The Good
This site used Cloudflare before. Isn’t it a great service?
Cloudflare helps keep websites safe, fast, and reliable. It stops bad guys from attacking your site, speeds it up, and makes sure it’s always available. It also makes managing website stuff like DNS and security easy, with features like SSL and firewalls. Anyone can use it, whether you’re a big company or a small one.
On top of it, you get a free CDN (content delivery network) that will speed up your site world wide.
The first time I read something bad about it was on Techrights:
Clownflare has collapsed and it’s still 1,437 MILLION dollars in debt as per its latest report (days old). With interest rates like today’s, no company chooses debt “because it’s cheap”… The stock has collapsed, which means shareholders aren’t seeing much potential for a financial turnaround. Cloudflare reports wider first-quarter operating loss, shares slide Is Clownflare considered insolvent yet? Not yet? Do you want such a company in complete control of your site, your certificates, and so much more? Remember: they will do anything to ‘monetise’ one day, once the lock-in is sufficiently tight. Clownflare is not a “public service” or some charity.
The Bad
I always knew Cloudflare is a privacy nightmare.
1. Cloudflare handles ~20% of all the traffic on the internet. And growing fast, on 2017 it was 10%.
2. It’s impossible to use Cloudflare proxy without giving up encryption of data. They are a man-in-the-middle that have access to unencrypted information of all the traffic they proxy. (Yes, even with Full-Strict/Keyless SSL)
3. Of the remaining 80% of internet traffic, 43% comes from Netflix, Google, Amazon, Microsoft, and Apple, none of which seems to be using Cloudflare, which makes Cloudflare the ultimate tool to break encryption on distributed servers. Only 37% of the internet traffic is routed outside these major tech companies.
4. On July 2021, a random guy discovered a vulnerability on Cloudflare’s cdnjs that allowed complete take over of the CDN, which is estimated to be used by 12.7% of the websites. NSA has a whole division dedicated to discover and exploit zero-day vulnerabilities on systems. Even if Cloudflare is not willingly feeding unencrypted traffic to NSA, it is a single point of surveillance that, if compromised, breaks the whole encryption of a good portion of the internet.
5. Cloudflare follows a freemius pricing plan. On 2016 Cloudflare’s CEO Matthew Prince said in an interview that only 4%~5% of the websites they protect are paying customers. The cost of maintaining Cloudflare infrastructure for the remaining 95% of customers that use it for free is unclear, as Cloudflare does not run ads on the sites it protects.
6. On the same interview, he mentions that the initial impetus for Cloudflare came after an acquisition by the Department of Homeland Security of his previous project, Project Honeypot, in 2008, which demonstrates that the government was at least aware of it since the beginning.
The Ugly
Besides being the perfect tool to spy on the web, the freebies may make it worthwhile. Do they? WordPress multisite does not work with cloudflare. Several plug-ins don’t work with Cloudflare. Gutenberg editor might not work with cloudflare (not sure if it really was CF causing this issue). But then, SEO.
For many Cloudflare site, Google and Bing will not index pictures if you use Cloudflare. This is a nightmare from a SEO perspective.
From the Cloudflare community forum: Images are not indexed by Google using Cloudflare
WordPress support: Request for Assistance: Images Not Appearing on Search Engines
Can Cloudflare Actually Hurt Your Website’s SEO? (Spoiler, yes, it does!) Couldflare tanked this site’s ranking. Please also see the comments. I had a project some years ago and the traffic tanked, the pictures did slowly disappear from Google. We never figured out why. Today I know why.
The free CF DoS (Denial of Service) protection? Do you really need it? And if you need it, why does your hoster not offer it?
You can get your own CDN that you can run on a subdomain from your URL from Bunny CDN. starting at USD 0.01 per GB.