Cloudflare is basically a legitimized man-in-the-middle attack, ie. while the data gets encrypted between User / Cloudflare and Cloudflare / ChipMixer the data still gets decrypted -- and possibly stored -- on Cloudflare's server.
This is correct.In case of other mixers using CloudFlare, CloudFlare knows your input address and output addresses. In our case, if we would use CloudFlare, CloudFlare would know input addresses and private keys. CloudFlare is US company so it is reasonable to think that any three letter institution could get an access by court order.
The reason given by chipmixer in the post above mine ^^ is the main reason why a mixer shouldn't use cloudflare. There are other reasons tough, like there are:
* cloudflare is able to inject any type of content into any page that goes trough their servers
* cloudflare has 2 SSL "modes": flexible and full. For an enduser, it's allmost impossible to tell wether the site he's visiting is using full or flexible SSL mode. If a site is setup with the flexible SSL mode, it is possible for your data to be encrypted between your computer and cloudflare, but unencrypted (over port 80) between cloudflare and the server. So, if everything is setup correctly (full ssl mode), there is no problem, but if the admin was lazy and setup the flexible ssl mode, the user might never know his data is being transferred unencrypted.
* the mixer admin has to sign in to his cloudflare account pretty often, so if he's not carefull with using a VPN all the time, his ip might get logged on an US based company's server
* cloudflare protection is terrible when you try to visit a clearnet url over tor
*...
Don't get me wrong, i love cloudflare, but i don't think it should be used for mixers, banks,...
