> Today, our network spans 193 cities in over 90 countries and interconnects with over 8,000 networks globally, including major ISPs, public cloud providers, SaaS services, and enterprises. We estimate that we operate within 100 milliseconds of 98% of the Internet-connected population in the developed world, and 93% of the Internet-connected population globally (for context, the blink of an eye is 300-400 milliseconds). We intend to continue expanding our network to better serve our customers globally and enable new types of applications, while relentlessly driving down our unit costs.
This right here is a real tech IPO that has a strong portfolio behind it with a viable business model too and with an impact that affects millions of websites. Throughout this year it is just loss-making companies floating everywhere on the markets here and have boarded the hype-train into the red.
I hope CloudFlare with these numbers here don't board the wrong train here.
>Throughout this year it is just loss-making companies floating everywhere on the markets here and have boarded the hype-train into the red.
Cloudflare is a loss-making company too, and their losses are growing. From the S-1: "we have incurred net losses of $17.3 million, $10.7 million, and $87.2 million for 2016, 2017, and 2018, respectively"
Most of the additional 2018 loss is attributable to the major increases in General & administrative and stock-based compensation expenses.
The interesting thing is that net loss in the first half of 2019 is 13% higher than in the first half of 2018 but revenue increased by 48%, judging from the filing's data https://wallmine.com/doc/edgar/0001477333/000119312519222176...
I agree with all of that, but the other important thing (at least to me as an investor) is their 51% growth over two years (with 77% gross margin). You can have the best product, but if you're not actually growing and profitable then as much as I like the company or the product I'll put my investment dollars elsewhere.
They're growing but not profitable. It's easy to grow by giving valuable stuff away below cost. It's not so easy to grow if you're making positive margin.
Given CloudFlare's size and age, why are they losing money?
I don't know for sure, but I would guess it's their aggressive expansion efforts. Those might cost more than they've returned so far. If that is the case, and since their GM is so high, they should be profitable once buildout costs start to plateau.
Looks like a lot of it is sales and marketing expenses which probably help drive growth, their gross margin is pretty great, I think that the key to profitability for them now is a high enough retention rate that they can turn down sales costs when they saturate the market
From their risk factors:
"Our business depends on our ability to retain and upgrade paying customers and, to a lesser extent, convert free customers to paying customers, and any decline in renewals, upgrades, or conversions could adversely affect our future results of operations" (Emphasis mine)
Kind of matches what you are saying. However, a couple of counter-points to consider:
1. Are Cloudfare fees a major portion of your costs and the first to be on the chopping block?
2. Are you OK with the risk that you can withstand cyber-crimes against your property by saving the said amount.
I don't have the numbers yet and I might be wrong but services like Cloudflare are becoming similar to some grocery purchases:
Sure you might skimp a bit during a downturn, but you won't do without them
300-400ms for blinking? is that during a stroke?? I see they went with the top search engine result Quora - not the best source for facts - and the second result states a tenth of a second, which is probably more accurate. we get it, your service is quite fast, as fast as blinking
>On average the human blink lasts only a tenth of a second which is 100 milliseconds. Wow, that’s fast! Sometimes, it can even last up to 400 milliseconds.
This is what the second result says. Bit weird to focus on this for what seems a fantastic startup to succesfully IPO.
Congratz to the entire team, and the CEO (who sometimes visits here I think)
not sure what your point is. pretty sure they use the average ms too in their estimate. this claim is the main driver of their business. they are basically saying their service is 3-4 times faster than blinking, which it is not. blinking is so fast you don't notice it, but that wasn't fast enough! so they amplified based on a dodgy source. false advertising gone nuts.
I think they mean 100ms real latency. HK-NY might be 110ms in theory (or if you have your own infrastructure), but a NY resident pinging a HK server will probably often average around at least 150-200ms.
As a measure of fiber distance, it’s roughly 75 o/w from LA to HK via AAG and the balance lies between LA and NY. That’s before any delays created by layer 2,3 and up.
Only issue is that they don't have that much revenue compared to the amount of interest there will be in their stock so its going to turn into a speculation vehicle.
I'm not sure how that comment holds given what they've outlined. For the 6 month ending in 2019 they had roughly 75k paying customers. Now the interesting part, to me, is that only 408 of them are spending over $100k in annualized billings. Given that they have some runway to expand into organizations who are down a path of transition to cloud. In the S-1 they reference a lot of "band-aid" box vendors (Juniper, Checkpoint, Cisco, Palo Alto Networks, Fireeye, etc) and so they seem to be positioning themselves squarely in the security space in competition for those budgetary dollars. I think this is the right play for them, especially because as cloud offerings continue to blur lines into hybrid architectures Cloudflare sits in a very nice position with CDN, security, VPN, services (DNS), etc. And security budgets are still flush.
But back to your comment... Given 408 customers probably generated the majority of the $100M GP over the first six months of the CY and they have another 74k and change customers they've landed and have potential expand opportunities with, I'm not so sure there's no revenue there to be had.
Now that being said I think the stock will likely float to ridiculous overvaluation at IPO and all the talking heads will argue how those "band-aid" vendors have staying power through brand loyalty and proven models... But, I personally, think CloudFlare will be around as a leader in this space for a long time, especially if they continue to keep playing their cards as they have.
In addition to the 408 larger accounts, Cloudflare probably has a large-ish number of accounts with about $50k in annualized billings, as that's a common entry level for their enterprise plans.
Those I'd expect to slowly but steadily creep up in billings since Cloudflare introduces new products all the time, they tend to be very easy and desirable for existing customers to adopt, and they tend to be upsells over the base enterprise plan.
They list it as a key element of their business model:
> Free customer base—Free customers are an important part of our business. These customers sign up for our service through our self-serve portal and are typically individual developers, early stage startups, hobbyists, and other users. Our free customers create scale, serve as efficient brand marketing, and help us attract developers, customers, and potential employees. These free customers expose us to diverse traffic, threats, and problems, often allowing us to see potential security, performance, and reliability issues at the earliest stage. This knowledge allows us to improve our products and deliver more effective solutions to our paid customers. In addition, the added scale and diversity of this traffic makes us valuable to a diverse set of global ISPs, improving the breadth and economic terms of our interconnections, bandwidth costs, and co-location expenses. Finally, the enthusiastic engagement of our free customer base represents a “virtual quality assurance” function that allows us to maintain a high rate of product innovation, while ensuring products are extensively tested in real world environments before they are deployed to enterprise customers.
This. I've mentioned the first aspect of that in the past here[1][2]. The interconnect benefit never occurred to me, though. That's a neat aspect!
Which just continues to reinforce what I said at the end of [2], about their business model instilling confidence in leveraging them at a free-tier level.
