> Today, our network spans 193 cities in over 90 countries and interconnects with over 8,000 networks globally, including major ISPs, public cloud providers, SaaS services, and enterprises. We estimate that we operate within 100 milliseconds of 98% of the Internet-connected population in the developed world, and 93% of the Internet-connected population globally (for context, the blink of an eye is 300-400 milliseconds). We intend to continue expanding our network to better serve our customers globally and enable new types of applications, while relentlessly driving down our unit costs.
This right here is a real tech IPO that has a strong portfolio behind it with a viable business model too and with an impact that affects millions of websites. Throughout this year it is just loss-making companies floating everywhere on the markets here and have boarded the hype-train into the red.
I hope CloudFlare with these numbers here don't board the wrong train here.
>Throughout this year it is just loss-making companies floating everywhere on the markets here and have boarded the hype-train into the red.
Cloudflare is a loss-making company too, and their losses are growing. From the S-1: "we have incurred net losses of $17.3 million, $10.7 million, and $87.2 million for 2016, 2017, and 2018, respectively"
Most of the additional 2018 loss is attributable to the major increases in General & administrative and stock-based compensation expenses.
The interesting thing is that net loss in the first half of 2019 is 13% higher than in the first half of 2018 but revenue increased by 48%, judging from the filing's data https://wallmine.com/doc/edgar/0001477333/000119312519222176...
I agree with all of that, but the other important thing (at least to me as an investor) is their 51% growth over two years (with 77% gross margin). You can have the best product, but if you're not actually growing and profitable then as much as I like the company or the product I'll put my investment dollars elsewhere.
They're growing but not profitable. It's easy to grow by giving valuable stuff away below cost. It's not so easy to grow if you're making positive margin.
Given CloudFlare's size and age, why are they losing money?
I don't know for sure, but I would guess it's their aggressive expansion efforts. Those might cost more than they've returned so far. If that is the case, and since their GM is so high, they should be profitable once buildout costs start to plateau.
Looks like a lot of it is sales and marketing expenses which probably help drive growth, their gross margin is pretty great, I think that the key to profitability for them now is a high enough retention rate that they can turn down sales costs when they saturate the market
From their risk factors:
"Our business depends on our ability to retain and upgrade paying customers and, to a lesser extent, convert free customers to paying customers, and any decline in renewals, upgrades, or conversions could adversely affect our future results of operations" (Emphasis mine)
Kind of matches what you are saying. However, a couple of counter-points to consider:
1. Are Cloudfare fees a major portion of your costs and the first to be on the chopping block?
2. Are you OK with the risk that you can withstand cyber-crimes against your property by saving the said amount.
I don't have the numbers yet and I might be wrong but services like Cloudflare are becoming similar to some grocery purchases:
Sure you might skimp a bit during a downturn, but you won't do without them
300-400ms for blinking? is that during a stroke?? I see they went with the top search engine result Quora - not the best source for facts - and the second result states a tenth of a second, which is probably more accurate. we get it, your service is quite fast, as fast as blinking
>On average the human blink lasts only a tenth of a second which is 100 milliseconds. Wow, that’s fast! Sometimes, it can even last up to 400 milliseconds.
This is what the second result says. Bit weird to focus on this for what seems a fantastic startup to succesfully IPO.
Congratz to the entire team, and the CEO (who sometimes visits here I think)
not sure what your point is. pretty sure they use the average ms too in their estimate. this claim is the main driver of their business. they are basically saying their service is 3-4 times faster than blinking, which it is not. blinking is so fast you don't notice it, but that wasn't fast enough! so they amplified based on a dodgy source. false advertising gone nuts.
I think they mean 100ms real latency. HK-NY might be 110ms in theory (or if you have your own infrastructure), but a NY resident pinging a HK server will probably often average around at least 150-200ms.
As a measure of fiber distance, it’s roughly 75 o/w from LA to HK via AAG and the balance lies between LA and NY. That’s before any delays created by layer 2,3 and up.
Only issue is that they don't have that much revenue compared to the amount of interest there will be in their stock so its going to turn into a speculation vehicle.
I'm not sure how that comment holds given what they've outlined. For the 6 month ending in 2019 they had roughly 75k paying customers. Now the interesting part, to me, is that only 408 of them are spending over $100k in annualized billings. Given that they have some runway to expand into organizations who are down a path of transition to cloud. In the S-1 they reference a lot of "band-aid" box vendors (Juniper, Checkpoint, Cisco, Palo Alto Networks, Fireeye, etc) and so they seem to be positioning themselves squarely in the security space in competition for those budgetary dollars. I think this is the right play for them, especially because as cloud offerings continue to blur lines into hybrid architectures Cloudflare sits in a very nice position with CDN, security, VPN, services (DNS), etc. And security budgets are still flush.
But back to your comment... Given 408 customers probably generated the majority of the $100M GP over the first six months of the CY and they have another 74k and change customers they've landed and have potential expand opportunities with, I'm not so sure there's no revenue there to be had.
