While on reflection I decided that technically they are “intercepting secure connections”, in practice there’s no practical use to a definition of MitM that includes Cloudflare.
- Cloudflare does not install a certificate on clients. They have legitimately signed certificates for those domain names they are serving.
- This is done with the full knowledge and consent of the service provider.
…I wonder what percentage my hand-rolled interceptor accounts for; I have it logging my traffic for a number of Cloudflare-mediated sites. Though unlike the AV ones mine’s an HTTP proxy that can optionally intercept HTTPs traffic instead of tunneling it. Probably not much if Avast only has 7% of interceptions.
