

Comment by aborsy 6 days ago

5 replies

View on Hacker News

If you use this, it makes sense to run it at home. If you run it on a VPS, traffic is decrypted on VPS, the same privacy issue with Cloudflare tunnels. You have to trust the VPS provider.

fossorialowen 6 days ago

This is true! But you have a little more control over who you might choose to trust. For example - you might trust AWS not to snoop in your VM more than you might trust CF to not collect valuable usage data about you when they decrypt your traffic.

Reply View 2 replies
  • scottgg 6 days ago

    Agreed - there’s a big difference between “I actively asked CF to terminate my TLS” and “I suspect my provider is scraping unencrypted data out of my running VM”

    Reply View 1 reply
    • aborsy 6 days ago

      I doubt there is less monitoring at a VPS than CF. Many VPS companies are less known and smaller, and may not have professional audit and access processes in place.

      Reply View 0 replies
mekster 6 days ago

What can you even do if you can't trust a VPS provider?

Reply View 1 reply
  • aborsy 6 days ago

    TLS pass through. You simply route encrypted traffic to your home. The keys to the castle are all in home!

    Reply View 0 replies