Now that being said I think the stock will likely float to ridiculous overvaluation at IPO and all the talking heads will argue how those "band-aid" vendors have staying power through brand loyalty and proven models... But, I personally, think CloudFlare will be around as a leader in this space for a long time, especially if they continue to keep playing their cards as they have.
In addition to the 408 larger accounts, Cloudflare probably has a large-ish number of accounts with about $50k in annualized billings, as that's a common entry level for their enterprise plans.
Those I'd expect to slowly but steadily creep up in billings since Cloudflare introduces new products all the time, they tend to be very easy and desirable for existing customers to adopt, and they tend to be upsells over the base enterprise plan.
They list it as a key element of their business model:
> Free customer base—Free customers are an important part of our business. These customers sign up for our service through our self-serve portal and are typically individual developers, early stage startups, hobbyists, and other users. Our free customers create scale, serve as efficient brand marketing, and help us attract developers, customers, and potential employees. These free customers expose us to diverse traffic, threats, and problems, often allowing us to see potential security, performance, and reliability issues at the earliest stage. This knowledge allows us to improve our products and deliver more effective solutions to our paid customers. In addition, the added scale and diversity of this traffic makes us valuable to a diverse set of global ISPs, improving the breadth and economic terms of our interconnections, bandwidth costs, and co-location expenses. Finally, the enthusiastic engagement of our free customer base represents a “virtual quality assurance” function that allows us to maintain a high rate of product innovation, while ensuring products are extensively tested in real world environments before they are deployed to enterprise customers.
This. I've mentioned the first aspect of that in the past here[1][2]. The interconnect benefit never occurred to me, though. That's a neat aspect!
Which just continues to reinforce what I said at the end of [2], about their business model instilling confidence in leveraging them at a free-tier level.
Yea, it didn't occur to me either - as implementers we'd be like "why would we want the responsibility of so much scale that we need to support without corresponding revenue," but in their position they can say "we need all the tooling for that scale anyways, why don't we leverage that into better bulk discounts with the interconnections!" And presumably they've run models that say that their bulk savings from interconnect make this far from just a loss leader.
> And presumably they've run models that say that their bulk savings from interconnect make this far from just a loss leader.
It's basically real world chaos monkeys that are stress testing their systems.
Combined with signal intelligence, those chaos monkeys are actively improving their systems.
Then, as a final bonus, absorbing the DDoS attacks aimed at those chaos monkeys (and their paid tier) provides a lot of globally diverse and distributed inbound traffic to them, favorably offsetting the outbound traffic they're serving from from their network. Improving their position during interconnect negotiations.
There are quite natural synergies that emerge as a product of their particular choices in structuring their business. Which is far more rare of a thing than you'd expect.
This. I have about 20+ hobbyish domains total, & 13 of them are with free Cloudflare Plan, & 3 of them are with their Domain Registrar side. I am completely fine with their free tier & paying for Domain Reg/Renewal. But just in case if in future i need to paygor DNS hosting, I would fallback to regular domain registar's free dns.
I had one website that I was working on, basically zero traffic, besides me testing it. After a couple of months Cloudflare kicked me off the free tier, asked for money. No idea why. I didn't use much of their resources, well within the limits.
Exactly my case! So I have a cronjob that compares the current IP with the previous one and, if different, sends an API request to update the DNS record.
Can you do a quick write up about how to do this? As a web developer, I feel like I should know how to host my own website from my own machine, but I've always struggled to get all the right steps in place. It'd be nice to hear from someone more experienced, so I can make sure to do it correctly!
I've checked icanhazip.com and it's not returning the same ip as the one from ipconfig. What does it mean? Note I know nothing how networks work and that I'm in a corporate network
Your corporate network is using network address translation (NAT) to map an external address, shown on icanhazip.com, to a local network address, shown in ipconfig. You likely share this external address with many other users and mapping services to it will be challenging without having access to the routing/forwarding configuration.
In defense of this user we have had a few system wide outages which have shut down major communications networks and news outlets.
Additionally they're less than friendly to users who strive for anonymity via forced captcha which further empowers google's massive machine learning/data classification efforts.
Cloudflare are big and competition is something they clearly lack.
Site owners can turn off the captcha by reducing the security level.
I understand why it exists, I just wish they didn't use a Google service for it...
The lack of competition probably shows the difficulty of the task. A global CDN is complicated and expensive (physical infrastructure, all the interconnect agreements) and a big technical challenge.
It is quite possible to setup a global CDN overnight. Spin nginx reverse proxies in all AWS, Digital Ocean, and Linode POSs, and you'd have a good enough network. Throw Inna control panel and you got yourself a contender in the budget CDN sector.
Cloudflare was rather innovative, with their authorative and recursive DNS, peering agreements with many ISPs including the ones that others didn't bother about, free SSL (Which they offered with Comodo even before Let's Encrypt), etc.
