Why does Cloudflare Pages have such a generous free tier?
It's not really free. One day, you get a call from their sales team saying "you're straining our network". I kid you not. We were on a business plan and still got this. When we met them in person, we were asked to upgrade to a $2000+ per month plan. From a $200/mo plan. That's a 10x increase. I searched their TOS, nowhere it was mentioned about "straining their network". Turns out that's just their scammy tactic to get you to pay. We refused. That really left a bad taste in my mouth.
Today, I refuse to recommend any client or startup to them because of this extremely unethical practice. All around, I'm not sure they deserve so much positive press/attention, especially after screwing some of their own employees (one even got super famous live streaming the firing).
To be honest, sales people are sales people. Their job is to sell you on packages, and they will generally do anything to get you to upgrade.
It's not like they threatened to remove you from their service. They asked you and gave you a "canned" reason.
If you don't mind me asking you had a $200 a month plan, and changed to another provider. Did the plan price go up or down?
If CF is calling you like this then I’m not sure how you’re interpreting this as a donation call. They’re basically saying you’re about to be fired as a customer.
Except now there isn’t a clear formalization on how much you were expecting to pay or how much runway or patience CF has left for you.
> It's not like they threatened to remove you from their service
They routinely do exactly this
>I searched their TOS, nowhere it was mentioned about "straining their network". Turns out that's just their scammy tactic to get you to pay.
You seem to be pretty cagey about what your usage actually was, and whether it was indeed "straining their network". Were you using more resources/bandwidth than a typical customer would? Most ToS contains clauses that allows the vendor to unilaterally cut customers off if they're an excessive burden, even if there aren't explicit quotas, or are explicitly "unlimited". ISPs don't let you saturate your 1Gbit connection 24 hours a day, even on "unlimited" plans, but I wouldn't call it a "scam" if they told you to upgrade to an enterprise plan.
Well, Cloudflare seems pretty cagey about what their prices are, given they don't reveal them to clients until they are completely tied in.
I've seen enough stories exactly like this from other CF customers to believe it.
I've seen enough stories exactly like this, where it turned out such usage is unusual and a move to a higher priced plan was justified (eg. https://news.ycombinator.com/item?id=40482505, https://news.ycombinator.com/item?id=34640016, https://news.ycombinator.com/item?id=31336515), that I find it suspicious whenever people act surprised and outraged at cloudflare upselling them, but are cagey about what exactly their site's doing.
This "straining the network" is the "unlimited pto" of b2b saas. It's all bullshit. Nebulous and you don't really know what you're getting into until you're too locked in and they squeeze you. Don't do business with companies like this if you can avoid it. It's the Datadog model of we'll charge you whatever and make it extremely complicated for you to understand why you're being billed $x this month.
straining is also ambiguous and disingenuous.
if we believe the plan was $200 and the upgrade was to a $2,000 plan.. there's no way a $2,000 user would be "straining" Cloudflare's network.
We spend more than that. If we are putting a strain on Cloudflare, they're not at the scale we think they're at.
Seems like you don't really have any issue with the underlying business decision (ie. pushing a high usage customer to a higher tier plan) and are only upset about the wording the salesperson used. All the points you've made applies to ISPs as well. Most neighborhoods are probably provisioned well enough that a single customer saturating their 1gbit connection isn't going to bring the network down to its knees, but that doesn't mean ISPs aren't justified in pushing such customers to a higher tier offering (eg. dedicated circuit).
This is a growing pattern in hosting like Netlify and headless CMSs like Sanity. Their free model is "generous" and then if you go production and start to have overages you get billed exorbitantly for bandwidth and API requests. It is essentially a trap. Once you hit those limits you have very little negotiating power when you hit the "call us for pricing" level and you get outrageous quotes. It costs them very little to run these services so if they can net some minnows that become whales, that is almost pure profit.
It's the double-edged sword of both free plans and "transparent pricing". If you just click "buy" and enter your CC info you're subject to their somewhat arbitrary terms of service. Service is cheap and reliable so you don't ask questions. But they can just boot you and there's very little recourse. It's why most big companies want a signed contract that's binding and comes with some kind of mandatory dispute resolution or penalties for non-compliance.
You should report that to them. Their CTO multiple times said this in HN.
I'm not a fan of Cloudflare's enterprise pricing model. It seems like they'll charge you whatever they'd like to when renewal time comes around, and will play with the numbers to ensure you stay around whatever total they'd like to see. They charge for each protected domain, in addition to sane metrics like bandwidth utilization and number of requests. Charging thousands per protected domain per year is scummy. Maybe I'm just too used to AWS/GCloud/et al. pricing that actually bills me on utilization rather than arbitrary metrics.
Did you move from cf to someone else, or are you still using them?
I like Bunny because it’s prepaid
I heard a great theory about this recently.
