Felicitas Pojtinger 🌅Sep 25, 2025
Whenever you see someone recommend Cloudflare or something else that decrypts and re-encrypts TLS for something, esp. for something related to open social media or media storage etc., reply with this picture from the Snowden leaks
Show threadStuart Longland (VK4MSL)Sep 27, 2025

@pojntfx I think Google has since fixed the cleartext-in-the-DC issue but that alone doesn't earn them trust.

I'm old enough to remember when even the front-end of webmail services was cleartext.

Show threadSophie SchmiegSep 28, 2025

@stuartl @pojntfx yeah, we encrypt all traffic internally as well as externally, within datacenters and between datacenters.

As far as I know, Cloudflare does as well.

Show threadSophie SchmiegSep 28, 2025

@stuartl @pojntfx if you use a modern browser (especially Firefox or Chrome, but I think Safari might as well these days), the traffic is even protected against someone storing the ciphertexts, developing a quantum computer, and breaking the elliptic curves used.

I talk about the effort of making this true internally here, using that very slide 😏.

https://youtu.be/IAOWRO9Qn10?si=3SYI9NaOnzxkC5i0

Session on PQC Protocols and Agility

YouTube
Show threadViolet
@sophieschmieg @pojntfx @stuartl i am so sad to hear about killing the resumption exchange ​​ i was just trying to add more forward secrecy
Sep 29, 2025 at 12:21amWeb