That is a fast way to burn a lot of money . Cloud Service Providers like the ones you mention heavily marked up sell metered bandwidth with no guaranteed allocation and are considerably more expensive than say a tier-2 player like hetzner/OVH or spinning your own servers in a Colo.
Sure, but no cloud company offers the amount of locations you can get on Cloudflare. Now you've even got edge compute, bringing really low global latencies for some applications.
CloudFlare offers Privacy Pass where with 1 captcha completion you generate something like 20 tokens, meaning you can bypass 20 captchas after that. Sadly nearly every website just uses pure Google captcha which forces you to go through the ordeal every single time.
Is this your product? If so, how can I cash this out into tangible currency rather than an ERC token, and is it possible to select the amount of labeling (ex: users I identify as bad have to go through 10+ pages, users I identify as OK go through 1)?
thanks a lot for articulating my point better then I did, but I don't really care about the downvotes because I know that my opinion will be accepted within 5-10 years if the trend keeps going the way it is... ;)
How so? If the service is WORTH paying for, then it SHOULD be paid for. The world of service, if proven magnetizable, should always be monetized. #FreeMarkets
The salami I try at Costco, as a free sample, is worth paying for. It is food, and it has value.
However, they give me a small sample as an inducement to buy; presumably to increase sales beyond a baseline, in quantities and at prices sufficient to cover the cost of not only the free food they give away, but the labor to do so.
Cloudflare can provide a free product that's WORTH paying for, if their paid product is so much better, and its sales increased by so much, that the free giveaway can be considered a marketing cost that pays for itself.
I'm a #freemarket guy and all, but freemium is a long standing monetization model that many companies have used to accelerate net profits in the long run. Not really anything anti free market about freemium. The problem with freemium has always been building the premium tier that someone wants to pay for :P
> Markets don't equilibrate at the value to the customer any more than they equilibrate at the cost of production. They compromise between the two.
No, they don't compromise between them, nor do they reflect one more than the other: the basic law of supply and demand is that markets clear at the quantity and price where the marginal cost to produce equals the marginal value to customers which also equals the sale price.
assuming a huge number of perfect circumstances which is not how reality works. Assumptions made for what you said to play out include: perfect competition, perfect information, perfect rationality of actors, 0 barrier to entry, that value and cost is strongly bounded and defined on either end, and much more.
Common examples that violate each one in term: Facebook, Used cars, Veblen goods, Utilities, Healthcare.
A market that has one large player that completely dominates certain segment(s) is not likely to be a healthy one that is providing value at near cost, why would it be? The incentive is always to charge as much as possible.
> assuming a huge number of perfect circumstances which is not how reality works.
I don't think there is actually an equilibrium price defined as some kind of compromise between supply and demand curves absent those circumstances, either; there's an actual price at any given time, but it's not an equilibrium (particularly, without rationality—which incorporates perfect information—you don't have any expectation of an equilibrium even if all the other factors are present, at any price.)
Once you are discussing equilibrium—as the post the grandparent addressed did—you are implicitly discussing at least some of the ideal circumstances you’d like to negate.
> Free customer base—Free customers are an important part of our business. These customers sign up for our service through our self-serve portal and are typically individual developers, early stage startups, hobbyists, and other users. Our free customers create scale, serve as efficient brand marketing, and help us attract developers, customers, and potential employees. These free customers expose us to diverse traffic, threats, and problems, often allowing us to see potential security, performance, and reliability issues at the earliest stage. This knowledge allows us to improve our products and deliver more effective solutions to our paid customers. In addition, the added scale and diversity of this traffic makes us valuable to a diverse set of global ISPs, improving the breadth and economic terms of our interconnections, bandwidth costs, and co-location expenses. Finally, the enthusiastic engagement of our free customer base represents a “virtual quality assurance” function that allows us to maintain a high rate of product innovation, while ensuring products are extensively tested in real world environments before they are deployed to enterprise customers.
It adds latency to API services, it doesn't add value in conditions where you aren't under attack. It inhibits legitimate users with privacy controls (and/or Firefox) in place.
It may or may not be worth it, but it isn't a panacea.
> We have experienced significant growth, with our revenue increasing from $84.8 million in 2016 to $134.9 million in 2017 and to $192.7 million in 2018, increases of 59% and 43%, respectively. As we continue to invest in our business, we have incurred net losses of $17.3 million, $10.7 million, and $87.2 million for 2016, 2017, and 2018, respectively. For the six months ended June 30, 2018 and 2019, our revenue increased from $87.1 million to $129.2 million, an increase of 48%, and we incurred net losses of $32.5 million and $36.8 million, respectively.
Compared to the numbers we've seen for recent tech IPOs, being on track to lose about $72M for 2019 seems reasonable.
Also, haven't read through it all but I'm curious how strong this clause will be for future control:
> The dual-class structure of our common stock will have the effect of concentrating voting control with those stockholders who held our capital stock prior to the completion of this offering, and it may depress the trading price of our Class A common stock.
