I checked just to be sure (and debugged some problems while I was at it like the certificate having been expired), the certificate is from Let’s Encrypt via certbot.

Here is how to configure Cloudflare for this (I am using the free version):

In the settings under SSL/TLS Overview, in “Configure encryption mode”, select “Custom SSL/TLS” instead of “Automatic SSL/TLS (default)”, and under that select Full:

Full Enable encryption end-to-end. Use this mode when your origin server supports SSL certification but does not use a valid, publicly trusted certificate.

Edit: looking into it more, might have been mistaken about how this works

How can they act as a proxy if they can’t terminate the connection?

Why wouldn’t they be able to? The DNS record points to Cloudflare’s IP, they forward the traffic to your server’s IP. This is a common choice for self hosting setups because it’s a free service and it is a way to avoid pointing a DNS record at your home IP, which you may not want everyone to know. That doesn’t require decrypting the traffic.

How this squares with the ddos protection and caching stuff, I’m not sure, but I know I set up SSL locally, did not give Cloudflare the keys, turned off all the options for them to handle it, and everything seems to work.

I’ll be more specific: if you set up a website on your own server, and use Cloudflare as a reverse proxy. If you do SSL yourself, on your own server, then the traffic is encrypted between the client and your server, and therefore Cloudflare cannot read it, they do not have the encryption keys, even though the traffic is passing through them. If you use Cloudflare’s https solution, Cloudflare provides the keys and decrypts the traffic before passing it on.

The former is the more secure way to do it, but they encourage you to do it the way where they get to read all the traffic, which is pretty shady of them, because if a website has https people assume that means it is end to end encrypted to the website itself, but that assumption is being violated here and a user has no way to know.

Cutting off sexual predators is all well and good but it doesn’t justify cutting off all perspectives other than those of their parents and immediate community. I think that would overall make abuse worse, which is most commonly coming from family anyway, especially for adolescents that may have something different about them that their parents have regressive attitudes towards. People really don’t give enough credit to how much of a positive difference the internet has made with that sort of thing.

If you set up a website with cloudflare, their user interface has a lot of tracking stuff on by default to be injected into it. It also encourages you to use their https service where the traffic is not actually encrypted from the user to your server, but man-in-the-middle’d by cloudflare. But the interface makes it super easy to do and refers to it like a good and normal default option.

So yeah I think they really want your data.

I’d guess that the content and the people would be a bigger factor for someone who isn’t very into technology than understanding the underlying concept and architecture.

I am also worried about that.

There’s a limit to what you can do when the house and senate refuse to impeach a president who is obviously breaking the law constantly, and when the justice department sees itself as the president’s lawyer.

We can acknowledge that additional power granted to the executive branch of the US government cannot be said to be safe, and that limitations on its power must be more blunt in order to be reliable. Use of money that lacks buttons for them to cut people off is potentially one such blunt limitation. I also find the way people have been protesting pretty inspiring, I think it helps.

Yes, and the failure of possible legal protections really illustrates the vulnerability I’m talking about here. This stuff took effect by default, had to be countered by a lawsuit, which hasn’t worked so far. It should be really clear why further moves away from cash and any semblance of financial privacy and autonomy are dangerous invitations to more abuse.

The sanctions on ICC judges are a very specific and well known example. I’m not writing a researched essay in the comments here though so I’m reluctant to dig into the details if that’s not something you’re going to do yourself. If you want more examples and a more in-depth take on this issue, here is an article on the subject that I broadly agree with.

I’ve already given several examples, all of which seem to qualify.

If you’re arrested, you have various established rights, like being innocent until proven guilty, jury of your peers, need for the circumstances of your arrest to have been legal, need to charge you with a crime and let you see a lawyer to continue holding you, etc. Debanking, afaik, is more of just something government agencies do at their discretion. Sometimes it’s even done without any overt process at all, financial institutions are simply given vague warnings implying they should cut certain people or organizations off, and they proactively comply.

To give the example of civil forfeiture, there your money is assumed to be criminal until you prove in court that it is not, a reversal of the standard and infamously easy for corrupt cops to abuse.

In some ways it might be less serious, but that isn’t its only notable property. There’s also the way it bypasses many of the protections and assurances we have about the latter, like due process. The ability to silently, invisibly, and unilaterally shut down political adversaries etc. is dangerous, and there isn’t much reason to think it will be used only where there is legitimate justification (again, consider the sanctions against ICC judges for trying to hold war criminals accountable). It is entirely reasonable for people to want to preserve ways to defend themselves against this type of nonphysical state violence.

I think they will stick with companies like USDC and just keep a leash on them. These stablecoins have freeze functions, the government can take charge of those if they want, and it’s potentially a major source of demand for US treasuries in an environment where US debt keeps looking like a worse bet to everyone, since the legislation mandates full reserves and specifies what those reserves can be denominated in.

Not that any of this is especially a good thing imo. The value of crypto is permissionless money, stablecoins are not that and have centralized controls, at least the popular ones the law approves of.

Don’t they fill the same role? What would the practical differences be? They compete for basically the same market anyway, so it’s worth thinking about what system is likely to become the standard.

Ok, I’m not trying to defend it, call it what you want. The point is that debanking is serious and a real threat.

Transitioning to CBDCs would just be making the back-end more robust

What exactly “transition to CBDCs” means is kind of ambiguous, but the way it’s looking is that what we’re going to get is licensing of privately issued stablecoins, which then increasingly get used behind the scenes in payments infrastructure. They passed a regulatory framework for this last year in the US and things have been progressing since then.

Whether those particular protesters were in the right seems less significant than the general threat of debanking being used by a government as a weapon to disrupt the logistics of protests. This is obviously not limited to disruptive right wing protesters with questionable grievances. Take for example the way the US has used sanction powers to disrupt the daily finances of ICC judges.