The hardest part of onboarding a new customer to Cloudflare is the bit where you need to switch over to having them manage DNS for you.
If you're under a DoS attack or similar, waiting for DNS changes to propagate is the last thing you want to have to care about!
Cloudflare's generous free tier is an amazing way of getting that funnel started: anyone who signs up for the free tier has already configured everything that matters, which means when they DO consider becoming a paying customer the friction in doing so is tiny.
The OP doesn't link to Cloudflare's (repeated) explanation about this exact topic.
Oh
I suspect they also greatly benefit from developers using them for hobbies and suggesting that their workplace use them in turn. Though, that's much harder to track.
The reason it's free and with unlimited bandwidth is that it's not.
Unless you stay very small, you'll eventually get on the radar of the sales team and you'll realize the service is neither unlimited nor free. In fact, you'll likely have to look at a 5 or 6-figure contract to remain on the service.
(n = 1 & all) A project I co-develop pushed 30TB to 60TB per month on Cloudflare Workers in the past (for months on end) for $0. No one called us to sign 6 figure contracts.
Workers are a very different product so I'm not too surprised by that. The main workers payment model is entirely concerned with CPU use and you must be minimizing that.
wait
Do you have a counter example, or is this just your assumption?
There are several counter examples in the comments on this page.
none of which seem to have given their bandwidth figures.
I can second this. Their sales people have such poor behaviour that I am considering moving away simply on principle. There is nothing predictable about being on an enterprise contract and they will hit you with bullshit overage charges like using too many dns requests (wtf??) all of a sudden to force you onto a much larger contract. On the 28th of December no less ! We have used them for a very long time but I am having very big doubts about how much we can use them in the future even though their products are great.
(disclaimer: I'm an employee but no commission is earned for this, we just work hard, opinions on HN otherwise don't reflect that of my employer)
At which point do you think you get in the radar?
I run a $3m/yr startup on a free tier Cloudflare account. To this day I have no idea why Cloudflare is not charging us for anything. I would have happily paid them for their service
We're incredibly biased since several members of our team worked at Cloudflare, but we spend ~$20 a month on Cloudflare for our startup and it is fantastic.
- Marketing videos on stream
- Pages for multiple nextjs sites
- DNS + Domain Reg
- cloudflared / tunnels for local dev
- zaraz tag manager
- Page rules / redirect rules for vanity redirects we want to do.
The list gets longer every day and the amount of problems we can solve quickly is amazing. The value to money is unmatched
We're building our startup infra on cloudflare over the other major hyperscalers and it turned out to be an amazing decision...
Generous free tiers, pricing scales very competitively after that, and their interface is not nearly as bad as GCP / AWS.
I highly recommend this stack.
> their interface is not nearly as bad as GCP / AWS
Underrated.
Until recently, all the features were grouped in a very clear manner within the dashboard. Now, even Cloudflare is complicating its management interface, but they still have a long way to go before reaching the level of confusion of AWS and GCP.
you run compute workloads on there?
Yes: https://developers.cloudflare.com/ Look at Cloudflare Workers and Cloudflare Workers AI.
Cool. What are you building?
srcbook.com (not OP, just trolling through their profile).
Same here!
In terms of brand, Cloudflare reminds me of Google during the idealist “don’t be evil” phase. Giving away lots of free and benefiting from massive mindshare. I feel similar about Cloudflare now as Google then: very positive and wouldn’t begrudge them any work contracts.
I feel like Google started on an extraction ratchet and hasn’t stopped. I used to put everything there and now barely anything. The change in brand for me has been massive.
As other commenters have mentioned, it is a bit of a bait and switch and not "truly" unlimited - but pretty much this is true for any XaaS that advertises "unlimited" anything. That said though, I still find cloudflare's free basic product incredibly good for the price. The proxy will handle a pretty good amount of load before you get any sales emails. I use some of their enterprise products and I'm extremely pleased, so it is a little hard to complain when I am getting great value out of it. I am however always wary of this not remaining the case forever. For what it is though, I can't really find many comparable products. It's sort of like datadog to me - yes, it's expensive, yes, their pricing can be a bit nebulous and feels bad at times, but the product is still extremely good for what I need it to do and until that changes I guess I'll just keep forking over dollars. That seems to be the way of things now.
because they’re an amazing piece of technology that also happens to be a state sponsored man-in-the-middle platform.
I was assuming that it's a loss-leader sort of business strategy at play before reading your comment. Do you care to share any insights/references to support this claim?
Nah that’d be a national security crisis.
But the presence of https://en.wikipedia.org/wiki/PRISM well over 10 years ago should be sufficient.
Gotcha. Yeah, I mean all of these platforms are certainly juicy targets for room 641A [0] shenanigans. I just wondered if there had been some public leaks or something which we might not all be aware of yet.
