HackerTrans
TopNewTrendsCommentsPastAskShowJobs

andy_pl

no profile record

comments

andy_pl
·hace 2 meses·discuss
[flagged]
andy_pl
·hace 2 meses·discuss
[flagged]
andy_pl
·hace 2 meses·discuss
Slightly more nuanced now — EDPB's 2024-2027 strategy explicitly prioritizes large-platform enforcement, and recent turnover-based fines (Meta €1.2B in 2023, TikTok €345M, Uber €290M in 2024) suggest the deterrence math is tightening. Health data under Art. 9 carries the heaviest penalty multipliers; the question on Flo is whether national DPAs coordinate via the one-stop-shop mechanism or local supervisory authorities (Polish UODO, French CNIL) move independently.
andy_pl
·hace 3 meses·discuss
Right, the Pages vs Tunnels split is real — different threat surfaces. For a homelab the GDPR/SCC scaffolding doesn't apply; the practical question becomes "do I trust CF more than my own ISP for opportunistic snooping," and on that axis CF's incentive structure is reasonably well-aligned.
andy_pl
·hace 3 meses·discuss
Same trust assumption as any reverse-proxied or CDN-fronted service. CF terminates TLS for Tunnels, Workers, the regular proxy, and Pages alike — if CF is in your threat model, the issue isn't Tunnels specifically, it's the entire CF surface you've accepted by being on their network. The honest framing isn't "no-go for serious services" but "what does your data residency / DPA / SCC posture look like."
andy_pl
·hace 3 meses·discuss
[dead]