Yea, it didn't occur to me either - as implementers we'd be like "why would we want the responsibility of so much scale that we need to support without corresponding revenue," but in their position they can say "we need all the tooling for that scale anyways, why don't we leverage that into better bulk discounts with the interconnections!" And presumably they've run models that say that their bulk savings from interconnect make this far from just a loss leader.
> And presumably they've run models that say that their bulk savings from interconnect make this far from just a loss leader.
It's basically real world chaos monkeys that are stress testing their systems.
Combined with signal intelligence, those chaos monkeys are actively improving their systems.
Then, as a final bonus, absorbing the DDoS attacks aimed at those chaos monkeys (and their paid tier) provides a lot of globally diverse and distributed inbound traffic to them, favorably offsetting the outbound traffic they're serving from from their network. Improving their position during interconnect negotiations.
There are quite natural synergies that emerge as a product of their particular choices in structuring their business. Which is far more rare of a thing than you'd expect.
This. I have about 20+ hobbyish domains total, & 13 of them are with free Cloudflare Plan, & 3 of them are with their Domain Registrar side. I am completely fine with their free tier & paying for Domain Reg/Renewal. But just in case if in future i need to paygor DNS hosting, I would fallback to regular domain registar's free dns.
I had one website that I was working on, basically zero traffic, besides me testing it. After a couple of months Cloudflare kicked me off the free tier, asked for money. No idea why. I didn't use much of their resources, well within the limits.
Exactly my case! So I have a cronjob that compares the current IP with the previous one and, if different, sends an API request to update the DNS record.
Can you do a quick write up about how to do this? As a web developer, I feel like I should know how to host my own website from my own machine, but I've always struggled to get all the right steps in place. It'd be nice to hear from someone more experienced, so I can make sure to do it correctly!
I've checked icanhazip.com and it's not returning the same ip as the one from ipconfig. What does it mean? Note I know nothing how networks work and that I'm in a corporate network
Your corporate network is using network address translation (NAT) to map an external address, shown on icanhazip.com, to a local network address, shown in ipconfig. You likely share this external address with many other users and mapping services to it will be challenging without having access to the routing/forwarding configuration.
In defense of this user we have had a few system wide outages which have shut down major communications networks and news outlets.
Additionally they're less than friendly to users who strive for anonymity via forced captcha which further empowers google's massive machine learning/data classification efforts.
Cloudflare are big and competition is something they clearly lack.
Site owners can turn off the captcha by reducing the security level.
I understand why it exists, I just wish they didn't use a Google service for it...
The lack of competition probably shows the difficulty of the task. A global CDN is complicated and expensive (physical infrastructure, all the interconnect agreements) and a big technical challenge.
It is quite possible to setup a global CDN overnight. Spin nginx reverse proxies in all AWS, Digital Ocean, and Linode POSs, and you'd have a good enough network. Throw Inna control panel and you got yourself a contender in the budget CDN sector.
Cloudflare was rather innovative, with their authorative and recursive DNS, peering agreements with many ISPs including the ones that others didn't bother about, free SSL (Which they offered with Comodo even before Let's Encrypt), etc.
That is a fast way to burn a lot of money . Cloud Service Providers like the ones you mention heavily marked up sell metered bandwidth with no guaranteed allocation and are considerably more expensive than say a tier-2 player like hetzner/OVH or spinning your own servers in a Colo.
Sure, but no cloud company offers the amount of locations you can get on Cloudflare. Now you've even got edge compute, bringing really low global latencies for some applications.
CloudFlare offers Privacy Pass where with 1 captcha completion you generate something like 20 tokens, meaning you can bypass 20 captchas after that. Sadly nearly every website just uses pure Google captcha which forces you to go through the ordeal every single time.
Is this your product? If so, how can I cash this out into tangible currency rather than an ERC token, and is it possible to select the amount of labeling (ex: users I identify as bad have to go through 10+ pages, users I identify as OK go through 1)?
thanks a lot for articulating my point better then I did, but I don't really care about the downvotes because I know that my opinion will be accepted within 5-10 years if the trend keeps going the way it is... ;)
How so? If the service is WORTH paying for, then it SHOULD be paid for. The world of service, if proven magnetizable, should always be monetized. #FreeMarkets
The salami I try at Costco, as a free sample, is worth paying for. It is food, and it has value.
However, they give me a small sample as an inducement to buy; presumably to increase sales beyond a baseline, in quantities and at prices sufficient to cover the cost of not only the free food they give away, but the labor to do so.
Cloudflare can provide a free product that's WORTH paying for, if their paid product is so much better, and its sales increased by so much, that the free giveaway can be considered a marketing cost that pays for itself.
I'm a #freemarket guy and all, but freemium is a long standing monetization model that many companies have used to accelerate net profits in the long run. Not really anything anti free market about freemium. The problem with freemium has always been building the premium tier that someone wants to pay for :P
> Markets don't equilibrate at the value to the customer any more than they equilibrate at the cost of production. They compromise between the two.
No, they don't compromise between them, nor do they reflect one more than the other: the basic law of supply and demand is that markets clear at the quantity and price where the marginal cost to produce equals the marginal value to customers which also equals the sale price.
assuming a huge number of perfect circumstances which is not how reality works. Assumptions made for what you said to play out include: perfect competition, perfect information, perfect rationality of actors, 0 barrier to entry, that value and cost is strongly bounded and defined on either end, and much more.
Common examples that violate each one in term: Facebook, Used cars, Veblen goods, Utilities, Healthcare.
A market that has one large player that completely dominates certain segment(s) is not likely to be a healthy one that is providing value at near cost, why would it be? The incentive is always to charge as much as possible.
> assuming a huge number of perfect circumstances which is not how reality works.
I don't think there is actually an equilibrium price defined as some kind of compromise between supply and demand curves absent those circumstances, either; there's an actual price at any given time, but it's not an equilibrium (particularly, without rationality—which incorporates perfect information—you don't have any expectation of an equilibrium even if all the other factors are present, at any price.)
Once you are discussing equilibrium—as the post the grandparent addressed did—you are implicitly discussing at least some of the ideal circumstances you’d like to negate.
> Free customer base—Free customers are an important part of our business. These customers sign up for our service through our self-serve portal and are typically individual developers, early stage startups, hobbyists, and other users. Our free customers create scale, serve as efficient brand marketing, and help us attract developers, customers, and potential employees. These free customers expose us to diverse traffic, threats, and problems, often allowing us to see potential security, performance, and reliability issues at the earliest stage. This knowledge allows us to improve our products and deliver more effective solutions to our paid customers. In addition, the added scale and diversity of this traffic makes us valuable to a diverse set of global ISPs, improving the breadth and economic terms of our interconnections, bandwidth costs, and co-location expenses. Finally, the enthusiastic engagement of our free customer base represents a “virtual quality assurance” function that allows us to maintain a high rate of product innovation, while ensuring products are extensively tested in real world environments before they are deployed to enterprise customers.
