I am a plebe who doesn’t understand these things but what exactly does cloudflare do? I see it popping up more and more often redirecting before visiting a site. I assume that this has something to do with bot traffic? It seems like every mention of cloudflare is about how it ruined someone’s day.
Essentially, their entire schtick is being a middleman. By sitting between the server you want to visit, they can do helpful things like DDOS protection, being a CDN (basically store website assets closer to you), managing HTTPS for you and providing access to your website over IPv6 even if your server doesn’t have it.
By nature of that though, their position is quite sensitive since it has become a service that a good chunk of the Internet goes through. That causes concerns about centralization and pisses in a lot of people’s cereals politically.
Mostly breaking it. They’re centralizing stuff and nowadays lots of services depend on that single service provider. And the original idea of the internet was to make everyone equal and have some resilience against single points of failure. That’s kind of detrimental to the whole idea.
Secondly, you unencrypt your traffic and send it to them plain so they can read everything. That may or may not be an issue for your use-case, but I like privacy and encryption and no third parties reading my messages.
And the question is: What do you need their service for? I understand that a tunnel is useful if you’re behind a NAT. But the DDoS protection and attack prevention is mostly snake-oil for most people. It’s often unnecessary, the free tier doesn’t include any of the interesting stuff and it’s questionable if most people get targeted by DDoS attacks anyways. And as I heard if it comes to that point, they will cease service to you anyways and want to see money ($240 to $2.400 per year.) So I don’t see a good reason why you’d use Cloudflare in the first place. Unless you need a tunnel or subscribe to one of the more expensive plans. Otherwise it only has downsides.
But the DDoS protection and attack prevention is mostly snake-oil for most people.
I wouldn’t say it’s snake oil for most people because of how cheap it costs to execute a DDoS attack, all it takes is for you to piss off one person for it to be worth it. Although you do not have to use cloudflare there are plenty of other protection services out there.
And a side note, I can’t believe how hard it is to find statistics on how many DDoS attacks have happened that’s not from someone with a vested interest in the matter. I’d figure the FBI/IC3 or CISA would have better statistics on the matter.
Hmmh, I’d like to - at some point - speak to an admin who has been targeted by a DDoS attack. I know it happened to one Lemmy instance. What I’ve seen as an admin were some attempts that weren’t that bad for us, and that was years ago. It didn’t even really stop the service, just cause lots of load on the webserver and made the website open a bit slower than usual. And it was over after a few hours and never happened again. My other servers and websites have never been targeted.
And I wonder if for example the Lemmy instances who use Cloudflare, pay them $240 a year. Because as I read, Cloudflare free ceases service if there is an ongoing DDoS attack.
I think it’s mostly Live-Streamers and somewhat high-profile and controversial webservers who get targeted. Like the biggest Lemmy instances. Or if you’re successful at messing with the Russian internet trolls. Or play a game in a live stream and your fans like to seriously mess with you, like pay for a virtual attack or swat you. Other than that, I believe 99.9% of people who run internet services will never experience such an attack. And it wouldn’t really harm them if their service went down for some time.
I’m no expert either but as I understand it, the core service they are most well known for is protection against DDOS attacks. By routing traffic first to Cloudflare before sending it to the intended destination, it can try to check to make sure that whatever it’s routing isn’t coming from a botnet or whatever.
Yes