I'd also point out the following from Cloudflare CEO Matthew Prince's wiki page [1]:
> "Prince co-founded Unspam Technologies, which supported the development of Project Honey Pot [2], an open source data collection software created by Prince and Lee Holloway designed to gather information on IP addresses used by email-address harvesting services."
> In 2008, the Department of Homeland Security (DHS) contacted Unspam Technologies, asking, "Do you have any idea how valuable the data you have is?" The DHS' email served as the impetus for Cloudflare, a technology company Prince co-founded with Holloway and fellow Harvard Business School graduate Michelle Zatlyn the following year
> The DHS' email served as the impetus for Cloudflare
Emphasis mine. I love Cloudflare, their tech is amazing, but to bury our heads in the sand that it wasn't started from day one to be a government spying program would be extremely naive.
https://blog.cloudflare.com/cloudflare-prism-secure-ciphers/
> At CloudFlare, we have never been approached to participate in PRISM or any other similar program.
> To date, CloudFlare has never received an order from the Foreign Intelligence Surveillance Act (FISA) court.
US based companies (like china and europe based ones) are not allowed to talk about it, when state actors implementing their spying tools. It is just naive to think that cloudflare doesn't give access to state agencies. As others have said, it is more likely that cloudflare as a company is entirely built around the idea to provide a singe point of surveillance to US agencies.
Love the double standard here. An offhand comment about an email from the DHS is considered strong evidence that Cloudflare was "started from day one to be a government spying program" while anything Cloudflare could say to deny it is brushed off as not strong enough.
Overly specific weaseling. (Not by you, by Cloudflare).
The questions are not about if they were approached or participate in any programs, it's what they do and if they provide the data or not.
Again, an offhand comment about an email from the DHS is given all the weight in the world while a direct statement from Cloudflare is nitpicked to death.
The whole point is it's not a direct statement. It is a lot of words which fails to answer the core question: is cloudflare syphoning data off to any of the Five Eyes (and I almost wrote Five Guys . . ) government intelligence agencies or their allies?
For example, in your link: "One of the ways we limit the scope of orders we receive is by limiting the data we store. I have written before about how CloudFlare limits what we log and purge most log data within a few hours. For example, we cannot disclose the visitors to a particular website on CloudFlare because we do not currently store that data."
So if they are MITMing everything they totally could just send everything out straight away and not contradict what they're saying at all. Them storing the data or not is completely beside the point.
>> At CloudFlare, we have never been approached to participate in PRISM or any other similar program […because we approached them]
>> To date, CloudFlare has never received an order from the Foreign Intelligence Surveillance Act (FISA) court […because they never had to ask in the first place]
My paranoia was cemented by the book When Google Met Wikileaks. Silicon Valley types do not have to be coerced to share data with 3 letter agencies, they have aligned incentives to ensure American dominance. Which is fine with me, as an American, but I won’t pretend there’s some rivalry where Cloudflare won’t comply without a court order.
Post Snowden, I think the assumption has to be any large US hosting/service provider is compromised in a similar fashion.
One half of the NSA's mission is defensive, dedicated to improving the security of US systems and infrastructure: https://www.nsa.gov/Cybersecurity/
They have the nickname "Crimeflare" for a reason and there is a reason so many threat actors, phishers, and malware people use CF on their landing pages and c2s.
When you file an abuse ticket with CF, CF takes the route of "oh we are only routing the data and content, not hosting it" and will refuse to terminate the CF accounts of someone being malicious. Threat actors know this which is why so many use em.
>When you file an abuse ticket with CF, CF takes the route of "oh we are only routing the data and content, not hosting it" and will refuse to terminate the CF accounts of someone being malicious. Threat actors know this which is why so many use em.
Their abuse page says they forward abuse tickets to the origin hosting provider. The origin hosting provider could ignore your tickets, but I don't see how that's any different than if they didn't use cloudflare to begin with.
They still have the ability to terminate the accounts of the threat actors using their platform (which would fuck up their scam/spam/malicious campaigns) yet seem to not want to under their guise of "oh its not us".
Ok but why can’t they take responsibility for the abuse and terminate the accounts themselves, forcing the malicious actors back to being in a position of not being protected by cloudflare?
So the deep state is smart enough to take over the corporation and inject all this secret squirrel tech, but didn't think to cook the books to make it look like a marginally-profitable (but boring) business?
It reminds me of the counterargument to UFOs where they say "so the UFO flew here from 100 light-years away, through extreme cold, deep space, intense radiation, dodged space rocks, but as soon as it came into a lukewarm atmosphere with a modest gravity and tame weather, it crashed into a field in New Mexico?"