They went from growing at 60% YoY in 2017 with an 8% Operating Loss, to growing 43% YoY with an Operating Loss of 44%.
To put it another way, in 2018 they grew their revenue 40% (+$58m) and grew expenses 100% (+$115m).
I mean, apparently they raised a huge round and felt the need to increase spending massively. And then saw slowing growth as a response?
Was there a massive boost in R&D output? Entering entirely new product lines? My uneducated impression is that they offer largely the same product this year as they did last year.
The only thing I can think of is that they went from “scrappy startup” to “bloated unicorn” status?
My guess: new development-intensive products like the 1.1.1 DNS, Wireguard, WAF etc plus general scaling and growth on one side, and increased competition from established cloud services on the other.
After all, if you are already on eg AWS, just using Cloudfront is temptingly easy. (even if bad from a redundancy perspective)
It's easy, but we're saving thousands of dollars a month using Cloudflare instead of our cloud service provider's CDN (~250TB/month), and that's without any kind of discounted egress agreement between our cloud service and Cloudflare (which is supposed to be in the works, but it's been literally years with no further word)
Assuming you’re already integrated on AWS, just using Cloudfront is a lot easier than Cloudflare. You’re likely already using S3, maybe use CloudFormation as well. Then it’s often much more straightforward to use AWS services rather than a third party provider.
Arguably a lot of that R&D should be capitalized and not be on the I/S. Investments like that shouldn’t impact net income. I’m more concerned with G&A going up 500%.
They are claiming the work needed to become IPO ready (accounting, legal, etc) spiked G&A. I see that a good a chunk of that was 1 time consulting but most was from additional staff.
Both CloudFlare and Zoom are pretty great products and as much as I applaud their team's IPOs, I'm worried that the vagaries of being a public company will result in the GOOG syndrome. That's where a company with a great product is forced to expand every quarter to the point that it becomes a frankenstein-ish hulking version of itself.
Why not just pay a dividend? That's what stocks are supposed to be, shares of ownership in legitimately valuable enterprises with return on investment.
Well, at least prior to 2003 there was a strong incentive to prefer gains from stock sale since it could get long term capital gain tax rates (15% now, 20% at the time) vs. dividends which would be taxed as normal income. Since then however, qualified dividends are taxed the same as long term capital gains.
There's more to it than that. In order to pay dividends, you have to pay corporate tax before you can pay out the dividends. And that is almost 40% on the top end. So the effective tax of qualified dividends is more like 60%.
Alternatively, if you can stash money overseas in tax free accounts or invest the money back into the business to avoid taxes, then you only have the long term capital gains tax.
No, the return on investment is provided by the claim on assets at dissolution. It can be realized in advance of dissolution (since, as it turns out, companies tend these days to be chartered for open-ended purposes and so not to dissolve when successful) either by trading the claim for money or by the company doing periodic partial dissolutions. The whole idea of public trading is to enable the first to be done efficiently, dividends provide the second, but there is no reason a firm must do both. A firm that does neither makes it harder to realize returns but some investors may be happy to trade that for what they perceive to be higher returns or better serving non-financial interests the investor has.
Growth will also give return on investment. I'd rather see Cloudflare invest in growth and R&D than give a dividend. They are nowhere near finished growing.
Yep, this would be a godsend. They're already doing something similar with Workers and I do hope the trounce other cloud providers in providing a "Serverless Cloud"
The purpose of an IPO is to raise money to do something. It doesn't make any sense to sell part of your company to a random set of people, just to pay them back over time. That's like me getting a mortgage for my house and after 30 years I pay back the mortgage and the bank still gets to own my house.
That’s what it’s original intent was, but an IPO is now a way for all the investors to earn a return on their private investment and cash out at any time moving forward.
In all fairness, private investment was much lower when this was the case. Companies used to do an IPO much earlier when they needed funding instead of raising hundreds of millions in private investment money.
I believe the point is that you if you don't need to raise any money, you can do a direct listing instead of an IPO. Then you allow investor liquidity without selling equity.
> It doesn't make any sense to sell part of your company to a random set of people, just to pay them back over time.
It's unfortunate that this doesn't make sense to you, because that it literally the original purpose of shares in a company.
Someone wants to finance a voyage to a far-off land to trade. To do so, they form a company and issue shares of the company. The profits off the voyage (if any) are then divided amongst the shareholders, in proportion to shares held. It was a pretty good idea.
(Debt is not the same as equity, not sure why you are talking about mortgages).
The owners will make more money if they double the company's value than spend their profits on a 5% dividend to shareholders. Simple capitalism at work.
These are huge swings. Each of these projects has the potential to increase the company's value by $100B and only cost single digit $B. Same model as VC.
They're also arguably more cost-efficient if a large portion of investors would just take their dividend and use it to reinvest in the stock - the buyback means that group don't need to incur the friction costs of doing so.
While this may be true, they seem to be largely funded by debt. Taking on debt and not using it for capital seems exceedingly risky in the face of a recession.
