And what do you reckon the chance is that Azure and AWS and GCP are extracting ephemeral TLS session keys for every inbound HTTPS traffic stream bound for their customers, and decrypting every single stream?
The chance that cloudflare is getting access to all incoming traffic in plaintext is 100%.
Didn't mention anything about chances. If these companies wanted they could decrypt all traffic and it's easier than how you said (just swap out a web server binary or something). Although i must admit cloudflare has a worse track record
The chance that cloudflare is getting access to all incoming traffic in plaintext is 100%.