To be fair, you could see how a vehicle designed rigidly for extreme cold, extreme vacuum, zero gravity, etc. might fail catastrophically when introduced to modest temperatures, a modest atmosphere, and a modest gravity.[1]
It wouldn't say much for the foresight of the alien designers, mind.
[1] "100 KILOpascals? KILO? I thought you said milli, you blithering nixflorp!"
What? What does business profitability or viability have to do with anything? Cloudflare can serve both customers at the same time. They still make amazing products, have incredibly talented engineers, and provide extremely valuable commercial services.
PRISM worked with numerous participants from well-oiled tech startups to aging why-wont-you-just-die companies.
Honestly this is the most likely hypothesis, but would be nice to have some more evidence.
PRISM revealed secrets. It also revealed that some companies fought back as much as possible. It's also possible to design core tech so that even when forced to participate, you reveal as little or no information.
CloudFlare, PRISM, and Securing SSL Ciphers, 2013-06-12 Matthew Prince https://blog.cloudflare.com/cloudflare-prism-secure-ciphers/
What are some alternatives? Preferably the more open source the better.
Idk if they're open source, but netlify was the company that I thought sort of made this feature free and easy to use. Github pages is also a free alternative.
Someone was (incidentally?) ddos'ed on Netlify last year and was served a 104k bill. The fees were waved in the end, but the caveat remains on all these free services that you pay by bandwidth.
That's why I like Bunny, the only such service I could find with prepaid pricing. I would rather have service shut off than to have to pay $104k for a day or two of service.
This is one of those things where the act of trying to evade state-level actors by definition puts you on their radar big time.
what is an "open source" network infrastructure provider?
Cloudflare is mostly open-sourced, alternatives are more often than not closed-sourced
I don't think putting up a few libraries on GitHub and writing great post-mortems makes something "Mostly open-sourced".
I believe the implication is that cloudflares usefulness is not in her source code but rather her physical infra, there is not some free as in freedom alternative to that.
Alternatives to what? Five Eyes? Good luck with that.
China is happy to offer an alternative. It has pretty high costs, and I don't think it's worth it, but it exists.
This seems like little more than a sales pitch. For instance:
> Second, companies like Cloudflare benefit from a fast, secure internet. If the internet is fast and reliable, more people will want to use it.
The author doesn't seem to have anything to say with any more substance than this gem.
No, it's not an empty statement. When your site takes 5 seconds to start loading, even sometimes, or if it sometimes fails to load some image or CSS file completely, many visitors will be unhappy to have to return to it, and a lot will just close the tab without waiting.
The pleonasm is not helpful though.
I still cannot believe the pricing on R2, unlimited egress. It's absurd, I love it!
And their free tier is 10GB of free storage.
Loss leaders are like that.
Bandwidth has become super cheap nowadays. Even on a CDN if you have a large enough commit the prices go very low, so you can imagine what the real cost must be:
> In Q1 of this year, I completed my yearly CDN pricing survey of over 500 customers and saw the lowest pricing rates I have ever seen for the largest customers, as low as $0.00038 per GB delivered in the US. Blended pricing globally at $0.0006. (Please note, this doesn’t mean these are the prices you should be asking for or paying!) Lower pricing is okay if traffic and commits are growing, but they aren’t
https://www.streamingmediablog.com/2024/05/cdn-pricing-press...
Because they own the CDN and most of the bandwidth is from peering, so it essentially costs them nothing. Netlify on the other hand has to pay per GB to AWS.
Netlify manages to be wildly overpriced even by AWS standards, CloudFront starts at about $85/TB, which isn't cheap by any means, but that turns into $550/TB(!!) if you go through Netlify. They have some of the most obscene bandwidth pricing in the industry by a huge margin, and to add insult to injury they don't allow you to set a spending limit either.
As hardware gets cheaper, and economies of scale get bigger, it's way way cheaper to provide free stuff than spend on sales and marketing.
Works best at the extremes
I understand interconnecting Cloudflare’s network and hosting their servers by ISPs builds a beefier Internet and that’s great, but isn’t it potentially problematic for a small number of vendors to become a significant part of the network? What happens if they go out of business? Are we no worse off than before, or do we worry about equipment that’s in limbo unless purchased by another business? Or is it potentially bad but inevitable since investing in growing the Internet requires deep pockets so it will always be the bigger corporations owning large chunks of the network?
Infra like Internet cables under the ocean are to me more obvious things to be purchased by other businesses. ISP-collocated content servers that came to be due to discovered mutual benefits of content and service provider seem to me more complex in terms of managing them in the face of business changes.
Probably not the place to post this feedback, but in general I get excited about what Cloudflare have been releasing in 2024. I'm borderline desperate to try them out in a business setting.
The only thing that really stops me is the horror stories I hear about random billing issues and on top of that account closures.
That is something I'm _never_ worried about with AWS.
