They get shit on a lot here. Why? What do they do and how is that different from other companies that offer similar services?
What I know of them: they offer DDS brute force/spam protection for websites.
Despite being a paying customer, my biggest gripe with them is their lack of concern for freedom of speech. They decided they can “de-platform” sites that they are not aligned with, which is shitty when A) they’ve basically cornered the SMB CDN/DDoS-protection space B) they are fine with these sites in their customer base until a pressure campaign they don’t feel like battling surfaces.
This is referring to the KiwiFarms vs Keffles situation, where Keffles made false claims to Cloudflare about KiwiFarms endorsing/promoting suicide in an attempt to prevent her leaked discord convos from spreading. Cloudflare caved without question and suspended KiwiFarms’ account without warning.
Otherwise, I have personally never had an issue with Cloudflare. But I am still going to look for alternatives because I don’t think it’s cool for companies with that kind of responsibility to bend a knee to bad actors out of fucking convenience.
Kiwifarms was actively carrying out doxxing and targeted harassment campaigns that led to the suicides of multiple people. Whatever your opinion is on Keffals, this is a fact, and it’s what got Kiwifarms taken down, Keffals was just the loudest voice pointing it out.
I don’t know if I agree with your statement.
Cloudflare is absolutely fine with providing services to websites that host incredibly dangerous misinformation or violent material.
Because unless it’s multiple legal threats or can hurt Cloudflare directly, Cloudflare won’t act.
It sucks to go through “prove you are human” screens that seem to time out half the time. Even worse when they put RSS feeds behind this Cloudflare wall
They get hated on because :
-
they inspect packets. They terminate the TLS sessions at their servers and reencrypt to forward to the backend. This allows them to analyze the data to spot spam, optimize compression and such
-
they are used everywhere. If they go down, 30% of the internet goes with them.
They terminate the TLS sessions at their servers and reencrypt to forward to the backend. This allows them to analyze the data to spot spam, optimize compression and such
And any organization that utilizes a CDN/security provider, like Akamai, AWS, Fastly, etc. knows that they all do this. They need access to the unencrypted content in order for services like CDN and WAF to work properly.
First point, fair enough.
Second point isn’t really a valid reason to hate them for…
From what I could tell it’s mostly because they didn’t participate in the immediate removal of deplorable, but legal sites from their service.
The most recent case being Kiwi Farms https://www.cbsnews.com/news/cloudflare-abuse-policy-kiwi-farms-harassment-clara-sorrenti-keffals/
They quickly reversed course and dropped kiwi farms within a few days of that article dropping https://www.washingtonpost.com/technology/2022/09/03/cloudflare-drops-kiwifarms/
For the better part of a decade, I’ve used Cloudflare’s DNS servers, 1.1.1.1 & 1.0.0.1, mostly because they claimed it was more secure and slightly faster than say, Google’s 8.8.8.8.
What are the secure-minded folks using these days?
Cloudflare’s 1.1.1.2 blocks known malware domains, so that’s better than 1.1.1.1 unless you want nothing blocked.
If you want to block ads and trackers in addition to malware, try ControlD’s 76.76.2.2 .
Better still is to use encrypted DNS if your device supports it. I like NextDNS or ControlD for that, as DNS-Over-TLS or -HTTPS.