Comment by johnklos
8 months ago
Cloudflare is evil, even though they do a decent job of pretending they care. They are smart to offer gateway services (gateway as in gateway drugs - stuff to get you hooked) for free to end users, since it grows their fanboi base, gets more people familiar with their services, and gets people hooked in ways that make it very difficult to use something else when their projects grow.
However, any reasonably competent person can see that recentralization of the Internet is a Bad Thing™, and that this is precisely what Cloudflare wants.
Likewise, we know that aggregating our data through a for-profit company that's based in the United States means that collected data is reasonably in the hands of the NSA, which makes their DNS-over-HTTPS scheming suspect.
Just like what happened with the company in this post, we have plenty examples of them abusing their position to extract money from both legitimate companies, like this one which is aware of their legal obligations in various countries, and scammers and spammers alike, who Cloudflare are more than happy to host indefinitely in the name of "free speech".
Their lack of clear communication, their broken abuse reporting, their continued claims that they don't "host" all show them to be antagonistic towards anyone negatively impacted by their facilitation of illegal activity.
Cloudflare is an evil company that just happens to be better (but not great) at hiding it than other evil companies.
The consistent reaction when I brought up Cloudflare with other CDN technical and sales teams, as of about four years ago, was a laugh and something along the lines of “yeah we’ve got some customers with some stories about them”.
Bait-and-switch seemed to be the most common pattern, plus crazy-high prices once you’re on the “switch” side of things.
But their sales team was so uniquely uninterested in our business that I never had to find out first hand.
> However, any reasonably competent person can see that recentralization of the Internet is a Bad Thing™, and that this is precisely what Cloudflare wants.
It's an inevitable outcome, as long as there is nothing done against the big threat actors: government-run APTs from China, Russia, North Korea and Iran, government-tolerated scammers (India, Turkey), rogue actors in our governments' security services (e.g. Pegasus), ordinary criminals mass-hacking vulnerable devices and selling access to them to be abused for DDoS'ing for less than the cost of a coffee at Starbucks... it's a wild west, and people are hiding themselves behind the largest giants they can find: Cloudflare, Akamai, AWS, Azure and GCP.
[1] https://en.wikipedia.org/wiki/Pegasus_(spyware)
You're throwing unrelated facts at the statement. Recentralization has absolutely nothing to do with being protected from DDoS or from other threats. Now, DDoS (and other kinds of) protection can be done by recentralization, but that's just one possible way.
Saying it's inevitable makes you seem like a Cloudflare apologist, which unfortunately we see way too often here on ycombinator. Has anyone refuted my suggestion that Cloudflare is knowingly evil? No. Have they downvoted because my information is incorrect? Also, no, or if they think I'm incorrect, they haven't bothered pointing out how.
People want to like the things they choose, and this, unfortunately, is where Cloudflare is cleverer than other large, evil companies.