Cloudflare being shady?

bikegremlinbikegremlin ModeratorOGContent Writer

An interesting article - containing four links to similar HackerNews shared experiences:

https://robindev.substack.com/p/cloudflare-took-down-our-website

Corporations being corporate, basically.

Anyone who thinks it's a good idea to register their domains with the Cloudflare DNS/CDN/Firewall provider might want to reconsider - as that might increase the time needed to get back on line when Cloudflare pulls the rug.

Relja of House Novović, the First of His Name, King of the Plains, the Breaker of Chains, WirMach Wolves pack member
BikeGremlin's web-hosting reviews

«13

Comments

  • The day this company announces the discontinuation of free accounts and introduces a 'small fee' for legacy users will be a very sad day for millions of fellow netizens.
    They will do that sooner or later.

  • bikegremlinbikegremlin ModeratorOGContent Writer
    edited May 31

    @Mumbly said:
    The day this company announces the discontinuation of free accounts and introduces a 'small fee' for legacy users will be a very sad day for millions of fellow netizens.
    They will do that sooner or later.

    I expect they will keep the free tier, but may start pushing for upgrades a lot earlier (at lower traffic & bandwidth limits).

    However, the main problem are unreasonably short deadlines, and exorbitant pricing for the next tier: price hikes from $200-$300 to $3,000-$4,000, with year in advance payment (so 12x the monthly price), with a basically 24hr payment window.

    Edit:
    Actually, it's $10,000 per month in this particular case, so a 4,000% price increase. LOL

    Thanked by (2)Mumbly Janevski

    Relja of House Novović, the First of His Name, King of the Plains, the Breaker of Chains, WirMach Wolves pack member
    BikeGremlin's web-hosting reviews

  • skhronskhron Hosting Provider

    @bikegremlin said: An interesting article - containing four links to similar HackerNews shared experiences:

    https://robindev.substack.com/p/cloudflare-took-down-our-website

    It seems it is not a generic website but casino. I am not a Cloudflare fan, but I think there is something more not mentioned in the article.

    Thanked by (1)vyas

    Check our KVM VPS (flags are clickable): 🇵🇱 🇸🇪 | Looking glass: 🇵🇱 🇸🇪

  • _MS__MS_ OGSenpai

    The free plans and free accounts are testbeds for new features and testing existing features at scale. They've admitted it. And, also said that many users who used these free plans became their paying customers in the future. So, one more reason to keep the free-tier.

    Thanked by (1)bikegremlin
  • Just like Google abandoned free services with domains and storage, same will happen with Cloudflare. The problem is how a huge chunk of internet users rely only on Cloudflare, so I guess many will start paying, just like many started paying to Google.

    Thanked by (1)bikegremlin

    Stop the planet! I want to get off!

  • @root said: Just like Google abandoned free services with domains and storage, same will happen with Cloudflare. The problem is how a huge chunk of internet users rely only on Cloudflare, so I guess many will start paying, just like many started paying to Google.

    I was thinking exactly the same. About the discontinued legacy Google Apps/G Suite and about how a huge chunk of internet users rely solely on Cloudflare. One day, many of us who rely so much on CF will wake up with one big headache.

    Thanked by (1)bikegremlin
  • Depends what you rely on CF for; I use it as a free caching CDN that has the fringe benefit of proxying old-net to my IPv6-only sites. All of that is pretty trivially transferable (and this might be the time to start looking into that...)

    Sure, if you need the protection stuff as well, it's trickier to replace but I doubt the majority of their free-tier 'customers' use it for that.

  • chadsixchadsix Services Provider

    @skhron said:

    @bikegremlin said: An interesting article - containing four links to similar HackerNews shared experiences:

    https://robindev.substack.com/p/cloudflare-took-down-our-website

    It seems it is not a generic website but casino. I am not a Cloudflare fan, but I think there is something more not mentioned in the article.