And I gather this popular because of the tax implications of a dividend vs increase in stock price. I'm in favor of people paying taxes, so I'd prefer a dividend.
This is an entirely different problem and not really true, except for the companies that do so to avoid repatriating foreign capital and incurring US tax rates.
Exactly! I don't why Internet folks fall into this trap time and time again! It's probably simply because it is an easy and quick way to tell your boss your website is protected consequences be damned.
I can imagine the next Edward Snowden will reveal the intelligence community's direct line into the traffic running over Cloudflare's infrastructure. Cloudflare is providing DNS and HTTPS services on a massive scale which means they can essentially MiTM any of their customers on behalf of the government.
It depends on the topic of discussion. If we are discussing the viability of a company, and trying to project long term success, then this is all good news.
If you are discussing whats best for society and how these businesses impact those things, then this could be alarming news.
There's a big shift towards privacy happening now. If Cloudflare came out a decade ago I'd also be in their camp. But the risks are too high and developers are starting to recognize that Cloudflare is far from free and comes with long terms consequences for the health and resiliency of the internet.
I appreciate how they pushed HTTPs widely. But now that's Let's encrypt exists there's no excuse.
Ill also never forgive them for making Tor completely unusable for accessing any normal website. It's almost impossible to pass the security checks and if you do another one is coming once you switch IP. I understand Tor is a niche product but it's an important one for activists and other persecuted people. And it will only continue to grow in importance as the dictators all learn how to do NSA style mass surveillance.
The DDOS stuff if the harder problem to solve and I don't know enough about it to judge the competition's ability to offer it safely and privacy friendly way.
I mean, that's like your opinion or whatever, sure. But this S-1 filing is about if they are a sustainable business. And none of what you touched on would seem to have any serious impact on their business model.
The Tor stuff feels way over blown to me. I worked at CF while it was a problem, and was an avid Tor user at the time. It was a terrible user experience, but it wasn't completely Cloudflare's fault. They didn't target Tor users, Tor exit nodes have terrible IP rep which is an industry standard for risk rating IPs. ReCaptcha had some functional issues that could not be solved by Cloudflare. And lastly, site owners did next to nothing to support their Tor visitors even once dedicated options were available via the IP Firewall. This seems like hyperbole, especially as JGC was avid about getting this resolved, and was very public with the discourse. Companies don't do things perfect all the time, and it seems extreme to hold CF purely responsible and hold onto that anger for something that's long been resolved.
In the end, everything in this S-1 is promising for people interested in tech businesses, which is what many people are praising. They already generate a profit, their operation costs are reasonable, etc.
> They already generate a profit, their operation costs are reasonable, etc.
They don't turn a profit, and their operating costs are growing sharply. From the S-1:
> As we continue to invest in our business, we have incurred net losses of $17.3 million, $10.7 million, and $87.2 million for 2016, 2017, and 2018, respectively.
There's always a compromise with privacy that people are willing to ignore in the short term, but I'd rather bet on long-term trendlines than people's laziness today.
Their business model of taking over and centralizing whole sections of internet will continually cause a backlash. They only have a percentage of all traffic today and it continues to increase. And apparently so does their willingness to not be a neutral service provider as we saw with 8chan, which is in stark contrast to their policy towards the LulzSec hackers and plenty of other "bad guys".
I'm sure Cloudflare will continue to be a good business in the short-term, but that should never be the relevant metric for any business. But it will become more and more obvious to everyone the bigger they get.
> Centralization of the entire internet behind a single entity is a _bad_ thing
They do the opposite. They enable small website owners to survive on the internet without having to use vertically integrated services like cloud offerings.
I'm not sure you fully understand the problem. If I hit the big red button and just shut Cloudflare off, millions of websites drop off the Internet. It is a massive single point of failure, and as you point out, a vertically integrated service (DNS, DDoS protection, WAF, proxying, etc).
I have said that it's not a vertically integrated service. Others are. Like S3. Or GCP. Cloudflare makes it possible to avoid the big clouds and do your own hosting or to use a smaller hosting company.
As for the millions of websites going offline. Surely, Cloudflare has tons of customers. It's an internet scale company. If they act sloppy and have tons of downtime a competitor might take over. If it's hard to architect a DDoS protection service in a robust way then that's just the world we live in. But I think you should appreciate that Cloudflare sells DDoS protection (their core product atm) without selling you a big package like http serving or root servers.
DNS is far from centralized and DDoS protection is something that small websites would have no ability to do on their own. It isn't just a convenience thing, it's a literally-impossible-without-scale thing.
That's optional and has been for awhile now I believe, you can CNAME from your own DNS provider. While that does rely on their DNS for that one record, it means you still have control to changeover if need be.
And, that doesn't change the point... the website protected by cloudflare still controls the effective dns for that site. The lookups are controlled, and CF is a mitm vector.
A client deployment of an app, that the client had behind cloudflare was making 80ms API requests take 8 seconds. It's not always great.
