Cloudflare provides an immense value for small sites. Doing DDoS protection with specialized firewall hardware was one of the most expensive things you could do, so it wasn't really affordable for lots of people. They win by solving a problem. I believe that the issue of Cloudflare as a man-in-the-middle is a smaller issue for people running websites than the damage done by potential attacks.
The argument about Cloudflare being the man-in-the-middle has always confused me. Yeah, it makes sense if you're big enough to run your own data centers, but for most smaller sites you're trusting someone to host it, so how is Cloudflare any different than some other random provider?
I'd still like to know what happened with that domain that got put into pendingDelete with a false positive a couple weeks ago, but, besides that, I'm very bullish on Cloudflare. I think there's a massive amount of opportunity to capture underserved markets in tech right now due to subscription fatigue and increasing prices. More reasonable pricing could do well in the low end of some markets and having a platform like Cloudflare that can scale to $0 makes it much more practical to start thinking about building for some of those markets.
Cloudflare solves a real problem that's impossible for anyone small to solve for themselves and getting to ignore all of that complexity makes it practical for people to build things they couldn't even consider before. Cloudflare is adding value way beyond any risk they're creating by acting as a proxy.
> Easy - you’re trusting someone, true, but it’s likely not the same person that someone else is trusting.
I dunno if that's true. I mean I can name 5 companies and generally speaking narrow it down to the owner of the hardware (or the owner of the owner of the hardware) or at the very least a company with enough resources that if they want your content they can take it.
So the real problem seems to be that they are a monopoly? But how is that their fault? they invented the low-cost CDN market, before them we mostly just had Akamai that hosted Wimbledon-size websites and streams for $$$$.
PS. also unclear where else I can get similar services - no affiliation with them, just to run a small website.
> the issue of Cloudflare as a man-in-the-middle is a smaller issue
for people running websites than the damage done by potential
attacks.
There is no damage done by potential attacks. Damage is done by actual
attacks. I am not simply being pedantic. The damage done by blocking
users and the leaking of data via TLS proxying seems very real. One
cannot make comparisons between actuality and potentiality.
How is this any different than AWS/Azure/GCP (e.g. cloud functions) MITMing your users' connections? If it's not your hardware, it's not your encryption keys.
No real difference AFAICS, it's a general problem of poor
cybersecurity education and quick/cheap solutions. I certainly don't
mean to single out Cloudflare alone on that point.
While their hardware helps in terms of their costs and scale the real challenge is the bandwidth.
Blocking traffic at your edge means that by the time you're able to evaluate traffic and take action it has already consumed your bandwidth. Cloudflare is able to protect aspects of their internal network and customer properties with their filtering but they need a tremendous amount of bandwidth and anycast in order to do it in the first place.