It adds latency to API services, it doesn't add value in conditions where you aren't under attack. It inhibits legitimate users with privacy controls (and/or Firefox) in place.
It may or may not be worth it, but it isn't a panacea.
> We have experienced significant growth, with our revenue increasing from $84.8 million in 2016 to $134.9 million in 2017 and to $192.7 million in 2018, increases of 59% and 43%, respectively. As we continue to invest in our business, we have incurred net losses of $17.3 million, $10.7 million, and $87.2 million for 2016, 2017, and 2018, respectively. For the six months ended June 30, 2018 and 2019, our revenue increased from $87.1 million to $129.2 million, an increase of 48%, and we incurred net losses of $32.5 million and $36.8 million, respectively.
Compared to the numbers we've seen for recent tech IPOs, being on track to lose about $72M for 2019 seems reasonable.
Also, haven't read through it all but I'm curious how strong this clause will be for future control:
> The dual-class structure of our common stock will have the effect of concentrating voting control with those stockholders who held our capital stock prior to the completion of this offering, and it may depress the trading price of our Class A common stock.
They went from growing at 60% YoY in 2017 with an 8% Operating Loss, to growing 43% YoY with an Operating Loss of 44%.
To put it another way, in 2018 they grew their revenue 40% (+$58m) and grew expenses 100% (+$115m).
I mean, apparently they raised a huge round and felt the need to increase spending massively. And then saw slowing growth as a response?
Was there a massive boost in R&D output? Entering entirely new product lines? My uneducated impression is that they offer largely the same product this year as they did last year.
The only thing I can think of is that they went from “scrappy startup” to “bloated unicorn” status?
My guess: new development-intensive products like the 1.1.1 DNS, Wireguard, WAF etc plus general scaling and growth on one side, and increased competition from established cloud services on the other.
After all, if you are already on eg AWS, just using Cloudfront is temptingly easy. (even if bad from a redundancy perspective)
It's easy, but we're saving thousands of dollars a month using Cloudflare instead of our cloud service provider's CDN (~250TB/month), and that's without any kind of discounted egress agreement between our cloud service and Cloudflare (which is supposed to be in the works, but it's been literally years with no further word)
Assuming you’re already integrated on AWS, just using Cloudfront is a lot easier than Cloudflare. You’re likely already using S3, maybe use CloudFormation as well. Then it’s often much more straightforward to use AWS services rather than a third party provider.
Arguably a lot of that R&D should be capitalized and not be on the I/S. Investments like that shouldn’t impact net income. I’m more concerned with G&A going up 500%.
They are claiming the work needed to become IPO ready (accounting, legal, etc) spiked G&A. I see that a good a chunk of that was 1 time consulting but most was from additional staff.
Both CloudFlare and Zoom are pretty great products and as much as I applaud their team's IPOs, I'm worried that the vagaries of being a public company will result in the GOOG syndrome. That's where a company with a great product is forced to expand every quarter to the point that it becomes a frankenstein-ish hulking version of itself.
Why not just pay a dividend? That's what stocks are supposed to be, shares of ownership in legitimately valuable enterprises with return on investment.
Well, at least prior to 2003 there was a strong incentive to prefer gains from stock sale since it could get long term capital gain tax rates (15% now, 20% at the time) vs. dividends which would be taxed as normal income. Since then however, qualified dividends are taxed the same as long term capital gains.
There's more to it than that. In order to pay dividends, you have to pay corporate tax before you can pay out the dividends. And that is almost 40% on the top end. So the effective tax of qualified dividends is more like 60%.
Alternatively, if you can stash money overseas in tax free accounts or invest the money back into the business to avoid taxes, then you only have the long term capital gains tax.
No, the return on investment is provided by the claim on assets at dissolution. It can be realized in advance of dissolution (since, as it turns out, companies tend these days to be chartered for open-ended purposes and so not to dissolve when successful) either by trading the claim for money or by the company doing periodic partial dissolutions. The whole idea of public trading is to enable the first to be done efficiently, dividends provide the second, but there is no reason a firm must do both. A firm that does neither makes it harder to realize returns but some investors may be happy to trade that for what they perceive to be higher returns or better serving non-financial interests the investor has.
Growth will also give return on investment. I'd rather see Cloudflare invest in growth and R&D than give a dividend. They are nowhere near finished growing.
Yep, this would be a godsend. They're already doing something similar with Workers and I do hope the trounce other cloud providers in providing a "Serverless Cloud"
The purpose of an IPO is to raise money to do something. It doesn't make any sense to sell part of your company to a random set of people, just to pay them back over time. That's like me getting a mortgage for my house and after 30 years I pay back the mortgage and the bank still gets to own my house.
That’s what it’s original intent was, but an IPO is now a way for all the investors to earn a return on their private investment and cash out at any time moving forward.
In all fairness, private investment was much lower when this was the case. Companies used to do an IPO much earlier when they needed funding instead of raising hundreds of millions in private investment money.
I believe the point is that you if you don't need to raise any money, you can do a direct listing instead of an IPO. Then you allow investor liquidity without selling equity.
> It doesn't make any sense to sell part of your company to a random set of people, just to pay them back over time.
It's unfortunate that this doesn't make sense to you, because that it literally the original purpose of shares in a company.
Someone wants to finance a voyage to a far-off land to trade. To do so, they form a company and issue shares of the company. The profits off the voyage (if any) are then divided amongst the shareholders, in proportion to shares held. It was a pretty good idea.
(Debt is not the same as equity, not sure why you are talking about mortgages).
The owners will make more money if they double the company's value than spend their profits on a 5% dividend to shareholders. Simple capitalism at work.
These are huge swings. Each of these projects has the potential to increase the company's value by $100B and only cost single digit $B. Same model as VC.
They're also arguably more cost-efficient if a large portion of investors would just take their dividend and use it to reinvest in the stock - the buyback means that group don't need to incur the friction costs of doing so.
While this may be true, they seem to be largely funded by debt. Taking on debt and not using it for capital seems exceedingly risky in the face of a recession.
And I gather this popular because of the tax implications of a dividend vs increase in stock price. I'm in favor of people paying taxes, so I'd prefer a dividend.
This is an entirely different problem and not really true, except for the companies that do so to avoid repatriating foreign capital and incurring US tax rates.
Exactly! I don't why Internet folks fall into this trap time and time again! It's probably simply because it is an easy and quick way to tell your boss your website is protected consequences be damned.
I can imagine the next Edward Snowden will reveal the intelligence community's direct line into the traffic running over Cloudflare's infrastructure. Cloudflare is providing DNS and HTTPS services on a massive scale which means they can essentially MiTM any of their customers on behalf of the government.