I'm not saying that there aren't alternatives, and that people have to use Cloudflare... but there really isn't much in the way of an alternative at even a similar level of support and price on the low/introduction side of things. The issue regarding recaptcha can be REALLY annoying, especially on a non-google browser.
Not only that, Cloudflare has helped to ensure that DDoS protection is something that every website needs. Under normal circumstances, all the shady DDoS-as-a-service providers would DDoS each other off the internet and leave everyone else in relative peace. However, Cloudflare kindly provided them all with free, world-class, no-questions-asked DDoS protection to ensure that they could continue operating their business of destroying sites that didn't use Cloudflare.
See for instance https://krebsonsecurity.com/2015/01/spreading-the-disease-an... or more recently https://www.secureworldexpo.com/industry-news/does-cloudflar... - this has been going on for years and is officially permitted by Cloudflare policy. (The reason why these booter services need such good DDoS protection is that knocking the competition offline makes for good business - it's a great demonstration of effectiveness and cuts off their business at the same time. In the pre-Cloudflare era those services were locked in an almost continual war against each other.)
Look at any big cloud provider or CDN and the same can be said. If you don't have a DR plan in place to bypass a CDN provider in a downtime situation then you're doing something wrong. (assuming it isn't a hobby project)
It's really both. I think the biggest issue that some have is that Cloudflare has no real competition at this point for those that cannot afford the more expensive options. And combined with that, they control a very large portion of internet web traffic and are in a position where they could potentially be heavily influenced by government actors.
I'm not saying that it's happening, or even that it is the biggest concern for most. But it should be a bit of a concern to some, and one may want to think about if they really want to use them in this context. It's a matter of knowing and evaluating all of the risks involved.
Does it really matter for a static blog that only publishes a few articles a week? Not so much.
Does it matter for a media company that publishes articles a government doesn't like and initiates contact through it's website? Probably.
If you are just using the basic service for a firewall/DDOS protection and CDN there doesn't seem to be much lock in. If other competitors come along, and they undoubtedly will if Cloudflare proves the value of the market, it should just be a matter of switching your DNS records to said competitor. Maybe I'm not imaginative enough, so please share if I'm not thinking of something, but it doesn't seem like their market share makes it harder for other competitors, they aren't monopolistic.
You're giving CF too much credit. They are very small fish, as it seems from the S-1. But still dangerous because they MITM while operating for free at loss, so don't reuse passwords and logins between sites.
Yeah, from a citizen perspective I agree. C'est la vie. Our governments need to work against this via legislation.
It should not be up to Matthew Prince to decide who to block. He has demonstrated his inability to function as censor in a very visible (and frankly embarassing) way.
> He has demonstrated his inability to function as censor in a very visible (and frankly embarassing) way.
How? There have been exactly two cases of "censorship", and that is the Daily Stormer and 8chan. One is an utterly vile peddler of antisemitism (literally named after a Nazi paper) and conspiracy theory, and one was linked to at least three terroristic attacks. If it were not white supremacists but Islamists, it would be closed down in an instant and no one would bat an eye.
If anything, Cloudflare seriously lacks (like Facebook and Twitter) policing their customer base.
>If it were not white supremacists but Islamists, it would be closed down in an instant and no one would bat an eye.
This is ironic since Cloudflare has famously been under fire because Prince specifically decided against removing ISIS websites from Cloudflare and vehemently defended his decision that Cloudflare should not be censoring anyone.
Prince himself even agrees with the parent comment, and he goes into pretty good detail in his blog post here [1] about why companies like Cloudflare should not be able to make the decision to remove websites, and that it should be left up to governments. I guess he got overruled on that stance when it came to 8chan, though.
> where there actually seems to be a viable business model.
It has carried them this far, but the real money will be when they turn to advertising (which investors will eventually figure out and insist on).
Remember all the crazy marketing data ISPs wanted to collect, then we pushed everyone to move to TLS? Well Cloudflare unwraps TLS for all their clients and is in a position to collect all the same data.
The fact that Zoom has gotten software engineers to _like_ Zoom is a testament. Most engineers I know detest almost all video conference solutions. Hangouts eats batteries for breakfast, Cisco products are clunky and expensive, Skype is ancient, etc.... but Zoom just works.
Unless you're one of their many competitors, like, say, AWS. From the S-1:
"Our current and potential future competitors include a number of different types of companies, including:
• on-premise hardware network vendors, such as Cisco Systems Inc., F5 Networks, Inc., Check Point Software Technologies Ltd., FireEye, Inc., Imperva, Inc., Palo Alto Networks, Inc., Juniper Networks, Inc., and Riverbed Technology, Inc.;
• point-cloud solution vendors, including cloud security vendors such as Zscaler, Inc. and Cisco Systems Inc. through Umbrella (formerly known as OpenDNS), content delivery network vendors such as Akamai Technologies, Inc., Limelight Networks, Inc., Fastly, Inc., and Verizon Communications Inc. through Edgecast, domain name system vendors services such as Oracle Corporation through DYN, NeuStar, Inc., and UltraDNS Corporation, and cloud SD-WAN vendors; and
• traditional public cloud vendors, such as Amazon.com, Inc. through Amazon Web Services, Alphabet Inc. through Google Cloud Platform, Microsoft Corporation through Azure, and Alibaba Group Holding Limited through Alibaba Cloud. "
"premise" is a thought or idea. "premises" is a location, like your servers can be "on-premises". Completely different meanings.