On the off chance that someone from CF is reading this feedback.
Cloudflare offers a lot for free. I think they are able to cover the free users from how much they charge enterprise customers.
Hey Matt! DB here from last summer haha!
cool to see you started writing! looking forward to seeing more, keep it up
Thanks! More to come, and hopefully see you back in the office after you graduate
Tin foil hat on?
I suspect they also benefit from the massive amounts of data gathering. A huge portion of the entire internet's traffic is going through Cloudflare, SSL-terminated. It's like being plugged into the server-side (unblockable) access log of every website. That would be worth a lot.
I also suspect their support of web attestation is not benevolent. With the level of control they already have, it's increasingly possible for them to flip a switch, with the full support of Apple and Google and Microsoft, so that only authorized devices have access to the web. curl on Linux? Not authorized. Outdated OS? It's up to Apple whether they feel like signing your request – can't expect them to support it forever! – but also you can't access that website without their approval.
I feel like a conspiracy theorist here but this stuff just seems way too close at hand.
Between let’s encrypt and Caddy defaults, SSL termination is easy these days and cloudlfares insistence on doing it for me has turned me away from their products. I gather that reading the logs is part and parcel of their product, as the gatekeeper to high traffic sites they need all the signals they can get for what malicious traffic looks like.
I don’t think it requires a conspiracy, it’s just a market demand for such a product
Cloudflare requires a $3,000/year business plan in order to have custom name servers. Namecheap offers this for free.
"Account/Zone custom nameservers are available for zones on Business or Enterprise plans. Via API or on the dashboard."
Update: I say this to further illustrate how they operate.
- collect telemetry data they can use in their products
- bandwidth is cheap but the bad actor data they gather directly helps their paid enterprise tools
- people wouldn't pay for it and move to a competitor that offers it free, so its basically a monopoly on a large portion of the sales funnel
- branding message as "we are the good guys we are so generous" as you can see from the comments has worked in their favor
Pages probably consumes less than 10% of resources compared to their free CDN. Probably even less than 1%.
It's kind of the same reason Google does it. There's a saying about this that I do not recall how it is phrased but it's something to the effect of, if you're not paying for it you're the product.
You're the guinea pig to help them make the product better for paying clients and to help them market the product usefulness to those that pay.
Piggybacking on the thread a little, anyone has experience to share using Pages or Workers at scale? Perhaps I bought too much into the JAMstack hype, but it seems like a much more convenient approach compared to the k8s rube goldberg machines every other shop is utilizing (assuming they work and scale as advertised on the tin). Wondering what are some drawbacks or even show stoppers.
I have done a few products, X million WAU, workers/pages scale really well. I haven't had any issues. I know docker/k8s extensively (and have scaled them previously).
Drawback: less nodejs api, so limited apis.
Cloudflare is not profitable [1]. I’m wary of what might happen when they need to become profitable. Could this be another case of a company offering an excellent, cheap product while being propped up by investors, only to later have an “enshittification” [2] phase where they aggressively cut corners and increase prices to make a profit?
[1] https://www.wsj.com/market-data/quotes/NET/financials/annual...
>Cloudflare is not profitable [1]. I’m wary of what might happen when they need to become profitable
The unit economics are sound. They have 76% gross margin, so it's not like they're selling $10 movie tickets for $8, and unlike companies like uber, they're probably not using their marketing spend to buy revenue (eg. spending $20 in promo credits to get $50 worth of sales). There's nothing wrong with a business that "unprofitable" when their unit economics work out, and are plowing their profits back into expanding the business.
Cash flow positive. Margins look healthy. Spend lots of R&D which i would attribute to having $1.6B(2023) of capital on hand and being cash flow positive.
Leaving out stock compensation in a non-gaap perspective would show they are close. Granted compensation is a real cost to value of shares, It's not as wide a delta as many other companies.
I would suspect they're going the other way and will continue to double down into new areas of services to expand their product line.
Top of the funnel.
Without Cloudflare there would be many poor malware coders and phishers. Cloudflare are saints!
Why does any paid platform have a generous free tier?
Right, and why don't all products get priced at cost+? Such a puzzle.
/s
Pricing is not about today's balance sheet, but about the future of the business. If pricing ever becomes about making this month's payroll, the business is probably in trouble. There are exceptions, especially for small businesses.
We are currently developing a project and were very open regarding the provider and none came close to Cloudflare pages.
The free geo information in the header alone is already worth it for us so we save money on purchasing a separate ip db but also don't waste time for the separate db call looking up the location.
I was very disappointed by their kv store latency and that d1 does not replicate yet. So we ended up comparing a poor man solution in just providing the json at a http endpoint on our webserver vs. quite a few global kv providers.
