Well I run a service with 100 million registered users and this is why we don't use Cloudflare. We use VeriSign BGP DDoS mitigation which is more expensive than Cloudflare (about 27k per year with our traffic) but i don't have the luxury of losing the business on a Saturday afternoon on a whim of an anonymous Cloudflare censor, their lawyer or even his Majesty Matthew Prince Himself making a preemptive liability decision on behalf of my own business.
I know that Google takes those deplatforming decisions with ease, because they have billions of users but with Cloudflare's much more finite enterprise userbase, I would be careful to aspire to Google's heavy handed approach: for Cloudflare's customers, real money and real jobs are at stake.
I sort of have the same thought. Cloudflare isn't really public facing so they don't have the same pressure to ban people, and any time you start banning sites you risk scaring off business. I don't have a large website, but I do have my own project/personal sites and with those I specifically use hosts that have a reputation for high uptimes even in the face of censorship (like Epik domains or terrahost)
It seems especially weird too considering how they just made a blog post promising not to do this (https://archive.ph/gJXgF), and then not only did it but used broad, over the top language which sounds, if I'm honest, a bit disingenuous. Like if someone's life is in imminent danger, you shouldn't be playing games on the internet you should be calling the cops
You don't use Cloudflare because you're afraid of them de-platforming you due to social pressure? Are you hosting content that encourages and/or facilitates harassment, violence, suicide, swatting and other illegal activity? Then you should be afraid of being de-platformed, Cloudflare or not.
If you said you're not using Cloudflare because Cloudflare is attempting to become a monopoly that can mix good with bad and prevent anyone from blocking whoever they choose to host, that'd make sense.
But it sounds like you're just bullshitting. Anyone who'd stretch this event to the possibility of "losing business on a Saturday afternoon on a whim of an anonymous Cloudflare censor" is just absolutely bullshitting. You, cft, are full of shit.
I think your assertion that "losing business on a Saturday afternoon on a whim of an anonymous Cloudflare censor" is a legitimate concern is pure straw man - you're positing that there's this new censorship thing going on, and not only that but that it's so arbitrary that an "anonymous Cloudflare censor" could just take you offline.
That is why I'm saying you're full of shit.
Do real adults make ridiculous assertions about imaginary things and expect to be taken seriously?
It's telling that you're not all that secure about being believed about spending all that money with Verisign (which, personally, I think is a very bad choice, but you do you).
I think a downside of their CEO & C-level spending so much time on Twitter and HN (spending any time there at all is already "a lot" for C-suite) is that they might overestimate the size and importance of social media mobs. Practically every hashtag is botted these days, especially ones people feel passionate about.
The crux is that even if IT decisionmakers have become more left-wing and pro-top-down-control, they're still very unlikely to ever pick Cloudflare even after they complied. Best solution is to ignore.
I agree, I think in his attempt to be overly transparent he's made himself a target for these social media mobs. At the end of the day he's a businessman and if his business' financial needs require it to shut websites down then that's unfortunate but that's life as a business. But to air out all their thoughts and deliberations makes them seem vulnerable to persuasion efforts.
I actually think the other half of the reason why Cloudflare became such a target is because of their 404 cloudflare site that displays when the origin host goes offline. It's essentially an ad for cloudflare, there is no technical need for them to show this. Only: if my site protected by akamai goes down, I dont believe my users will see that it was protected by akamai. It's just offline.
The best protection cloudflare has is to stop making it so easy to see who is protected by them. In fact, they should even stop giving out information on who they are protecting and put it into their TOS that social media sites are not allowed to broadcast the fact that they are protected by cloudflare.
These would be practical steps to massively help Cloudflare mitigate further risks.
I know that Google takes those deplatforming decisions with ease, because they have billions of users but with Cloudflare's much more finite enterprise userbase, I would be careful to aspire to Google's heavy handed approach: for Cloudflare's customers, real money and real jobs are at stake.