Yep that is more concerning. They might be using unencrypted HTTP to get an idea of the breakdown and then inferring volumes based on HTTPS traffic and known differences between the two.
I basically wouldn't jump to "Cloudflare have a bunch of sensitive data and will use it in bad ways", I suspect they have less data than we might assume from the article, and in general their security/privacy stance is great.
I basically wouldn't jump to "Cloudflare have a bunch of sensitive data and will use it in bad ways", I suspect they have less data than we might assume from the article, and in general their security/privacy stance is great.