We set up a promise race and did thourough global tests. Doing the http request beat the global kv store providers by far, even if they have a pop in syd, the cloudflare http request to europe or the us was still faster. We are using Argo though, this might have helped as well.
What was the latency for the KV store?
between 300 - 1200ms , also very random
I then found bejamas where you can do some nice comparisons like: https://bejamas.com/compare/turso-vs-upstash-redis-vs-cloudf...
Thanks! I never thought it could be this bad. 1200 ms is a lifetime for a key-value cache.
I've heard horror stories, where once you hit a certain limit they squeeze the hell out of you. And by that point in time you are locked in and forced to make a deal.
It's made me not use cloudflare for future products. Just charge me upfront what you need to make a healthy margin and let's do business!
It's always about creating technical debt at your org so that when they come to charge you 10-100X what some service is worth it's less painful to overpay them than it is to switch.
I'm going to have to ask you to keep your voice down, sir.
HNer gets his casino site shut down and extorted into buying Enterprise for $120k/yr, there's an unwritten limit of 10TB. https://news.ycombinator.com/item?id=40481808
From the thread and related discussions, Cloudflare's reasons probably had nothing to do with bandwidth used. I also recently signed up for Cloudflare and pushed 20 TB per month on their free plan, I specifically asked Cloudflare if this was okay and they said yes. YMMV
> Additionally, there's plenty of "Upgrade to Pro" buttons sprinkled about. It's the freemium model at work.
I don't think they care much about few "Pro" upgrades here and there. The real money, and their focus as a company, is in enterprise contracts. Note that, Matthew Prince, the CEO, had outlined a few reasons why they have such a generous free tier on an Stack Exchange answer[1]. I think the biggest reason is this:
> Bandwidth Chicken & Egg: in order to get the unit economics around bandwidth to offer competitive pricing at acceptable margins you need to have scale, but in order to get scale from paying users you need competitive pricing. Free customers early on helped us solve this chicken & egg problem. Today we continue to see that benefit in regions where our diversity of customers helps convince regional telecoms to peer with us locally, continuing to drive down our unit costs of bandwidth.
Cloudflare had decided long ago that they wanted to work at an incredible scale. I would actually be very interested in understanding how this vision came to be. Hope Matthew writes that book someday.
[1]: https://webmasters.stackexchange.com/a/88685.
I think there are a few other benefits (even if that was the main benefit/driving force behind the decision).
When you have low-paying (or zero-paying) customers, you need to make your system easy. When you're enterprise-only, you can pay for stuff like dedicated support reps. A company is paying you $1M+/year and you hire someone at $75,000 who is dedicated to a few clients. Anything that's confusing is just "Oh, put in a chat to Joe." It isn't the typical support experience: it's someone that knows you and your usage of the system. By contrast, Cloudflare had to make sure that its system was easy enough to use that free customers would be able to easily (cheaply) make sense of it. Even if you're going to give enterprise customers white-glove service, it's always nice for them when systems are easy and pleasant to use.
When you're carrying so much free traffic, you have to be efficient. It pushes you to actually make systems that can handle scale and diverse situations without just throwing money at the problem. It's easy for companies to get bloated/lazy when they're fat off enterprise contracts - and that isn't a good recipe for long-term success.
Finally, it's a good way to get mindshare. I used Cloudflare for years just proxying my personal blog that got very little traffic. When my employer was thinking about switching CDNs, myself and others who had used Cloudflare personally kinda pushed the "we should really be looking at Cloudflare." Free customers may never give you a dollar - but they might know someone or work for someone who will give you millions. Software engineers love things that they can use for free and that has often paid dividends for companies behind those free things.
I feel like there might be an additional motivation too, which is that this investment in a better internet (free SSL for everyone before LetsEncrypt came around, generous free tiers for users, etc. etc.) means that Cloudflare builds a reputation of being a steward of the ecosystem while also benefitting indirectly from wider adoption of good, secure practices.
In some ways it's analogous to investing in your local community and arguably paying tax: it's rare that you would directly and personally benefit from this, but if the environment you live in improves from it, crime is reduced, more to do, etc. then you can enjoy a better quality of life.
Reminds me of the School -> Pro pipeline where companies sell cheaply or even give away their software to learning institutions so that students who go pro are familiar with their tools and then later recommend it for their work.
That’s absolutely true for things like MS Office and Adobe - but it also works in the other direction: I’m sure making kids use Java for AP computer-science or for undergrad contributed to its uncool status today.
This is exactly our thinking with authentik (open source IdP), and it's played out in practice so far. Enterprise sales conversations are so much easier when they start with "we all use you in our homelabs already." We're much more focused on giving those individual users a positive early experience (in hopes that some small percentage will really pay off down the road) than in extracting a few dollars from each of them.