It depends on the topic of discussion. If we are discussing the viability of a company, and trying to project long term success, then this is all good news.
If you are discussing whats best for society and how these businesses impact those things, then this could be alarming news.
There's a big shift towards privacy happening now. If Cloudflare came out a decade ago I'd also be in their camp. But the risks are too high and developers are starting to recognize that Cloudflare is far from free and comes with long terms consequences for the health and resiliency of the internet.
I appreciate how they pushed HTTPs widely. But now that's Let's encrypt exists there's no excuse.
Ill also never forgive them for making Tor completely unusable for accessing any normal website. It's almost impossible to pass the security checks and if you do another one is coming once you switch IP. I understand Tor is a niche product but it's an important one for activists and other persecuted people. And it will only continue to grow in importance as the dictators all learn how to do NSA style mass surveillance.
The DDOS stuff if the harder problem to solve and I don't know enough about it to judge the competition's ability to offer it safely and privacy friendly way.
I mean, that's like your opinion or whatever, sure. But this S-1 filing is about if they are a sustainable business. And none of what you touched on would seem to have any serious impact on their business model.
The Tor stuff feels way over blown to me. I worked at CF while it was a problem, and was an avid Tor user at the time. It was a terrible user experience, but it wasn't completely Cloudflare's fault. They didn't target Tor users, Tor exit nodes have terrible IP rep which is an industry standard for risk rating IPs. ReCaptcha had some functional issues that could not be solved by Cloudflare. And lastly, site owners did next to nothing to support their Tor visitors even once dedicated options were available via the IP Firewall. This seems like hyperbole, especially as JGC was avid about getting this resolved, and was very public with the discourse. Companies don't do things perfect all the time, and it seems extreme to hold CF purely responsible and hold onto that anger for something that's long been resolved.
In the end, everything in this S-1 is promising for people interested in tech businesses, which is what many people are praising. They already generate a profit, their operation costs are reasonable, etc.
> They already generate a profit, their operation costs are reasonable, etc.
They don't turn a profit, and their operating costs are growing sharply. From the S-1:
> As we continue to invest in our business, we have incurred net losses of $17.3 million, $10.7 million, and $87.2 million for 2016, 2017, and 2018, respectively.
There's always a compromise with privacy that people are willing to ignore in the short term, but I'd rather bet on long-term trendlines than people's laziness today.
Their business model of taking over and centralizing whole sections of internet will continually cause a backlash. They only have a percentage of all traffic today and it continues to increase. And apparently so does their willingness to not be a neutral service provider as we saw with 8chan, which is in stark contrast to their policy towards the LulzSec hackers and plenty of other "bad guys".
I'm sure Cloudflare will continue to be a good business in the short-term, but that should never be the relevant metric for any business. But it will become more and more obvious to everyone the bigger they get.
> Centralization of the entire internet behind a single entity is a _bad_ thing
They do the opposite. They enable small website owners to survive on the internet without having to use vertically integrated services like cloud offerings.
I'm not sure you fully understand the problem. If I hit the big red button and just shut Cloudflare off, millions of websites drop off the Internet. It is a massive single point of failure, and as you point out, a vertically integrated service (DNS, DDoS protection, WAF, proxying, etc).
I have said that it's not a vertically integrated service. Others are. Like S3. Or GCP. Cloudflare makes it possible to avoid the big clouds and do your own hosting or to use a smaller hosting company.
As for the millions of websites going offline. Surely, Cloudflare has tons of customers. It's an internet scale company. If they act sloppy and have tons of downtime a competitor might take over. If it's hard to architect a DDoS protection service in a robust way then that's just the world we live in. But I think you should appreciate that Cloudflare sells DDoS protection (their core product atm) without selling you a big package like http serving or root servers.
DNS is far from centralized and DDoS protection is something that small websites would have no ability to do on their own. It isn't just a convenience thing, it's a literally-impossible-without-scale thing.
That's optional and has been for awhile now I believe, you can CNAME from your own DNS provider. While that does rely on their DNS for that one record, it means you still have control to changeover if need be.
And, that doesn't change the point... the website protected by cloudflare still controls the effective dns for that site. The lookups are controlled, and CF is a mitm vector.
A client deployment of an app, that the client had behind cloudflare was making 80ms API requests take 8 seconds. It's not always great.
I'm not saying that there aren't alternatives, and that people have to use Cloudflare... but there really isn't much in the way of an alternative at even a similar level of support and price on the low/introduction side of things. The issue regarding recaptcha can be REALLY annoying, especially on a non-google browser.
Not only that, Cloudflare has helped to ensure that DDoS protection is something that every website needs. Under normal circumstances, all the shady DDoS-as-a-service providers would DDoS each other off the internet and leave everyone else in relative peace. However, Cloudflare kindly provided them all with free, world-class, no-questions-asked DDoS protection to ensure that they could continue operating their business of destroying sites that didn't use Cloudflare.
See for instance https://krebsonsecurity.com/2015/01/spreading-the-disease-an... or more recently https://www.secureworldexpo.com/industry-news/does-cloudflar... - this has been going on for years and is officially permitted by Cloudflare policy. (The reason why these booter services need such good DDoS protection is that knocking the competition offline makes for good business - it's a great demonstration of effectiveness and cuts off their business at the same time. In the pre-Cloudflare era those services were locked in an almost continual war against each other.)
Look at any big cloud provider or CDN and the same can be said. If you don't have a DR plan in place to bypass a CDN provider in a downtime situation then you're doing something wrong. (assuming it isn't a hobby project)
It's really both. I think the biggest issue that some have is that Cloudflare has no real competition at this point for those that cannot afford the more expensive options. And combined with that, they control a very large portion of internet web traffic and are in a position where they could potentially be heavily influenced by government actors.
I'm not saying that it's happening, or even that it is the biggest concern for most. But it should be a bit of a concern to some, and one may want to think about if they really want to use them in this context. It's a matter of knowing and evaluating all of the risks involved.
Does it really matter for a static blog that only publishes a few articles a week? Not so much.
Does it matter for a media company that publishes articles a government doesn't like and initiates contact through it's website? Probably.
If you are just using the basic service for a firewall/DDOS protection and CDN there doesn't seem to be much lock in. If other competitors come along, and they undoubtedly will if Cloudflare proves the value of the market, it should just be a matter of switching your DNS records to said competitor. Maybe I'm not imaginative enough, so please share if I'm not thinking of something, but it doesn't seem like their market share makes it harder for other competitors, they aren't monopolistic.
You're giving CF too much credit. They are very small fish, as it seems from the S-1. But still dangerous because they MITM while operating for free at loss, so don't reuse passwords and logins between sites.