    Agreed, but it doesn't matter whether it was a casino or ______. The way Cloudflare came at them is f'd up at best and extortion, with an itch to pull the trigger, at worst. They make Tony Soprano look patient.

    Some people think it is an overzealous sales person - I disagree. The fact that the site was shutdown in coordination shows that this is a multi-departmental effort in Cloudflare, it couldn't have been shutdown by said sales person -- therefore, it IS Cloudflare.

    Thanked by (2)bikegremlin adly

    Start self hosting with an external IP with IPv6rs.
    The only thing between your host and your data is trust. Trust is not security.

  • skhronskhron Hosting Provider

    @chadsix said: Agreed, but it doesn't matter whether it was a casino or ______. The way Cloudflare came at them is f'd up at best and extortion, with an itch to pull the trigger, at worst.

    What I have meant is the situation lacks more information. I can't judge Cloudflare move in this situation without knowing what made them to require that much money. It could be extortion as you have said or there were issues for other Cloudflare's clients due to this specific client with a casino - it might be DDoS attacks, blacklist of Cloudflare IP address somewhere, etc.

    I would not say this if, lets say, this incident was reported by another non-controversial business.

    Thanked by (1)bikegremlin

    Check our KVM VPS (flags are clickable): 🇵🇱 🇸🇪 | Looking glass: 🇵🇱 🇸🇪

  • @skhron said: Cloudflare's clients due to this specific client with a casino - it might be DDoS attacks, blacklist of Cloudflare IP address somewhere, etc.

    Yeah, no.
    Both calls it was Sales department.

    Haven't bought a single service in VirMach Great Ryzen 2022 - 2023 Flash Sale.
    https://lowendspirit.com/uploads/editor/gi/ippw0lcmqowk.png

  • skhronskhron Hosting Provider

    @Jab said:
    Both calls it was Sales department.

    I doubt that it is common for big enterprises (comparable to Cloudflare) to allow technicians to directly communicate with clients to discuss possible billing options.

    Check our KVM VPS (flags are clickable): 🇵🇱 🇸🇪 | Looking glass: 🇵🇱 🇸🇪

  • @skhron said:

    @Jab said:
    Both calls it was Sales department.

    I doubt that it is common for big enterprises (comparable to Cloudflare) to allow technicians to directly communicate with clients to discuss possible billing options.

    There are some serious issues with your Cloudflare account settings are that potentially affecting our network.
    Please contact us to resolve the situation as a matter of urgency. It's very important that we speak to resolve the situation ASAP.
    

    So you send Sales, that knowns.... nothing about about issues potentially affecting theirs network? No 'technician' at all?

    No one is mad on CF here for trying to sale theirs service, people are mad because on how they do it - they played it as a fucking serious issue affecting theirs network.

    Haven't bought a single service in VirMach Great Ryzen 2022 - 2023 Flash Sale.
    https://lowendspirit.com/uploads/editor/gi/ippw0lcmqowk.png

  • skhronskhron Hosting Provider

    @Jab said: No one is mad on CF here for trying to sale theirs service, people are mad because on how they do it - they played it as a fucking serious issue affecting theirs network.

    It is your assumption that it is not. We can't know for sure while we hear only one point of view. I will remind my reasoning once again:

    @skhron said: It seems it is not a generic website but casino.
    @skhron said: I would not say this if, lets say, this incident was reported by another non-controversial business.

    Check our KVM VPS (flags are clickable): 🇵🇱 🇸🇪 | Looking glass: 🇵🇱 🇸🇪

  • NeoonNeoon OGSenpai
    edited May 31

    Safety and Security is basically Sales at Cloudflare.

  • Cloudflare? Shady? First time I hear that.

    /s

  • edited May 31

    @skhron said: It is your assumption that it is not. We can't know for sure while we hear only one point of view.

    I think that they had blacklisted IPs. As it seems by the wording of the email they got, they were enforcing enterprise in order to have BYOIP. And some cloudflare employee in the comments also mentions this.