I went back and reread that reply by Matthew. Essentially, nothing has changed; the free customers are very important to us for all the reasons that he outlined. See also this blog post on us and free customers from 2024: https://blog.cloudflare.com/cloudflares-commitment-to-free/
^ CTO of Cloudflare for reference
> I don't think they care much about few "Pro" upgrades here and there. The real money, and their focus as a company, is in enterprise contracts.
Cloudflare's enterprise customer acquisition strategy seems to be offering free or extremely cheap flat-rate plans with "no limits", then when a customer gets a sizeable amount of traffic they will try to sell them an enterprise plan and cut them off if they don't buy (see https://robindev.substack.com/p/cloudflare-took-down-our-web...). IMO this is pretty shrewd, as it means that companies can't do real price comparisons between Cloudflare and other CDNs until they already have all their infrastructure plugged into Cloudflare.
That particular story / case had a lot more context to it that we weren't given. I wouldn't be ready to place any kind of merit on it without hearing more. I also think given the OP's industry it's likely there were issues with IP reputation. Could it have been handled differently? Probably. In this case I think it would have been smarter to just part ways upfront and let the client know it's not going to work out. I suspect the contract was designed to say.. we don't see the value in this relationship.. but at this price we'll make it work type deal. I don't think that's the right way to go, but I hardly believe this is how they operate.
I've used their free -> enterprise services in multiple companies and clients. Haven't had a single bad experience with them yet. Always helpful, if a bit delayed at times.
It doesn't seem like Cloudflare has any problems with online gambling, especially since the first email the author got from Cloudflare came from someone in their "Gaming & iGaming" division. There's people in this thread in other industries who have had similar experiences with them.
IMO the biggest problems are how Cloudflare kept inventing excuses like "issues with account settings" to get the customer on the phone with their sales team, and the mixing of "trust and safety" with sales (like deleting their account for ToS violations after the CEO mentioned talking to a competing CDN).
I don't know that I can trust the perspective of the Op here. Gaming and Gambling aren't the same thing. We don't know that they invented excuses here either. I would also suspect the comment about a competing CDN was used by the OP to try and gain leverage and it failed.
All i'm saying is we can't make a determination of right and wrong without more data. All things considered, it reads more to me that the data withheld is on the original OP side rather than the CF side.
Either way, it's a unique one off. Most of the mentions in this thread of this behavior all rely on this one experience. I think that in of itself is probably a positive on the side of cloudflare. If it were institutional that they treat clients like this we would hear it regularly.
> Gaming and Gambling aren't the same thing.
iGaming is a euphemism for online gambling.
https://assets.ctfassets.net/slt3lc6tev37/4SyI8LW6SeJAGPWwZY...
Interesting, thanks for the link to the asset too.
Gambling is often just refered to as "gaming" by the industry and legal system, so the word is like "drinking" in that it's both specific and non-specific depending on context. English is a very well thought out language.
Yep, and if you contact their sales directly because you've been bitten before and tell them your traffic they will be happy to tell you that yes, other than a short trial you have to pay them for huge bandwidth from month one. It's actually surprising to me people would believe it's fully free. Like think for a bit that if that was the case Netflix would just move to Cloudflare free tier and Cloudflare would go bankrupt immediately.
Like think for a bit that if that was the case Netflix would just move to Cloudflare free tier and Cloudflare would go bankrupt immediately.
Cloudflare's free tier specifically excludes video. See https://www.cloudflare.com/service-specific-terms-applicatio...:
Content Delivery Network (Free, Pro, or Business) Cloudflare’s content delivery network (the “CDN”) Service can be used to cache and serve web pages and websites. Unless you are an Enterprise customer, Cloudflare offers specific Paid Services (e.g., the Developer Platform, Images, and Stream) that you must use in order to serve video and other large files via the CDN. Cloudflare reserves the right to disable or limit your access to or use of the CDN, or to limit your End Users’ access to certain of your resources through the CDN, if you use or are suspected of using the CDN without such Paid Services to serve video or a disproportionate percentage of pictures, audio files, or other large files. We will use reasonable efforts to provide you with notice of such action.
Replace Netflix with Reddit in that hypothetical then, would they be allowed to serve their substantial non-video traffic through the free tier? If so, you have to wonder why they choose to pay for Fastly instead.
Does this apply to caching R2 with the free tier CDN?
The R2 overview page explicitly lists "Storage for podcast episodes", but a podcast host under the free tier would serve a disproportionate percentage of audio files.
It's been asked and answered many times. https://www.cloudflare.com/en-au/service-specific-terms-deve...
Audio is tiny compared to video (and even images), especially for podcasts, think ~1MB/minute. And they compress well if you want them to be smaller. High quality video (think 4K HDR) can quite comfortably be over 1MB per second.
I assume they don't want to become a file sharing website, but hosting a podcast is relatively easy on the bandwidth requirements.