Yeah, from a citizen perspective I agree. C'est la vie. Our governments need to work against this via legislation.
It should not be up to Matthew Prince to decide who to block. He has demonstrated his inability to function as censor in a very visible (and frankly embarassing) way.
> He has demonstrated his inability to function as censor in a very visible (and frankly embarassing) way.
How? There have been exactly two cases of "censorship", and that is the Daily Stormer and 8chan. One is an utterly vile peddler of antisemitism (literally named after a Nazi paper) and conspiracy theory, and one was linked to at least three terroristic attacks. If it were not white supremacists but Islamists, it would be closed down in an instant and no one would bat an eye.
If anything, Cloudflare seriously lacks (like Facebook and Twitter) policing their customer base.
>If it were not white supremacists but Islamists, it would be closed down in an instant and no one would bat an eye.
This is ironic since Cloudflare has famously been under fire because Prince specifically decided against removing ISIS websites from Cloudflare and vehemently defended his decision that Cloudflare should not be censoring anyone.
Prince himself even agrees with the parent comment, and he goes into pretty good detail in his blog post here [1] about why companies like Cloudflare should not be able to make the decision to remove websites, and that it should be left up to governments. I guess he got overruled on that stance when it came to 8chan, though.
> where there actually seems to be a viable business model.
It has carried them this far, but the real money will be when they turn to advertising (which investors will eventually figure out and insist on).
Remember all the crazy marketing data ISPs wanted to collect, then we pushed everyone to move to TLS? Well Cloudflare unwraps TLS for all their clients and is in a position to collect all the same data.
The fact that Zoom has gotten software engineers to _like_ Zoom is a testament. Most engineers I know detest almost all video conference solutions. Hangouts eats batteries for breakfast, Cisco products are clunky and expensive, Skype is ancient, etc.... but Zoom just works.
Unless you're one of their many competitors, like, say, AWS. From the S-1:
"Our current and potential future competitors include a number of different types of companies, including:
• on-premise hardware network vendors, such as Cisco Systems Inc., F5 Networks, Inc., Check Point Software Technologies Ltd., FireEye, Inc., Imperva, Inc., Palo Alto Networks, Inc., Juniper Networks, Inc., and Riverbed Technology, Inc.;
• point-cloud solution vendors, including cloud security vendors such as Zscaler, Inc. and Cisco Systems Inc. through Umbrella (formerly known as OpenDNS), content delivery network vendors such as Akamai Technologies, Inc., Limelight Networks, Inc., Fastly, Inc., and Verizon Communications Inc. through Edgecast, domain name system vendors services such as Oracle Corporation through DYN, NeuStar, Inc., and UltraDNS Corporation, and cloud SD-WAN vendors; and
• traditional public cloud vendors, such as Amazon.com, Inc. through Amazon Web Services, Alphabet Inc. through Google Cloud Platform, Microsoft Corporation through Azure, and Alibaba Group Holding Limited through Alibaba Cloud. "
"premise" is a thought or idea. "premises" is a location, like your servers can be "on-premises". Completely different meanings.
I hear lots of people these days mistakenly saying "on-premise" during hybrid-cloud conversations and in documentation when they really mean "on-premises". (And yes, looks like I've been down-voted for my first hacker news comment too.)
You can also add DocuSign (last year) to that list. They're heading toward a billion in annual sales and they offer a straight-forward and useful service.
> I'm sure it's just in my head, but it feels like the first tech IPO in several years where there actually seems to be a viable business model.
The companies listed above have what appear to be viable business models. I didn't intend to comment on technical merits, but I think you may be underestimating the technical depth of what some of these companies are doing.
Activities of our paying and free customers or the content of their websites or other Internet properties, as well as our response to those activities, could cause us to experience significant adverse political, business, and reputational consequences with customers, employees, suppliers, government entities, and others.
... We also received negative publicity in connection with the use of our network by 8chan, a forum website that served as inspiration for the recent attacks in El Paso, Texas and Christchurch, New Zealand. We are aware of some potential customers that have indicated their decision to not subscribe to our products was impacted, at least in part, by the actions of certain of our paying and free customers. We may also experience other adverse political, business and reputational consequences with prospective and current customers, employees, suppliers, and others related to the activities of our paying and free customers, especially if such hostile, offensive, or inappropriate use is high profile.
It’s odd to have these IPOs in the middle of August, in the middle of a super volatile market. I can’t help thinking that there must be a sense of urgency, based on the perception that this is the last opportunity before a bear market and much more modest (realistic?) valuations.
> It’s odd to have these IPOs in the middle of August
Read my other comment further down. It is from doing your private SEC filings in December to use a loophole to avoid disclosing a bunch of information.
These companies didn't just wake up in the morning and plan to IPO, it a good 18 months of planning that end with a public filing.
That's all well, but I am more familiar with bond issuances than equity, and the issuer always has the option to delay until the right market conditions, and I don't know any banker who would ever advise issuing in the middle of big market correction, in the least liquid part of the year.
You actually have that option but there is a limit to how much you can delay - I'm not familiar with US regulation but in most jurisdictions I know about you could delay for max 3 months after your public submission (mostly due to the fact that you present quarterly numbers on the prospectus, which means you need to update it X days after closing the quarter).
This is just about when kids go back to school. You see fewer IPOs over the summer because the bankers are all off in houses in the Hamptons or Nantucket. Your underwriters may not want to IPO until you get back, and there will be fewer people to buy your shares.
I'd actually love a subscription that covers multiple low-traffic domains.
Next to a few business accounts for larger projects, I probably have 30 low traffic sites which aren't much of a cost for Cloudflare. I'd happily throw something like 20$ per month their way to have them covered.
This is perfect timing considering they made headlines all of last week for banning that one site from their platform. But Google Trends seems to reveal that the banning incident was only 1/4 of the search volume they got for their big service outage on July 2nd:
> Following the events in Charlottesville, Virginia, we terminated the account of The Daily Stormer. Similarly, following the events in El Paso, Texas, we terminated the account of 8chan. We received significant adverse feedback for these decisions from those concerned about our ability to pass judgment on our customers and the users of our platform, or to censor them by limiting their access to our products, and we are aware of potential customers who decided not to subscribe to our products because of this.
Am I reading this right when it looks likes they spend twice as much money on sales as engineering?
There was also a very strange spike in stock compensation in 2018, $27,000,000 compared to $2,755,000 in the previous year and $1,849,000 in the next. What happened there?
The limit for a ticker symbol on NYSE is six characters... from Section 2.1 of the NYSE Symbology spec [1]:
The NYSE defines the symbol into two parts: a root and a suffix. The root constitutes the first part
of the symbol and it can be up to six characters (although traditionally, most symbols representing
companies only use a three-character root).