    Thanked by (1)skhron
  • havochavoc OGContent Writer

    Definitely sounds like author presented a partial story

    Thanked by (1)bikegremlin
  • edited May 31

    @Mumbly said:
    The day this company announces the discontinuation of free accounts and introduces a 'small fee' for legacy users will be a very sad day for millions of fellow netizens.
    They will do that sooner or later.

    Like Google discontinuing free service and start charging users?

  • @root said:
    Just like Google abandoned free services with domains and storage, same will happen with Cloudflare. The problem is how a huge chunk of internet users rely only on Cloudflare, so I guess many will start paying, just like many started paying to Google.

    Google never offered free domains. And they still offer free storage.

  • edited May 31

    @Jab said: they played it as a fucking serious issue affecting theirs network.

    Because it is? The whole saga is around the site violating cloudflare's business plan ToS. They were evading DNS bans from countries by rotating domains while using CF's IP ranges. Now the governments starts banning IP addresses. Since each cloudflare IP is shared by 1000s of websites, this is a fucking serious issue.

    All they had to do was use their own IP and hence move to the enterprise plan (BYOIP is offered only in the enterprise plan AFAIK).

    And the pricing isn't outrageous for handling a problematic site with 80TB traffic including WAF, CDN, DDoS protection and BYOIP with a pretty good global network (+ the other useless things).

    This also means that if a country DNS-blocks our main domain, a secondary domain may still be available. This could arguably be seen as a violation of the Cloudflare TOS, as they wrote above.

    "arguably", lmao. I don't know why we even need to know the other point of view.

    But yeah, it was kinda dick move on CF's part without giving them a set time frame before nuking (although they got 2 weeks).

  • bikegremlinbikegremlin ModeratorOGContent Writer
    edited May 31

    @deus64 said:

    @Jab said: they played it as a fucking serious issue affecting theirs network.

    Because it is? The whole saga is around the site violating cloudflare's business plan ToS. They were evading DNS bans from countries by rotating domains while using CF's IP ranges. Now the governments starts banning IP addresses. Since each cloudflare IP is shared by 1000s of websites, this is a fucking serious issue.

    All they had to do was use their own IP and hence move to the enterprise plan (BYOIP is offered only in the enterprise plan AFAIK).

    And the pricing isn't outrageous for handling a problematic site with 80TB traffic including WAF, CDN, DDoS protection and BYOIP with a pretty good global network (+ the other useless things).

    This also means that if a country DNS-blocks our main domain, a secondary domain may still be available. This could arguably be seen as a violation of the Cloudflare TOS, as they wrote above.

    "arguably", lmao. I don't know why we even need to know the other point of view.

    But yeah, it was kinda dick move on CF's part without giving them a set time frame before nuking (although they got 2 weeks).

    AFAIK, their traffic was about 10TB per month - but they were only offered a plan that included up to 80TB of traffic at $120,000 per year price.

    The main problems I see are the shady communication, huge (4,000%) price increase, and uber-short deadline for decision and payment.

    Thanked by (1)adly

    Relja of House Novović, the First of His Name, King of the Plains, the Breaker of Chains, WirMach Wolves pack member
    BikeGremlin's web-hosting reviews

  • edited May 31

    @Joseph said:

    @root said:
    Just like Google abandoned free services with domains and storage, same will happen with Cloudflare. The problem is how a huge chunk of internet users rely only on Cloudflare, so I guess many will start paying, just like many started paying to Google.

    Google never offered free domains. And they still offer free storage.

    He means ex-Google Apps/G Suite (personalized emails with own domain, personal workspace, etc.).

    At some point, Google discontinued the decade old "always free" (their words, not mine) version of Google Apps/G Suite (now called Google Workspace). However, they announced that existing legacy users could continue using it for free 'forever' (according to their public statement). Then, one day, they announced that they would completely discontinue it, even for legacy users.
    Legacy users could have kept their accounts if they paid $5/m or something like that per user, which didn't sound too bad. However, legacy accounts had often been licensed for 20, 50, 100, 500, or more users. Those who had used these accounts for, say, their whole family, would have needed to pay monthly for each individual sub-account/mail/user.

