Comment by benlivengood

Put blame where blame is due. Poor security practices in operating systems of Internet-connected devices are breaking the Internet. Bandwidth is not cheap and only botnets can afford to DDoS major Internet sites. Cloudflare is the mitigation to terrible security practices in software development and system administration that allows botnets to persist. Cloudflare is simply the Schelling point people have arrived at to minimize harm until we have better-secured peers on the Internet (if ever).

The incentives are unfortunate; bandwidth is not free but it's cheap enough that individual owners don't really care if their hosts are part of a botnet until their ISP starts complaining or disconnects them. Individuals also don't really have good choices available to them; consumer devices rarely get patched for very long compared to their useful lifetime.

I think the current compromise is better than some alternatives like an Internet Passport or harsh penalties for making mistakes on the Internet or FDA/FCC levels of scrutiny on Internet-connected devices.