Comment by ljm

Comment by ljm 3 days ago

28 replies

View on Hacker News

I feel like there might be an additional motivation too, which is that this investment in a better internet (free SSL for everyone before LetsEncrypt came around, generous free tiers for users, etc. etc.) means that Cloudflare builds a reputation of being a steward of the ecosystem while also benefitting indirectly from wider adoption of good, secure practices.

In some ways it's analogous to investing in your local community and arguably paying tax: it's rare that you would directly and personally benefit from this, but if the environment you live in improves from it, crime is reduced, more to do, etc. then you can enjoy a better quality of life.

ipaddr 3 days ago

Have they made a better internet? Many would say that made it worse.

Reply View 27 replies
  • Ayesh 3 days ago

    > made it worse.

    I'd say this too. I'm giving LetsEncrypt 100% credit for making HTTPS so ubiquitous and free.

    But CloudFlare certainly made things worse for "webmaster" era of the Internet, with everything centralized to CloudFlare. I live in Vietnam, and CloudFlare has made things super annoying with their captcha challenges everywhere.

    Credit where it's due, CloudFlare pushed HTTP/2 and 3 adoption. More websites are available over IPv6, and their 1.1.1.1 DNS is actually quite nice.

    Reply View 5 replies
    • twothamendment 2 days ago

      I'm in the USA, but run Linux. I am getting tired of proving I'm not a bot. I'm on a static IP and they still can't figure out that I'm not a bot.

      Reply View 0 replies
    • usr1106 2 days ago

      I don't think they have a CAPTCHA. CAPTCHAs make the users work, Google does this with their reCAPTCHA. The user has to to free work to help Google with their training of machine learning models. I absolutely hate to do work to increase Google's already outrageous profits and leave the page immediately unless it is very important for me to visit it.

      Cloudflare has something called Turnstyle where the browser needs to do work. It's a bit of energy waste, but smooth for the user. Unless their algorithm comes to an incorrect decision and doesn't let you in. Then it's infuriating. For me in Europe that seems to be rare, but I have no idea how well it works in Vietnam.

      Reply View 3 replies
      • censorfree 2 days ago

        This can be a slippery slop into censorship! Or a corporate feudal divide up the Internet segments by geo-locations.

        Of course in general I do feel better about Cloudflare than Google making money.

        Reply View 0 replies
      • oarsinsync 2 days ago

        > I don't think they have a CAPTCHA … Cloudflare has something called Turnstyle

        I believe CF Turnstyle was only released in 2024. I believe they used reCAPTCHA up to 2020, and then switched to hCaptcha. I believe hCaptcha continues to be offered.

        Reply View 1 reply
        • usr1106 2 days ago

          Right, 1.0 might have been last year. But it was available (maybe called beta?) probably since 2018 at least. I have used Gitlab since 2018 and IIRC it had Turnstyle from the beginning. Gitlab have configured(?) it such that it comes at every login, but because it works automatically it has never been a problem for me. It wouldn't have worked on some phones, but I don't use phones for Gitlab.

          I wasn't aware that they have (had) alternative solutions. Probably because I've rarely seen them. Or if they used reCAPTCHA I got mad on Google, not noticing that Cloudflare had injected it.

          Reply View 0 replies
  • stubish 3 days ago

    Overall, certainly. There are some negative things people talk about that you might agree with, but look back at what the market was that they disrupted and continue to disrupt. I think that without Cloudflare your registrar would be GoDaddy and your SSL certificates would be from Verisign and your rents would be huge. Backbone wise, that would depend on your region.

    Reply View 2 replies
    • ipaddr 3 days ago

      My registrar were different before and after godaddy existed and plenty of varieties existed. I find less exist now than during GoDaddy's heyday. But less people care about domain names as they stopped becoming a lottery ticket.

      My worries were paypal would take over but then came stripe.

      SSL certificates were from Verisign until letsencrypt offered thek free. I didn't see Cloudflare changing that market.

      Before them we had uunet and other backbone providers.

      Cloudflare made their name from ddos protection attacks. They made that market.

      Reply View 1 reply
      • zuppy a day ago

        For DDOS there was and still is Prolexic/Akamai. Cloudflare did not made that market, they just took a big chunk of it. There are other big players too, like Google.

        Reply View 0 replies
  • danielheath 3 days ago

    I mean, maybe we would have found another solution to DDOS, but as someone who has had a pretty significant attack (on a service which is a clear public good) mitigated for free… it’s pretty nice being able to keep your services online in a hostile environment.

    Reply View 0 replies
  • lostlogin 3 days ago

    I don’t know the history here, do you have some examples?

    My usage is pretty much limited to their DNS.

    Reply View 16 replies
    • jsheard 3 days ago

      They're pretty reviled by people who go out of their way to be private via things like VPNs and locked down browsers, because that constantly trips their bot detection and makes using the web miserable.

      Reply View 1 reply
      • chrismorgan 3 days ago

        And in places where CGNAT is in use, so that many people are on the same IP address, and botnets are active on that address.

        I live in India in such a situation, and most of the time it’s not too bad, but I still encounter Cloudflare CAPTCHAs pretty frequently. At times, it’s been almost half the web is blocking you. And occasionally, it actually is blocking you, not just a CAPTCHA. It’s also not rare, when being more aggressively blocked, for a site to break because it tries loading scripts from another domain, which is then CAPTCHAing so that scripts just won’t load.

        Back when I lived in Australia, I practically never got Cloudflare blocks.

        The mechanism may be understandable and even justifiable to a considerable extent, but the poor definitely end up suffering more from Cloudflare than the rich.

        Reply View 0 replies
    • iamacyborg 3 days ago

      They’ve got a pretty long history of helping scammers and criminals.

      https://www.spamhaus.org/resource-hub/service-providers/too-...

      Reply View 12 replies
      • Aeolun 3 days ago

        So the better internet is for everyone, is that so bad?

        I’d rather have them help everyone than make arbitrary decisions about who gets served. That’s what we have the legal system for.

        Reply View 11 replies
    • wbl 3 days ago

      There's a ton of sites that ISPs wouldn't sell service to if it wasn't for Cloudflare making it difficult to determine where those sites were. It's basically /dev/null for abuse reports.

      Reply View 0 replies