A music album which gives an hour of entertainment might be distributed in lossless form at a size of 300 MB or so. A similar length TV episode could be between that and 1 GB. Podcasts are usually way lower quality and much smaller.
A lot of people who had large image collections (like myself) online struggled with revenue relative to cost circa 2012, I saw a lot of sites I respected go down, though we did see some new style social sites such as Pinterest, Snapchat, Instagram, etc. Somehow YouTube was doing much better in terms of revenue/cost with video.
Compressing images for the web is not at all trivial, I over-compressed a few million images and really regretted it. When I post to social now I use Photoshop's "(Legacy) Save for web" which has a nice slider for the quality level and find I can get images I take with my Sony to look like they came from a pro camera between 80kb (small flower, blurry background) to 800kb. I see huge splash images on blogs that are smaller, they make a good first impression, look close and the blocking is awful.
What about hosting video on R2 and using the CDN?
Well bad example, but as someone else said, replace with any other large non video service. I'm not making this up, I had calls with sales. And like I said, I don't think this is surprising, it's like "infinite bandwidth" deals from ISPs and phone data plans, etc. It's a reasonable expectation that you'd have to pay at some threshold.
Frankly it’s none of y’alls beeswax what medium of content I’m deploying. I can understand restrictions on illegal and offensive content. I won’t be using Cloudflare if including a file or even putting some base64 in my html file will be a ToS violation.
It's these petty restrictions that make these pricing policies convenient, and it hurts the market :(
https://en.wikipedia.org/wiki/Dumping_(pricing_policy) https://pricecontrol.biz/en/dumping-from-a-to-z/
I haven't heard about this in particular but based entirely on your depiction here it sounds more like fraud to me.
If I was paying a flat rate for a no limit plan, that company tried to sell me an Enterprise plan which I declined, then they cut me off, we'd be in court as soon as the clerk would schedule it.
If you were rotating IPs against the TOS I don't think you'd have a leg to stand on
The GP doesn't mention anything about rotating IPs
And this works IME
I use Cloudflare for hobby projects 90% of the time because it’s free. That dramatically increases the likelihood I advocate for their offerings in the enterprise
> Bandwidth Chicken & Egg: in order to get the unit economics around bandwidth to offer competitive pricing at acceptable margins you need to have scale, but in order to get scale from paying users you need competitive pricing. Free customers early on helped us solve this chicken & egg problem.
I'm not really sure how this works.
Suppose you have paying customers and for that you need X amount of bandwidth. If you add a bunch of free customers then you need X + Y bandwidth. But the price of X + Y is never going to be lower than the price of X, is it? So even if the unit cost is lower, the total cost is still higher and you haven't produced any additional revenue in exchange, so how can this produce any net profit?
If you send 10Gbit/s to an ISP you have to pay for transit to reach it. But if you send 100Gbit/s+ the ISP suddenly is willing to not only peer for free with you but may even host the servers for you in their data center for free. [0][1][2] So yes being bigger can absolutely save you costs.
[0]: https://www.cloudflare.com/partners/peering-portal/
[1]: https://openconnect.netflix.com/en/
[2]: https://support.google.com/interconnect/answer/9058809?hl=en
The point is that that you get your paid offering down to a lower price point because you have the volume to get the cheaper peering deals. Because your paid offering is cheap you get even more volume from paying customers which offsets the loss you made.
it may be, especially if the ISP in question just does direct peering with you, your unit cost can drop to ~ $0/MB, and you stop paying Cogent/Verizion/HE unit cost for facilitating the connection from you to the ISP.
Works for the ISP too, one off cost for them to drop there side of the bill down
I've always wondered if there is an accounting benefit for them. Can the free tier be charged as 'marketing'? No idea how you would internally break up the costs, but it could make your margins look better.
I think this is the important part
> Today we continue to see that benefit in regions where our diversity of customers helps convince regional telecoms to peer with us locally, continuing to drive down our unit costs of bandwidth
If you can peer your traffic you can send it for free.
So lots of small customers, despite not paying anything, is helping to reduce bandwidth costs for Cloudflare to zero.
If they've reduced bandwidth costs to zero then they can afford to give it away for free.
I can tell you from personal experience that getting some ISPs to peer with you is hard unless you are exchanging lots of traffic already.
This is a clever playbook that has made Cloudflare a tier 1 ISP in an age when that is extremely difficult.
It's a very elegant business strategy because you have one clear focus (handle loads of bandwidth), but it can be expressed in so many ways (DNS/Caching, object storage, video delivery/streaming, static site hosting).
> Cloudflare had decided long ago that they wanted to work at an incredible scale.
This reminds me of the story of how Jeff Bezos bought relentless.com. The rest is history. https://pluralistic.net/2022/11/28/enshittification/