I hear lots of people these days mistakenly saying "on-premise" during hybrid-cloud conversations and in documentation when they really mean "on-premises". (And yes, looks like I've been down-voted for my first hacker news comment too.)
You can also add DocuSign (last year) to that list. They're heading toward a billion in annual sales and they offer a straight-forward and useful service.
> I'm sure it's just in my head, but it feels like the first tech IPO in several years where there actually seems to be a viable business model.
The companies listed above have what appear to be viable business models. I didn't intend to comment on technical merits, but I think you may be underestimating the technical depth of what some of these companies are doing.
Activities of our paying and free customers or the content of their websites or other Internet properties, as well as our response to those activities, could cause us to experience significant adverse political, business, and reputational consequences with customers, employees, suppliers, government entities, and others.
... We also received negative publicity in connection with the use of our network by 8chan, a forum website that served as inspiration for the recent attacks in El Paso, Texas and Christchurch, New Zealand. We are aware of some potential customers that have indicated their decision to not subscribe to our products was impacted, at least in part, by the actions of certain of our paying and free customers. We may also experience other adverse political, business and reputational consequences with prospective and current customers, employees, suppliers, and others related to the activities of our paying and free customers, especially if such hostile, offensive, or inappropriate use is high profile.
It’s odd to have these IPOs in the middle of August, in the middle of a super volatile market. I can’t help thinking that there must be a sense of urgency, based on the perception that this is the last opportunity before a bear market and much more modest (realistic?) valuations.
> It’s odd to have these IPOs in the middle of August
Read my other comment further down. It is from doing your private SEC filings in December to use a loophole to avoid disclosing a bunch of information.
These companies didn't just wake up in the morning and plan to IPO, it a good 18 months of planning that end with a public filing.
That's all well, but I am more familiar with bond issuances than equity, and the issuer always has the option to delay until the right market conditions, and I don't know any banker who would ever advise issuing in the middle of big market correction, in the least liquid part of the year.
You actually have that option but there is a limit to how much you can delay - I'm not familiar with US regulation but in most jurisdictions I know about you could delay for max 3 months after your public submission (mostly due to the fact that you present quarterly numbers on the prospectus, which means you need to update it X days after closing the quarter).
This is just about when kids go back to school. You see fewer IPOs over the summer because the bankers are all off in houses in the Hamptons or Nantucket. Your underwriters may not want to IPO until you get back, and there will be fewer people to buy your shares.
I'd actually love a subscription that covers multiple low-traffic domains.
Next to a few business accounts for larger projects, I probably have 30 low traffic sites which aren't much of a cost for Cloudflare. I'd happily throw something like 20$ per month their way to have them covered.
This is perfect timing considering they made headlines all of last week for banning that one site from their platform. But Google Trends seems to reveal that the banning incident was only 1/4 of the search volume they got for their big service outage on July 2nd:
> Following the events in Charlottesville, Virginia, we terminated the account of The Daily Stormer. Similarly, following the events in El Paso, Texas, we terminated the account of 8chan. We received significant adverse feedback for these decisions from those concerned about our ability to pass judgment on our customers and the users of our platform, or to censor them by limiting their access to our products, and we are aware of potential customers who decided not to subscribe to our products because of this.
Am I reading this right when it looks likes they spend twice as much money on sales as engineering?
There was also a very strange spike in stock compensation in 2018, $27,000,000 compared to $2,755,000 in the previous year and $1,849,000 in the next. What happened there?
The limit for a ticker symbol on NYSE is six characters... from Section 2.1 of the NYSE Symbology spec [1]:
The NYSE defines the symbol into two parts: a root and a suffix. The root constitutes the first part
of the symbol and it can be up to six characters (although traditionally, most symbols representing
companies only use a three-character root).
That said... in the early 00's, our is_nyse(ticker) function looked like: { return ticker.size() == 3; }
> Bankrupt electronics retailer Tweeter Home Entertainment soared nearly 1,000% in 2013 after Twitter (TWTR) filed to go public. That's because Tweeter's ticker was "TWTRQ" and Twitter had registered for "TWTR."
The maximum, as provided by general consensus are 4 letters. The fifth letter, when applicable, signifies company status. "Q" for bankruptcy, "A" or "B" for class names, "E" for delinquent, "J" and "K" for voting and non-voting respectively, and so on. See https://www.investopedia.com/ask/answers/06/nasdaqfifthlette... (doesn't just apply to NASDAQ)
Cloudflare has excellent offerings in the networking space, their tech stack seems solid. The customer base seems loyal: Once you're a customer, free or paid, there's very little reason to move out. Their revenue has been growing 43% and 59% for past 2 years: The business side of things seem to be kicking along at a good pace. They seemed to have figured out a perfect balance at offering services to freelancers, to small to medium businesses, to enterprises, to Fortune 500s. The diversity is astounding.
