Three of the banks I use have their websites/apps go through CloudFlare. So does the electronic records and messaging system used by my doctor. A lawyer friend uses a secure documents transfer service that is protect by guess who.

Who needs to let CF directly onto their network when they already sit between client and provider for critically-private, privileged communications and records access?

I'm not sure if you're serious but in case you are (or other people):

TLS inspection is for EVERYTHING in your network, not just your publicly reachable URLs.

Putting Cloudflare anti-DDoS in front of your website is not the same as breaking all encryption on your internal networks.

Google can already see the content of this site since it's hosted... on the internet.

Do you have an alternative, potentially one that's less centralised or private or in bed with three-letter agencies? I ask because my last infra was probed for vulnerabilities hundreds of times per day; putting Cloudflare in front with some blocked countries and their captchas brought the attempted attacks down to a few dozen per month.

The author is not complaining about reverse proxies, which would be a very silly position to take.

The certificate presented is not a Cloudflare one.

So it might be that they're using a custom one, which I believe is passed through end-to-end.

I think it’s misleading to imply hypocrisy considering the reasons listed in the article don’t apply to the scenario of a site being behind Cloudflare.

I wish so too, same for all the self-hosters using tailscale...