Buy it for Life

More often than not, admins are interested in alternatives. When they hear there are no gratis alternatives, they shut down. CF is deceptively gratis. That is, the gratis plan is for relatively low consumption. When a service comes under attack which then leverages the defense admins signed up for, Cloudflare taps them on the shoulder and says: hey, you’re exceeding the bandwidth of the gratis plan.. time to switch to premium. So the “free” evaporates.

Slightly more clever admins will use CF DNS and maintain their site in a non-proxied state (sparing their users from Cloudflare exclusion and over-sharing). Then when an attack hits they just have to flip a switch and CF is put into play. That switch can even be scripted to happen automatically.

Even more clever admins (e.g. infosec.pub) are very knowledgeable about how to do security properly without offloading their security problems onto everyone else.

Naah. Their points are very valid. Unmoderated communities are easily remedied by reaching out to admins. If they didn't have their other points, I would suggest they just try taking over an existing community.

You could fill a book on the harm Cloudflare does. To describe the walled garden, they have designed Cloudflare without a login so that people in the included group don’t even know they are participating in digital exclusion and supporting a walled garden by a tech giant. The gate is invisible. Those of us in the excluded group see a deceptive block screen that says it’s doing a security check but in reality it’s doing nothing but showing a non-stop spinner. Some people get a CAPTCHA which is often broken (always broken for me).

By default, Cloudflare blocks access to the following groups of people:

• users whose ISP uses CGNAT to distribute a limited range of IPv4 addresses (this generally impacts poor people in impoverished regions)
• the Tor community
• VPN users
• users of public libraries, and generally networks where IP addresses are shared
• blind people who disable images in their browsers (which triggers false positives for robots, as scripts are generally not interested in images either)
• the permacomputing community and people on limited internet connections, who also disable browser images to reduce bandwidth which makes them appear as bots
• people who actually run bots -- Cloudflare is outspokenly anti-robot and treats beneficial bots the same as malicious bots

If you are in the included group and get access to a Cloudflare site, CF is a man in the middle who sees all the traffic. The padlock you see only means that your traffic is secure from you to Cloudflare (not to the host you think you are visiting). Cloudflare sees your userid and password, your DMs, everything. CF has grown to take ~20—30% of the web. So probably around roughly ¼ of your web activity is all seen by that one corporation which operates in a country without privacy safegards. So in addition to the above list of groups of people who Cloudflare blocks from web access, there is a group of privacy enthusiasts who block CF as they refuse to disclose ~25% of their web traffic to CF.

As for the disproportionate size, I think that is somewhat inevitable, even with a Federated platform.

It’s only inevitable to the extent that it’s inevitable that you will have admins who don’t grasp the philosophy. Admins who embrace the principles of decentralization close registration before their user count gets excessive (lemmy.ml demonstrated some restraint in this regard though some would say they should have closed reg sooner). Others will carry on, and bring in Cloudflare to supercharge the capacity which brings the problem that Cloudflare itself is centralized. They have effectively joined the centralized walled garden and brought a disproportionately large number of unwitting users into that exclusive venue. I say “unwitting” because sh.itjust.works and lemmy.world does not disclose to the users the fact that they are in a walled garden and that they share all the traffic with a US tech giant. Their greed is why there are disproportionately small nodes. It is sh.itjust.works and lemmy.world who decided to exploit all the individuals who individually decide they want to be in the same place where everyone else is, which ruins the balance and keeps small nodes overly small.

Many posts are in a Q&A format, and if a bot were to crosspost all the content here, any answers here wouldn’t necessarily make it back to the OP. Had you considered this?

I didn’t necessarily mean to imply that a bot would do the job, but indeed a bot would make sense. The purpose of copying traffic out of the centralized walled garden into a free world instance would be to feed info to those who have chosen the ethical venue. The purpose would not be to feed the giants in any way. So if it’s a personal question post that does not enrich the commons with information then the post could be removed by the bot operator. Or if the question likely provokes an interesting chat then it could be left alone. Responders who want the OP to see the response could simply mention them in the response and the OP would get a notification.

Yep, just have a pinned post pointing to the main community in the other communities.

Yeah it would be nice if it were organised to some extent, like crossposting everything between the two for redundancy since each node would have different lifetimes, but get people to comment in just one. Though the rules are different. The German one bans all advertising.