That said... in the early 00's, our is_nyse(ticker) function looked like: { return ticker.size() == 3; }
> Bankrupt electronics retailer Tweeter Home Entertainment soared nearly 1,000% in 2013 after Twitter (TWTR) filed to go public. That's because Tweeter's ticker was "TWTRQ" and Twitter had registered for "TWTR."
The maximum, as provided by general consensus are 4 letters. The fifth letter, when applicable, signifies company status. "Q" for bankruptcy, "A" or "B" for class names, "E" for delinquent, "J" and "K" for voting and non-voting respectively, and so on. See https://www.investopedia.com/ask/answers/06/nasdaqfifthlette... (doesn't just apply to NASDAQ)
Cloudflare has excellent offerings in the networking space, their tech stack seems solid. The customer base seems loyal: Once you're a customer, free or paid, there's very little reason to move out. Their revenue has been growing 43% and 59% for past 2 years: The business side of things seem to be kicking along at a good pace. They seemed to have figured out a perfect balance at offering services to freelancers, to small to medium businesses, to enterprises, to Fortune 500s. The diversity is astounding.
A few acquisitions and the next thing you know they are in the video-streaming business, in the ISP business, in the mobile carrier business as 5G rolls in and what not: The possibilities are endless? Esp as the world becomes more and more connected (IoT and proliferation of smartphones) and business move online, security and speed at scale are going to be of paramount importance and Cloudflare is primed to seize that market, imo
From running a honeypot network to winning techcrunch disrupt to this. What an amazing journey. One the few tech IPOs I'm genuinely excited about.
Curious: are you using the default player, the player but customized (as per the docs), or the trick to get the HLS manifest via `videodelivery.net/{video_id}/manifest/video.m3u8`?
Completely unrelated: the font that they chose to use in their marketing material looks a lot like San Francisco. I didn't know you could use it for promotional material that wasn't software for Apple's platforms.
I could be wrong here but my understanding is that the letter forms of a font are not subject to copyright, only the font file itself. This is why Microsoft was able to create Arial which is a virtual clone of Helvetica without it being a derivative work.
Actually, not necessarily. Drawing font glyphs is certainly protected by copyright (even if not filed, an implicit one) as artwork. You probably wouldn't get prosecuted because they probably couldn't prove if you copy-pasted, but it's still the work of an artist.
Typefaces are not covered by copyright in the US. Bitmapped fonts aren't either as that's just a computerized version of a typeface. Other types of fonts are covered by copyright as they're computer programs that tell the computer how to draw the typeface. This means unless a typeface was created for and used in a trademarked logo there is no protection on it and you can freely recreate it by tracing the output of an existing font.
So far the CEO has twice bowed to public pressure and unilaterally removed completely legal websites from the service because he perceived hosting them made Cloudflare's brand look bad.
As a publicly traded company the company is now actually accountable (rather than just in his head) to a slice of public opinion and to keep the brand as profitable as possible. That means not providing services for anything controversial.
As Daily Stormer and 8chan have shown, CloudFlare has very few competitors and seemingly none that don't censor.
8chan jumped ship to BitMitigate when CloudFlare dropped them, and then BitMitigate dumped them when they had their backbone link yanked out from under them.
Neither site broke any US laws, but they were both controversial.
In the personal/SMB spaces, you're right. Of course, enterprise remains their cash cow, where they compete with the big boys (akamai, incapsula, etc.).
> Neither site broke any US laws, but they were both controversial.
This is basically why so many are bothered by CloudFlare's decision. Who decides what's controversial? We've seen many examples in the past of normal views being "controversial".
What's the difference between this and choosing not to bake a cake for a gay couple? Plenty of people cheered Cloudflare for taking down TDS and 8Chan, but the same people got up in arms to demand a private business provide service to a protected class. Last time I checked political affiliation was a protected class in CA and political activity was a protected class in CA & NY.
> political activity was a protected class in CA & NY.
Yes, but cloudflare is not denying a job to any of those people. Not to mention there are certainly threats of violence on those sites, which are technically illegal. That's grounds enough to take the site down.
I argued above that cloudflare's actions were concerning, but at the end of the day, it's cloudflare's network. Do you really want the state compelling by force a firm to carry the traffic of any one? I don't, and find it the only option more concerning than a firm arbitrarily refusing to do business.
I personally dislike the actions of cloudflare in this case, and am allowed to criticize them. However, I don't think it makes sense to have the state enforce my criticism via compulsion.
Not parent, but probably. If they weren't legal, there wouldn't be an issue: Cloudflare complying with the law to block illegal websites would be a non-story.
Cloudflare making the decision not to serve specific customers in a legal fashion that does not discriminate against any protected groups is a non-story as well.
You don't often see private businesses making decisions like this on the front page of the new york times, but this one is a hot topic. They have no social, moral, or ethical obligation to serve these customers, and one's disagreement with that does not mean we should be forcing individuals to cater to everyone.
Something doesn't have to be illegal for it to be a story and it's not ideologically inconsistent to agree that Cloudflare has the right to not serve these customers while also scrutinizing them for it. What is legal/illegal is not a substitute for a personal value system.
A company as large and important as Cloudflare disconnecting a client for moral or public outrage reasons is a big story and they should be watched with a careful eye even if you agree with the outcome.
"Activities of our paying and free customers or the content of their websites or other Internet properties, as well as our response to those activities, could cause us to experience significant adverse political, business, and reputational consequences with customers, employees, suppliers, government entities, and others."
As a non-expert in the specific industry, but a tech person who reads S-1s with interest, I like the look of Cloudflare. It is providing a global infrastructure product and clearly building something that other companies will use and integrate in way that makes it sticky to leave.
I can't remember who said it, but I definitely subscribe to the idea that cloud providers are essentially a tax on businesses that use the internet to drive their business.That makes CF attractive.
My feeling is that the risk that will affect it in the long run are macro: global downturns, over reliance on a specific sector, regulation, freezing out of markets due to unfair competition from local players and spikes in energy costs (curious why this wasn't mentioned in the S-1 specifically)
They also have no outlined plan for the capital they will raise, this may be a good sign, no bold bets, just keep the marketing spend going and achieve greater scale.
It's getting harder and harder to judge if something is a good bet these days. Nobody is actually making a profit, the dual stock structure is troublesome, and the access to capital feels too easy. Ir frustrates me that it's impossible (for a mere mortal with €500 a year to invest) to get in at an early stage when you can watch the value rise and feel a connection with the company.
I like this S-1, and in my opinion CloudFlare aren't even scratching the surface of their full potential. Their future growth opportunity is unicorn x 10.
I mentioned it in the We S-1 thread, but it really weirds me out that the S-1 is the first chance the public has a chance to see a company’s financial status.
