I am a plebe who doesn’t understand these things but what exactly does cloudflare do? I see it popping up more and more often redirecting before visiting a site. I assume that this has something to do with bot traffic? It seems like every mention of cloudflare is about how it ruined someone’s day.
Mostly breaking it. They’re centralizing stuff and nowadays lots of services depend on that single service provider. And the original idea of the internet was to make everyone equal and have some resilience against single points of failure. That’s kind of detrimental to the whole idea.
Secondly, you unencrypt your traffic and send it to them plain so they can read everything. That may or may not be an issue for your use-case, but I like privacy and encryption and no third parties reading my messages.
And the question is: What do you need their service for? I understand that a tunnel is useful if you’re behind a NAT. But the DDoS protection and attack prevention is mostly snake-oil for most people. It’s unnecessary most of the times, the free tier doesn’t include any of the interesting stuff and it’s questionable if most people get targeted by DDoS attacks anyways. And as I heard if it comes to that point, they will cease service to you anyways and want to see money ($240 to $2.400 per year.) So I don’t see a good reason why you’d use Cloudflare in the first place. Unless you need a tunnel or subscribe to one of the more expensive plans. Otherwise it only has downsides.
I wouldn’t say it’s snake oil for most people because of how cheap it costs to execute a DDoS attack, all it takes is for you to piss off one person for it to be worth it. Although you do not have to use cloudflare there are plenty of other protection services out there.
And a side note, I can’t believe how hard it is to find statistics on how many DDoS attacks have happened that’s not from someone with a vested interest in the matter. I’d figure the FBI/IC3 or CISA would have better statistics on the matter.
I run a small personal blog/portfolio website that doesn’t get more than a hundred or so human visits per day, but it gets hammered with bot traffic, not just malicious bots but tons of different search indexers and scrapers, many of which don’t respect robots.txt
after setting up cloudflare I noticed a very significant drop in malicious traffic and in bandwidth use, which also corresponded to less bandwidth and CPU usage for my VPS.
I know cloudflare has recently had a few bad customer service stories but for small and medium sized websites their service is invaluable
my own personal criticism of cloudflare is that, as a VPS user, I get hit by cloudflare challenges more. but now that they’ve moved to hcaptcha it’s not too bad