this post was submitted on 26 Aug 2024
53 points (98.2% liked)

Programming

17350 readers
245 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

  • Follow the programming.dev instance rules
  • Keep content related to programming in some way
  • If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities [email protected]



founded 1 year ago
MODERATORS
 

I recently stumbled across Cludflares trustpilot page and the reviews were completely mismatched from the way I have experienced people talk about them on forums. The reviews on trustpilot make them sound awful, but I have only seen recommendations for them on forums, often people say they are the best DNS provider.

Whats up with that? Does anyone know why there is such a disparity.

top 23 comments
sorted by: hot top controversial new old
[–] [email protected] 29 points 2 months ago (1 children)

I imagine trustpilot is where people go to vent about bad service because it'll come up when you search for cloudflare reviews.

[–] [email protected] 2 points 2 months ago (1 children)

true, but I don't think it's that alone, there are lot of other providers on there that don't get anywhere near the same number of bad reviews or intensity of reviews as CF. There are people really hating on CF there.

[–] [email protected] 3 points 2 months ago* (last edited 2 months ago)

Yeah they get a lot of users due to the free plans they offer, so I imagine there's just a lot of reviews as a result, both good and bad.

Also due to the free plan and being commonly used by home lab groups or small businesses, I think there are a lot of users that don't fully understand what they're getting into with CF and may be upset when they find out later on.

If you follow their ToS and understand what cloudflares proxy is doing to your traffic then it all works just fine.

[–] [email protected] 23 points 2 months ago* (last edited 2 months ago) (3 children)

https://old.reddit.com/r/programming/comments/1d14rb7/cloudflare_took_down_our_website_after_trying_to/ is the most recent Cloudflare drama. They've been known to fuck customers before but I can't really find specific examples. Obviously their protection can also be overzealous and block legitimate traffic too, which pisses off users as well.

Beyond that there's many more philosophical reasons to hate Cloudflare - they're a highly centralised point of failure and like in the story linked above could at any time "alter the deal", so to speak. As an advocate for the free and open internet I wouldn't consider them a force for good any more than Google, Facebook or Amazon.

They're also hated for blocking privacy tools like Tor and blocking scraping, which does suck, but if cloudfail doesn't work anymore you can still always search SHODAN for website title/headers to see if the LB is accessible directly via the internet. DNS management at medium sized corpos is usually a clusterfuck so it's definitely a non-zero chance.

[–] [email protected] 25 points 2 months ago* (last edited 2 months ago) (1 children)

As an advocate for the free and open internet I wouldn’t consider them a force for good any more than Google, Facebook or Amazon.

They're not only a centralised point of failure, but also a man-in-the-middle for so many sites that they can effectively track people all over the internet through web and DNS requests, and fingerprint browsers through CAPTCHA scripts, and even read people's HTTPS traffic.

I consider them a hostile actor.

No organisation should have such pervasive access to people's lives.

[–] [email protected] 4 points 2 months ago

Yup. One of the vestiges of corporate internet. I tried to make a less ideological argument for wider appeal but I absolutely agree with you.

[–] [email protected] 9 points 2 months ago* (last edited 2 months ago) (1 children)

the most recent Cloudflare drama.

It was made up by a shitty illegal crypto casino:
https://news.ycombinator.com/item?id=41091144

They’ve been known to fuck customers before but I can’t really find specific examples.

Of course you can't find specific examples because they are known to be great with customers.

[–] [email protected] 1 points 2 months ago (2 children)

shitty illegal crypto

Opinions. Irrelevant. What is and isn't "shitty" is a matter of opinion. Obviously fuck casinos and crypto scams but it ain't relevant.

The explanation you linked on the other hand is valid. I think it's a little ridiculous though that Cloudflare can't do any sort of geo-restriction instead. Just about everything is illegal somewhere.

Of course you can't find examples because

I can't be arsed.

[–] [email protected] 7 points 2 months ago (1 children)

I think it's a little ridiculous though that Cloudflare can't do any sort of geo-restriction instead.

That's not their job, it's the job of the site operator.

It's a free-tier service ffs. Who runs a company on a free-tier?

[–] [email protected] 5 points 2 months ago

It is their job. They advertise it as bot blocking

[–] [email protected] 6 points 2 months ago

It's super relevant in this case since they were shutdown for abusing the system and given warning that they decided to ignore while looking for a new provider.

[–] [email protected] 5 points 2 months ago (1 children)

see if the LB is accessible directly via the internet. DNS management at medium sized corpos is usually a clusterfuck so it's definitely a non-zero chance.

Can confirm lmao

[–] [email protected] 5 points 2 months ago* (last edited 2 months ago)

Job title: Cybersecurity Engineer

Actual Job: DNS Janitor

[–] [email protected] 17 points 2 months ago (1 children)

Trustpilot in itself is a very problematic website as well that biases towards positive reviews. Companies can engage there and get reviews removed when the person won't further engage with the company that has wronged them and get the reviews removed. So if an organisation has bad reviews and its engaged on trustpilot they must be really bad.

[–] [email protected] 10 points 2 months ago (1 children)

I've heard they also removed good reviews if you don't pay them, so... yeah I don't think you can really learn anything from TrustPilot.

[–] [email protected] 2 points 2 months ago

Cosmic balance, sort of 😅

[–] [email protected] 11 points 2 months ago

Cloudflare is amazing , until it's not. Chances are you'll fall within the 95% that have a great time, but if for some reason you draw the ire of sales, engineering, or a system bug you're gonna have a bad time.

[–] [email protected] 10 points 2 months ago

I can't remember exactly, but there was some shit going on with contract terms or monopolistic market behavior or something.

That's the only criticism I've seen that was somewhat credible tho.

[–] [email protected] 4 points 2 months ago

I've used them as a proxy for a web app at the last place I worked. Was just hoping they'd block unwanted/malicious traffic (not sure if it was needed, and it wasn't my choice). I, personally, didn't have any problems with their service.

Now, if you take a step back, and look at the big picture, they are so big and ubiquitous that they are a threat to the WWW itself. They are probably one of the most valuable targets for malicious actors and nation states. Even if Cloudflare is able to defend against infiltration and attacks in perpetuity, they have much of the net locked-in, and will enshittify to keep profits increasing in a market they've almost completely saturated.

Also, CAPTCHAs are annoying.

[–] [email protected] 2 points 2 months ago

some people like them and others don't... both have their own reasons... not sure what other info you are looking for?

[–] [email protected] 2 points 2 months ago

Can't really defend CF. They are known to fuck with customers, break their promises and are not good for privacy.

[–] [email protected] 2 points 2 months ago
[–] [email protected] -2 points 2 months ago

A lot of the work they do is aimed at thwarting the business models of cyber criminals, scam sites, etc.

Their reviews are probably from the people who had a good thing going using bots to scrape PII or take advantage of free trials/free tier SaaS products but were suddenly put out of business by cloudflares captcha tools.