> Users cannot consent to Cloudflare seeing their traffic
Users consent to the website seeing their traffic and the website consents to Cloudflare doing the SSL termination. This isn't too much different from the website consenting to analytics scripts monitoring webpage activity (i.e. Hotjar). If they did something shady, then users & the website would both be rightfully mad at them. But Cloudflare hasn't, so far at least.
Meanwhile, Facebook is known to do literally everything shady that is possible to do with a user's data, as well as plenty of things that weren't even a thing before they invented entirely new methods of tracking and selling data, so it's rightfully insane to trust them with anything, especially website traffic that they have no rights to.
Why would you idea stop at CF? Did they consent to hetzner / digital ocean / AWS / whatever hosting company seeing the traffic? The idea that the content producer decides how the content is served on the internet is the default.
They don't see the traffic unless they analyze the memory of your running server, because the SSL termination happens inside the server. Encrypted traffic passes through their network, which they don't have the keys for. Cloudflare, on the other paw, literally offers to do the SSL termination for you, as in they hold the private keys and perform the decryption on their servers that they control. Then they pass the decrypted traffic through their network in order to do things like "optimize" your images, or inject JavaScript into your pages. Website owners consent to this, but I guess the question here is whether users should need to consent to this website's traffic being handled in decrypted form by Cloudflare before that is actually done.
They can see the traffic if you're using one of their load balancers. And even if not, snooping on VMs is pretty trivial. For example this project https://github.com/KVM-VMI/kvm-vmi makes it easy to look at memory / processes on a VM.
> They can see the traffic if you're using one of their load balancers.
Only if you let them manage the SSL connection. Load balancers can easily relay individual TCP connections that are encrypted - load balancing doesn't require decryption.
> And even if not, snooping on VMs is pretty trivial.
They'd have to go out of their way to do this, and this would probably be the end of them if it were ever found out. So it's safe to assume any provider who wants to continue existing will not be doing this.
It's not that hard for VMI and harder than you think for network.
I did work for a public cloud and we did think of VMI for diagnostics and malware checks. Once deployed and automated, it would be trivial to reuse for other purposes. I don't expect public cloud to use that daily, but I'd be surprised if they didn't have the process ready.
On the other hand, you want to process the LB traffic as fast as you can and any monitoring/reporting delay would have bad effects. Reconfiguring the filters / sinks at runtime takes effort too.
With experience in both areas, I can tell you they're comparable overall. You have to go out of your way to do it, but it's not too far.
*most willing customers of CloudFlare.