    The problem was that many past purchases/play store licenses were tied to those old accounts (play store accounts, purchased apps, purchased music...) so they couldn't be just cancelled. People's paid services became hostages. Pay or everything, even your other paid services tied to the account will be cancelled.
    This caused significant public backlash, so Google changed their decision again and allowed legacy users (those who didn't transfer their stuff to paid accounts yet - many did it because of the sudden threat of deletion) to keep their old accounts for private use. For now.
    However, these accounts are now more and more limited, they don't get new features, etc. Many would gladly get rid of it, but they can't because their paid services (like decade of purchases from Play store) are tied to those accounts.

    I can imagine something similar will happen with Cloudflare's free tier accounts sometime in the future.

    Thanked by (3)bikegremlin root NanoG6
  • You have to pay the DDoS protection money, otherwise things break, somebody could get hurt, or a fire could happen.

  • yokowasisyokowasis Services Provider
    edited June 1

    I see this as cloudflare error of communication.
    They should make things clear.

    Our IP is being at risk getting banned because of your website. If you want to continue using cloudflare, you need to bring your own ip, and because BYOIP is in the enterprise plan, you need to upgrade to enterprise plan.

    What's so hard about that ? I hate that sometimes sales people beat around the bush. Maybe perhaps they don't even know what they are doing, or maybe their order is "Tell customer they have to upgrade to enterprise, you don't need to know the reason"

  • It sounds more like:

    You are making a lot of money and using our services? Great! Pay us more money too!

    As for the free business model, it's a good way to promote your service, but eventually it becomes unsustainable as more and more resources are needed to support the free tier. So I expect all "free" services to go away eventually, including cloudflare.

    Websites have ads, I have ad-blocker.

  • CF will never discontinue Free Tier, they use it to test new patch / deployment.

  • bikegremlinbikegremlin ModeratorOGContent Writer

    @somik said:
    It sounds more like:

    You are making a lot of money and using our services? Great! Pay us more money too!

    As for the free business model, it's a good way to promote your service, but eventually it becomes unsustainable as more and more resources are needed to support the free tier. So I expect all "free" services to go away eventually, including cloudflare.

    In this case, it's like free heroin for start, or like a free puppy from the shop that sells food and pet care products.
    I don't see it going away.

    Relja of House Novović, the First of His Name, King of the Plains, the Breaker of Chains, WirMach Wolves pack member
    BikeGremlin's web-hosting reviews

  • edited June 1

    @Fritz said: CF will never discontinue Free Tier

    Never is a very long time. We thought the same with "always free" Google Apps (Google Apps for Work -> G Suite -> Google Workspace) some 15 or more years ago.

    Just wait until some venture capital firm buys CF with the aim of transforming it into a quick profit.
    I can imagine that the ratio of non-paying users to paying ones is quite large. If they manage to convert even a small percentage of non-paying users into paying customers, they could most likely more than double the base of paid clients.

  • edited June 1

    Being the one who hates CF anyways, I too, think there is something not mentioned in the article. While, yes, CF's direct price increase was a bit too much from their end too, there had to be a breaking point of CF, or they probably they wouldn't have done this without any reason.

    youtube.com/watch?v=k1BneeJTDcU

  • @Otus9051 said:
    Being the one who hates CF anyways, I too, think there is something not mentioned in the article. While, yes, CF's direct price increase was a bit too much from their end too, there had to be a breaking point of CF, or they probably they wouldn't have done this without any reason.

    You can read the post here, it seems explained all the issues caused by the casio website to CF: https://lowendspirit.com/discussion/comment/178871/#Comment_178871

    Thanked by (1)Otus9051
Sign In or Register to comment.