More importantly, why should all financials be public? I think this could be something that made more sense before the internet age; before all such information was searchable so easily. Why is how you manage your finances my business? Why is how Cloudflare manages its finances my business? Unless, of course, it is applying to have every one as a potential investor, in which case it makes sense to inform every one as to its financials.
Because a large number of people in society have a legitimate interest in the financial position of a company, irrespective of whether it is private or publicly listed.
Cloudflare have around 75,000 paying customers (not to mention those on the free tier) who are dependent on their services, and would probably like to know if they’re about to go bust.
As would their employees, suppliers, private shareholders, creditors, etc.
Then this sounds like a contractual issue between Cloudflare and such people. I don't see why financials have to be publicly available for this to happen. In any case, it is rare that a company goes under with no warning. Even if it's not "public information", it's usually evident if it's seriously strapped for cash.
Correct, but you take a risk when doing business with any company. You find ones of good repute, you meet with representatives. Usually, it's noticeable if a company is really struggling. It is not the job of the state to make business transactions risk-free, only to provide courts for the adjudication of fraud and breach of contract.
Private companies in the UK file accounts publicly every year. It's an exchange for creating a legal concept that allows someone to absolve themselves of any liability for their company's obligations. I know companies in Germany do the same too.
Not surprising that this is the case in Sweden and Norway, but not in the US, Australia, etc. Aside from the fact that obviously billionaires and corporations don't want the public seeing how they avoid tax, sometimes I suspect that the culture of keeping our salaries secret was deliberately created by the 1% to keep wages low.
“I suspect that the culture of keeping our salaries secret was deliberately created by the 1% to keep wages low.”
I often exchange salaries with people and one thing I have noticed that the people who were against transparency because they thought they had negotiated well often turned out to be at the lower range. Usually after exchanging salaries it turned out that a lot of people had been blatantly lied at by management. It’s much easier to negotiate if you really know what the common numbers are.
Did some research based on your comment - I was surprised to learn that 13% of Norwegian population are now immigrants. It also looks like the vast majority of population growth (1%/year) comes from immigration.
Note that even if you meet the eligibility requirements, if the IPO is sufficiently popular you may still not get a chance to participate, as the institutions and people in line before you may have already bought all the shares.
The risk factors directly address the questions behind whether taking down 8chan and other sites was related to an upcoming IPO:
> Even if we comply with legal obligations to remove or disable customer content, we may maintain relationships with customers that others find hostile, offensive, or inappropriate. For example, we experienced significant negative publicity in connection with the use of our network by The Daily Stormer, a neo-Nazi, white supremacist website, around the time of the 2017 protests in Charlottesville, Virginia. We also received negative publicity in connection with the use of our network by 8chan, a forum website that served as inspiration for the recent attacks in El Paso, Texas and Christchurch, New Zealand.
> Following the events in Charlottesville, Virginia, we terminated the account of The Daily Stormer. Similarly, following the events in El Paso, Texas, we terminated the account of 8chan. We received significant adverse feedback for these decisions from those concerned about our ability to pass judgment on our customers and the users of our platform, or to censor them by limiting their access to our products, and we are aware of potential customers who decided not to subscribe to our products because of this.
I've intentionally avoided using Cloudflare's services when I can get away with it. I am afraid of what we are giving away to entities like this in the region of security. One gaping MITM vector.
Circa 2011 I was doing support for MaxCDN and from time to time there were recurring issues with Cloudflare and our service being used together with a WordPress plugin. They ended up reaching out and we all got on a call not knowing what to expect. Long story short, call went great and we worked together on a solution that helped our shared customers. Cloudflare has made the CDN industry better. They've made huge contributions to the open source and webperf communities and I'm really happy for them.
"we may maintain relationships with customers that others find hostile, offensive, or inappropriate" these dudes would be neutral in the face of Sauron.
yes, a long post defending neutrality. What I'm accusing them of is exactly what this post espouses: that they think that neutrality is de facto virtuous no matter the stakes and no matter who is endangered, so I don't see how this post is counter to my claim that they would be neutral in the face of Sauron.
> we have followed the law and remained content neutral as a network.
This blog post essentially says "if Sauron wanted to set up shop to recruit and use our services, that would be fine unless Sauron said that we liked him, if we were under public pressure to drop him, or if it were literally illegal for us to front his network":
> The tipping point for us making this decision was that the team behind Daily Stormer made the claim that we were secretly supporters of their ideology.
It doesn't say "we would be opposed to Sauron using our services because he intends to enslave Middle-Earth and we don't think we should help him do that". I think that having no regard for the consequences of your actions reflects poorly on the tech industry.
I don't think that being neutral is values-agnostic, I think that neutrality benefits the oppressive and those already in power, and that adhering to neutrality at all costs is a form of fundamentalism.
Surely I'm not the only one who finds it suspicious that Cloudflare, as a startup, somehow invested so much money and other resources into an infrastructure that other corporations would struggle with.
That Cloudflare is a giant MitM hostile to Tor and previous cooperation with the government in a past business leads me to believe Cloudflare is nothing more than a US government operation in the guise of a business.
this is a normal sentence in every S-1 you care to name.
EXTREMELY SERIOUS WARNING (printed on a separate page, in red letters
on a yellow background): Unless you are as smart as Johann Karl Friedrich
Gauss, savvy as a half blind Calcutta bootblack, tough as General William
Tecumseh Sherman, rich as the Queen of England, emotionally resilient as a
Red Sox fan, and as generally able to take care of yourself as the average
nuclear missile submarine commander, you should never have been allowed near
this document. Please dispose of it as you would any piece of high level
radioactive waste and then arrange with a qualified surgeon to amputate your
arms at the elbows and gouge your eyes from their sockets. This warning is
necessary because once, a hundred years ago, a little old lady in Kentucky
put a hundred dollars into a dry goods company which went belly up and only
returned her ninety nine dollars. Ever since then the government has been on
our asses. If you ignore this warning, read on at your peril you are dead
certain to lose everything you've got and live out your final decades
beating back waves of termites in a Mississippi Delta leper colony.
Still reading? Great. Now that we've scared off the lightweights, let's
get down to business.
EXECUTIVE SUMMARY: We will raise [some money], then [do some stuff] and
increase shareholder value. Want details? Read on.
This comment is on every S1 thread. And every time someone mentions that it is essentially standard copy for all S1s, because you can never guarantee anything on the market.
Right, it is strongly in your best interests to be as pessimistic as possible in your disclosures. Even if you expect to turn a profit next year, the market is finicky, and if you don't meet your projections then absent these sorts of S1 disclosures you open yourself to legal liability for misleading investors.
>We have incurred net losses in all periods since we began operations and we expect we will continue to incur net losses for the foreseeable future.
