It would be a conspiracy theory to say they were created by a three letter government agency, but if I was running one of those three letter agencies, this is exactly the kind of company I'd setup and control. People just give them their TLS keys lol
If you use a VPN or just like browsing in privacy mode, it will make your life as difficult as possible by having you fill out multiple captchas. And even then, it will sometimes not let you through.
If you're running a website, please stop using Cloudflare.
Even if you run your own proxy and caching, you can’t trust your cloud provider not to DMA your keys unless you’re using trusted computing[0] (which ironically requires remote attestation if a company wants to verify it’s active on their CPU), and then chances are a dedicated three-letter-agency has exploits at the ready if they really need to extract information.
If a company isn’t running their own bare metal, nothing is safe.
0: https://aws.amazon.com/blogs/security/confidential-computing...