Comment by ljm
3 days ago
I feel like there might be an additional motivation too, which is that this investment in a better internet (free SSL for everyone before LetsEncrypt came around, generous free tiers for users, etc. etc.) means that Cloudflare builds a reputation of being a steward of the ecosystem while also benefitting indirectly from wider adoption of good, secure practices.
In some ways it's analogous to investing in your local community and arguably paying tax: it's rare that you would directly and personally benefit from this, but if the environment you live in improves from it, crime is reduced, more to do, etc. then you can enjoy a better quality of life.
Have they made a better internet? Many would say that made it worse.
> made it worse.
I'd say this too. I'm giving LetsEncrypt 100% credit for making HTTPS so ubiquitous and free.
But CloudFlare certainly made things worse for "webmaster" era of the Internet, with everything centralized to CloudFlare. I live in Vietnam, and CloudFlare has made things super annoying with their captcha challenges everywhere.
Credit where it's due, CloudFlare pushed HTTP/2 and 3 adoption. More websites are available over IPv6, and their 1.1.1.1 DNS is actually quite nice.
I'm in the USA, but run Linux. I am getting tired of proving I'm not a bot. I'm on a static IP and they still can't figure out that I'm not a bot.
I don't think they have a CAPTCHA. CAPTCHAs make the users work, Google does this with their reCAPTCHA. The user has to to free work to help Google with their training of machine learning models. I absolutely hate to do work to increase Google's already outrageous profits and leave the page immediately unless it is very important for me to visit it.
Cloudflare has something called Turnstyle where the browser needs to do work. It's a bit of energy waste, but smooth for the user. Unless their algorithm comes to an incorrect decision and doesn't let you in. Then it's infuriating. For me in Europe that seems to be rare, but I have no idea how well it works in Vietnam.
3 replies →
Overall, certainly. There are some negative things people talk about that you might agree with, but look back at what the market was that they disrupted and continue to disrupt. I think that without Cloudflare your registrar would be GoDaddy and your SSL certificates would be from Verisign and your rents would be huge. Backbone wise, that would depend on your region.
My registrar were different before and after godaddy existed and plenty of varieties existed. I find less exist now than during GoDaddy's heyday. But less people care about domain names as they stopped becoming a lottery ticket.
My worries were paypal would take over but then came stripe.
SSL certificates were from Verisign until letsencrypt offered thek free. I didn't see Cloudflare changing that market.
Before them we had uunet and other backbone providers.
Cloudflare made their name from ddos protection attacks. They made that market.
1 reply →
I mean, maybe we would have found another solution to DDOS, but as someone who has had a pretty significant attack (on a service which is a clear public good) mitigated for free… it’s pretty nice being able to keep your services online in a hostile environment.
I don’t know the history here, do you have some examples?
My usage is pretty much limited to their DNS.
They're pretty reviled by people who go out of their way to be private via things like VPNs and locked down browsers, because that constantly trips their bot detection and makes using the web miserable.
1 reply →
They’ve got a pretty long history of helping scammers and criminals.
https://www.spamhaus.org/resource-hub/service-providers/too-...
13 replies →
There's a ton of sites that ISPs wouldn't sell service to if it wasn't for Cloudflare making it difficult to determine where those sites were. It's basically /dev/null for abuse reports.