Author did a surprisingly good job hanging on to all the receipts to support his claim "cloudflare bad." But his alternatives are all CDN providers - which is not even the side of the business that makes cloudflare unique and makes them money. The piece, thorough as it may be, does not offer alternatives to products that cover the exciting parts of their business and I was looking forward to seeing what those were - for example tailscale or Pangolin (Open source alternative to Cloudflare Tunnels) or equivalents for serverless/edge compute. This makes it feel as if the author does not _really_ understand cloudflare's role/position and that this article is just a collection of links that report of the company's (valid) imperfections. For example, their workers platform, DDoS protection, and software-defined network functions (WAN, firewall, Zero-trust, etc) have made my life as a developer in my last few roles very productive and successful. And migrating away from those services was just as easy as signing up.
It might sound like I am defending cloudflare, but I am not. I share the author's concern about them becoming a monopoly that MITM's a lot of the Internet. But the author provides no evidence of to this claim. My experience has been the opposite: cloudflare interoperated with legacy systems and other cloud providers without locking us in or using anti-competitive tactics. Their presence often improved integration even when other vendors didn’t reciprocate. When people flock to a service because it’s genuinely useful rather than "can't leave Hotel California", that’s not a monopoly — it’s market preference.
That said, there is a real risk if innovation stalls or leadership becomes greedy. Companies that stop innovating sometimes resort to aggressive or extractive practices to stay relevant. It seems to be the trend once companies get too big to die - innovation stalls and their flywheel slows and they become desperate (or greedy) to stay relevant. I would monitor for those signs before I sound any alarm.
Exactly this - CDN is the one thing I don’t use Cloudflare for.
As a web developer, I love how effortless it is to spin up a static site for free using their Pages or Workers features. Sure, I could rent a small server or even host projects on a home setup, but often I just want something simple, fast, and hassle-free - and Cloudflare delivers that at zero cost.
Has this convenience led me to spend money with them? Absolutely. These days I even rely on Cloudflare for DNS management, simply because their interface and overall experience are far better than what I was using before I found them.
That said, I’m not here to defend the company uncritically. I recognize the valid concerns and criticisms that exist. But no platform is without flaws, and in some situations I simply can’t — or don’t want to — prioritize the idealistic view. Sometimes I just want to experiment and build, and Cloudflare makes that easy.
The Internet runs at the will of the government(s). Every government (national, regional, local) has regulations that must be obeyed. Depending upon where you live, some of those regulations may be kept secret from those most affected. An entity like Cloudflare is a juicy target that can be used cooperatively, or abused uncooperatively by those enforcing the regulations.
So Cloudflare has solved one problem (DDoS), while creating several new ones, which most people feel is a fair trade, but it's not a prefect world and there is no perfect solution.
>Think about the consequences of that. Anyone who connects to your site from China is MITM by Alibaba.
Source? AFAIK their China product is entirely separate and you need to specifically sign up for it. AWS/Azure have similar arrangements in China but you wouldn't say the Cloudfront users are getting MITMed by the CCP.
I noticed this years ago while in China. I saw someone at a bar with a laptop out using my web site. I went and chatted him up, and I noticed a different TLS certificate, I don't recall if he moused over the lock icon or if his browser, or back then when browsers showed the issuer in the address bar. Freaked me out.
Apparently it's JD Cloud now. Or maybe it was the, and I don't recall correctly. It was a Chinese company, and it really freaked me out when I saw it.
Our company did not do any configuration to enable this behavior. This was in 2017.
AWS was a completely separate entity in China at the time. Fully backdoored of course. Opening an account there required a local company.
With Cloudflare, they were straight up MITM our site which had nothing to do with China at all.
Are you sure they weren't using a corporate machine with some sort of MITM proxy? That seems far more plausible than what you're suggesting. Moreover it's unclear why they'd even bother minting a new certificate for the China side, rather than copying the certificate like they do for all their other POPs.
Yes, I havent done CDN work in a few years, but AFAIK that applies to all of the cloud "partners" in PRC as well. The customer needs to sign up with the PRC entity, provide ICP & local contacts, etc.
I would say that any MIIT approved infrastructure provider _is_ co-opted by the CCP. Its the entire point of requiring ICPs, tying the ICPs to network addresses/endpoints, and infra providers to be local entities; the MIIT gets their MITM equipment and RTBH routes directly in to the providers local DC.
I think it's not just about proving a claim. The same argument that in a democracy, you should build checks and balances to avoid sleepwalking into a dictatorship, is valid for companies, especially internet companies. Look at Google, Apple, Microsoft, Facebook and friends. Cloudflare plays nice because it wants to frictionlessly slide into a position where it can extract rent. Today, they are powerful but are not there yet. They're easy to migrate out of because their offerings, amazing as they are, are not irreplaceable so people cannot yet be made hostages. Mostly what happens is your customers feel like CF is holding you for ransom without you knowing it.
When they start charging per packet and making you money, you will become as dependent on them as Apple developers are on Apple, and you'll find out how nice they are.
I have the same fear of tailscale. They are so amazing I just want to move every piece of my infra to them, business and personal, my family's devices, everything. But over time I've gained this instinctive distrust for low friction from startups, especially when the effect (intended or not) is you forgetting how to manage your own tech.
> ... build checks and balances to avoid sleepwalking into a dictatorship.
This resonates well with me. I don't personally know the checks and balances that need to exist so that Cloudflare, or any big influential company, refrains from becoming evil. I find CF relying on open protocols for interoperability with vendors a very positive sign. I don't ever see them (or any company) backtracking of supporting some open standard once they already have support for it. I'm not aware of them having "custom" solutions that also don't have a spec for them. For example, they are absolutely best suited for the pay-per-[ai]crawl business model and if they wanted they could have easily taken advantage of their position. Instead they are relying on open standards and contributing to them. Paint me naive but this gives me a good deal of confidence of the short and medium term.
But I confess that I don't follow the company/market closely enough to know if that is enough or more is needed. More check and balances always seems good but I have no creativity in this regard. Perhaps that was one of my criticisms with the author's post - to collect all the bad press and identify the shortcomings but to stop short of digesting all those findings into a meaningful resolution.
I am using Cloudflare as a back-end and only using workers (can disable all their security, performance, caching, and whatever stuff they offer; which is really just a worker). The product (workers) is differentiated and I don't think there is any company/service out there that is offering an equivalent.
I do not think that's the author complaint, though. I frequently get these cloudflare captachas and it is why I disabled their firewall (it's pure garbage) for my own sites. Cloudflare does not have any monopoly over the services you mentioned (workers, tunnels, images, etc.) but they do have a kind-of-monopoly over DNS/CDN.
It might sound like I am defending cloudflare, but I am not. I share the author's concern about them becoming a monopoly that MITM's a lot of the Internet. But the author provides no evidence of to this claim. My experience has been the opposite: cloudflare interoperated with legacy systems and other cloud providers without locking us in or using anti-competitive tactics. Their presence often improved integration even when other vendors didn’t reciprocate. When people flock to a service because it’s genuinely useful rather than "can't leave Hotel California", that’s not a monopoly — it’s market preference.
That said, there is a real risk if innovation stalls or leadership becomes greedy. Companies that stop innovating sometimes resort to aggressive or extractive practices to stay relevant. It seems to be the trend once companies get too big to die - innovation stalls and their flywheel slows and they become desperate (or greedy) to stay relevant. I would monitor for those signs before I sound any alarm.