A few acquisitions and the next thing you know they are in the video-streaming business, in the ISP business, in the mobile carrier business as 5G rolls in and what not: The possibilities are endless? Esp as the world becomes more and more connected (IoT and proliferation of smartphones) and business move online, security and speed at scale are going to be of paramount importance and Cloudflare is primed to seize that market, imo
From running a honeypot network to winning techcrunch disrupt to this. What an amazing journey. One the few tech IPOs I'm genuinely excited about.
Curious: are you using the default player, the player but customized (as per the docs), or the trick to get the HLS manifest via `videodelivery.net/{video_id}/manifest/video.m3u8`?
Completely unrelated: the font that they chose to use in their marketing material looks a lot like San Francisco. I didn't know you could use it for promotional material that wasn't software for Apple's platforms.
I could be wrong here but my understanding is that the letter forms of a font are not subject to copyright, only the font file itself. This is why Microsoft was able to create Arial which is a virtual clone of Helvetica without it being a derivative work.
Actually, not necessarily. Drawing font glyphs is certainly protected by copyright (even if not filed, an implicit one) as artwork. You probably wouldn't get prosecuted because they probably couldn't prove if you copy-pasted, but it's still the work of an artist.
Typefaces are not covered by copyright in the US. Bitmapped fonts aren't either as that's just a computerized version of a typeface. Other types of fonts are covered by copyright as they're computer programs that tell the computer how to draw the typeface. This means unless a typeface was created for and used in a trademarked logo there is no protection on it and you can freely recreate it by tracing the output of an existing font.
So far the CEO has twice bowed to public pressure and unilaterally removed completely legal websites from the service because he perceived hosting them made Cloudflare's brand look bad.
As a publicly traded company the company is now actually accountable (rather than just in his head) to a slice of public opinion and to keep the brand as profitable as possible. That means not providing services for anything controversial.
As Daily Stormer and 8chan have shown, CloudFlare has very few competitors and seemingly none that don't censor.
8chan jumped ship to BitMitigate when CloudFlare dropped them, and then BitMitigate dumped them when they had their backbone link yanked out from under them.
Neither site broke any US laws, but they were both controversial.
In the personal/SMB spaces, you're right. Of course, enterprise remains their cash cow, where they compete with the big boys (akamai, incapsula, etc.).
> Neither site broke any US laws, but they were both controversial.
This is basically why so many are bothered by CloudFlare's decision. Who decides what's controversial? We've seen many examples in the past of normal views being "controversial".
What's the difference between this and choosing not to bake a cake for a gay couple? Plenty of people cheered Cloudflare for taking down TDS and 8Chan, but the same people got up in arms to demand a private business provide service to a protected class. Last time I checked political affiliation was a protected class in CA and political activity was a protected class in CA & NY.
> political activity was a protected class in CA & NY.
Yes, but cloudflare is not denying a job to any of those people. Not to mention there are certainly threats of violence on those sites, which are technically illegal. That's grounds enough to take the site down.
I argued above that cloudflare's actions were concerning, but at the end of the day, it's cloudflare's network. Do you really want the state compelling by force a firm to carry the traffic of any one? I don't, and find it the only option more concerning than a firm arbitrarily refusing to do business.
I personally dislike the actions of cloudflare in this case, and am allowed to criticize them. However, I don't think it makes sense to have the state enforce my criticism via compulsion.
Not parent, but probably. If they weren't legal, there wouldn't be an issue: Cloudflare complying with the law to block illegal websites would be a non-story.
Cloudflare making the decision not to serve specific customers in a legal fashion that does not discriminate against any protected groups is a non-story as well.
You don't often see private businesses making decisions like this on the front page of the new york times, but this one is a hot topic. They have no social, moral, or ethical obligation to serve these customers, and one's disagreement with that does not mean we should be forcing individuals to cater to everyone.
Something doesn't have to be illegal for it to be a story and it's not ideologically inconsistent to agree that Cloudflare has the right to not serve these customers while also scrutinizing them for it. What is legal/illegal is not a substitute for a personal value system.
A company as large and important as Cloudflare disconnecting a client for moral or public outrage reasons is a big story and they should be watched with a careful eye even if you agree with the outcome.
"Activities of our paying and free customers or the content of their websites or other Internet properties, as well as our response to those activities, could cause us to experience significant adverse political, business, and reputational consequences with customers, employees, suppliers, government entities, and others."
This right here is a real tech IPO that has a strong portfolio behind it with a viable business model too and with an impact that affects millions of websites. Throughout this year it is just loss-making companies floating everywhere on the markets here and have boarded the hype-train into the red.
I hope CloudFlare with these numbers here don't board the wrong train here.