The admission that "we've never made money and there's a good chance we never will" being boilerplate S-1 copy is monstrously troubling.
When no one needs to see that a company can made a dollar before investing because profit is for suckers and this company's probably going to be a unicorn, maybe that's the stock tip from the shoeshine boy.
Fair enough, but there may be a small middle ground between "guaranteeing a return" and "never made a dime in profit and in fact is burning through millions or billions of dollars annually with no expectation to stop any time soon"
Search google for `site:sec.gov and we expect we will continue to incur net losses for the foreseeable future` - a nearly identical phrase is a frequent occurrence
Well, revenue of ~$130M, net loss of ~$37M. They aren't bleeding money like Uber or WeWork. You can imagine many ways they could close that gap, and in fact, the ratio has improved over the last few years.
"Why go public if you literally say you won't make money?"
Because you can get rewarded heavily for it.
They have $88 million in working capital as of June 30, 2019 and are on track to lose another $40 million before the end of the year, so they need more capital. With $330 million carrying value of preferred stock, I think it's go public, somehow issue 100s of millions of dollars in debt or die.
This is a risk report, and such statements represent a dire case outcome. It is the goal of everyone involved to make sure this doesn't happen, though its there because it could.
Another unicorn strikes. Is it just me, or have all of these companies decided to do IPOs around the same time? I mean uber, lyft, we work, and now cloudflare. I wonder who's on the menu tommorow
If you started your filings in December of last year, right about now is when your public disclosures hit.
Why December? Because if you made less than a billion dollars in calendar year 2018 and filed in that year, you can carry over your "small business" (I don't remember the exact name) status to 2019. Under the JOBS act, qualifying businesses aren't required to disclose executive compensation and a bunch of other stuff.
It's too bad that Matthew Prince consistently violates 1A rights by hiding behind the "we're a private company" excuse... other than that, they're poised to succeed.
Are any people in agreement with me that Cloudflare's emphasis on neutrality is actually a bad thing?
I see several comments admiring how Cloudflare is willing to serve alt-right/nationalist/racist content in the name of avoiding censorship.
I never understood why this is a good thing. The argument seems to be that not-censoring things is valuable because who knows when Cloudflare censors something that is actually valuable/not racist or nationalist.
Considering tech companies tend to censor right-wing extremist content, I consider the probability of that happening to be very low.
I quite like the way how Cloudflare has managed things so far. It is like Apple being the GateKeeper, they have the power, but they wont use it unless they absolutely have too.
If they started to actively banning and censoring content then at some point they are highly likely to corupt themselves and misuse that power.
Cloudflare is amazing but in the long-term they're incredibly dangerous to the future of the internet as they further consolidate traffic and power via their network.
"In the two years since the Daily Stormer what we have done to try and solve the Internet’s deeper problem is engage with law enforcement and civil society organizations to try and find solutions. Among other things, that resulted in us cooperating around monitoring potential hate sites on our network and notifying law enforcement when there was content that contained an indication of potential violence. We will continue to work within the legal process to share information when we can to hopefully prevent horrific acts of violence."
Monitoring?? Sounds a lot like surveillance and spying to me. This is why they want to MITM the entire Internet. All encryption becomes useless. Breaking privacy and security just like Facebook. They even co-opted Wireguard recently. If you understand and see where this is going, stay away from them.
Yeah that is where it always starts. Think of the children. Childporn. Terrorism. Until it becomes "hate speech" and whatever else the masters dictate.
Advocation of violence has been unprotected speech since 1940. Have we been living in a dystopia this whole time?
People who intentionally oversimplify free-speech endanger it, just like people who intentionally oversimplify capitalism endanger it. There is no hardline ideal, in any context, that works. Ideas must be flexible to the real world, or perish.
It's not that hate speech and violent rhetoric should be tolerated, it's that using the fact that some people say bad things does not justify monitoring all of the internet.
Free speech is a right in the US and having an overlord listening to everything you say is obviously dampening on that right.
I think whether "hate speech" falls into that category is a more complicated question, mostly because the term can be applied so broadly, but a handful of specific things have been illegal enough to get pulled from the public internet by law enforcement from the beginning, and I think it's naive to suggest that we don't need a category like that at all. Also, it doesn't require man-in-the-middle attacks or weakening of encryption to find public websites that host illegal content.
That's fair, it would be very easy and appropriate for someone to monitor HN for example.
I don't think the worry is that Cloudflare is helping police public websites, it's that they have the ability to police private ones that use their services. Their stance of proactively helping to police sites (instead of merely responding to warrants) makes the slope they are on very slippery. Would they be willing to decrypt traffic from a certain IP address to a private site if that same IP was used to post something violent on 8chan? Is that acceptable? Those are tough questions for sure, and ones best decided by a judge and not someone in the private sector.
Not only that but it looks more like they intend to actively monitor traffic in real time to check for things that are problematic according to them and their friends. And people need to realize this is not just for https traffic but also Ipfs and Wireguard. I'm sure it won't stop there either. Defeats the whole point of those technologies to have Cloudflare spying in the middle. This is China 2.0.
if you're gonna conspiracy theorize at least go the whole mile. They provide SSL termination so the encryption is useful to them because it gives them a monopoly on the surveillance apparatus. Not useless at all, it guarantees their position in the ecosystem.
While I agree there is a risk, I think a lot of their free customers would either not be using SSL at all, or else would find it too complex to remain independent and just have a Facebook page instead, if Cloudflare didn't make that kind of thing easier. Neither seems like it would be better. Not to mention things like being able to resist a DDOS from anyone who dislikes you.
Sure, there may be some people using Cloudflare free services who would otherwise be doing it themselves, but I think by far the greater majority of their non-paying users are folks too small and/or non-technical to maintain their own site otherwise.
cloudfare has way too much power over the internet at large. there have been days where twitter and other major sites all go down at once because (i suspect) some one tripped over a cable at cloudfare
Their S-1 looks financially strong and it's a great company. But it's rapidly becoming a single point of failure.
So cloudflare basically fucks over 8chan over some skimpy mass shooting evidence, and now has a public offering as a corporate company? Get rid of free speech as internet police and sell stock and make millions?
Probably a good one to hop into for a quick gain due to hype and usage, but long-term the price will fall.
Will continue to monitor, but looking like it will be the standard 7/11 IPO strategy - get in and immediately start the sell off if price drops 7% day-to-day or 11% consecutively, then short to price where losses are matched.
This right here is a real tech IPO that has a strong portfolio behind it with a viable business model too and with an impact that affects millions of websites. Throughout this year it is just loss-making companies floating everywhere on the markets here and have boarded the hype-train into the red.
I hope CloudFlare with these numbers here don't board the wrong train here.