Hacker News new | past | comments | ask | show | jobs | submit login
Cloudflare S-1 (sec.gov)
915 points by tpw212 35 days ago | hide | past | web | favorite | 351 comments



> Today, our network spans 193 cities in over 90 countries and interconnects with over 8,000 networks globally, including major ISPs, public cloud providers, SaaS services, and enterprises. We estimate that we operate within 100 milliseconds of 98% of the Internet-connected population in the developed world, and 93% of the Internet-connected population globally (for context, the blink of an eye is 300-400 milliseconds). We intend to continue expanding our network to better serve our customers globally and enable new types of applications, while relentlessly driving down our unit costs.

This right here is a real tech IPO that has a strong portfolio behind it with a viable business model too and with an impact that affects millions of websites. Throughout this year it is just loss-making companies floating everywhere on the markets here and have boarded the hype-train into the red.

I hope CloudFlare with these numbers here don't board the wrong train here.


>Throughout this year it is just loss-making companies floating everywhere on the markets here and have boarded the hype-train into the red.

Cloudflare is a loss-making company too, and their losses are growing. From the S-1: "we have incurred net losses of $17.3 million, $10.7 million, and $87.2 million for 2016, 2017, and 2018, respectively"


Most of the additional 2018 loss is attributable to the major increases in General & administrative and stock-based compensation expenses. The interesting thing is that net loss in the first half of 2019 is 13% higher than in the first half of 2018 but revenue increased by 48%, judging from the filing's data https://wallmine.com/doc/edgar/0001477333/000119312519222176...

Disclaimer: working on wallmine's filings product


As long as they lose money, they can grow revenue. When are they ever going to want to stop growing revenue?

> stock-based compensation expenses

that reads as "in order to retain employees and be competitive in the market"


Definitely. The reasoning is that it's common for Operating expenses to increase significantly ahead of an IPO.


I agree with all of that, but the other important thing (at least to me as an investor) is their 51% growth over two years (with 77% gross margin). You can have the best product, but if you're not actually growing and profitable then as much as I like the company or the product I'll put my investment dollars elsewhere.


77% GM is incredible for a cloud infrastructure service!


CliudFlare can hardly qualified as cloud infrastructure, it's more like a group of acceleration products.

Also, with the more widely adopted terms like iaas, it's easy to confuse with the VM or container type of services.


They're growing but not profitable. It's easy to grow by giving valuable stuff away below cost. It's not so easy to grow if you're making positive margin.

Given CloudFlare's size and age, why are they losing money?


> why are they losing money?

I don't know for sure, but I would guess it's their aggressive expansion efforts. Those might cost more than they've returned so far. If that is the case, and since their GM is so high, they should be profitable once buildout costs start to plateau.


Looks like a lot of it is sales and marketing expenses which probably help drive growth, their gross margin is pretty great, I think that the key to profitability for them now is a high enough retention rate that they can turn down sales costs when they saturate the market


Since Cloudflare serves the tech industry, it's also pretty vulnerable to a downturn in the tech industry. The hype-train companies are its customers.


From their risk factors: "Our business depends on our ability to retain and upgrade paying customers and, to a lesser extent, convert free customers to paying customers, and any decline in renewals, upgrades, or conversions could adversely affect our future results of operations" (Emphasis mine)

Kind of matches what you are saying. However, a couple of counter-points to consider: 1. Are Cloudfare fees a major portion of your costs and the first to be on the chopping block?

2. Are you OK with the risk that you can withstand cyber-crimes against your property by saving the said amount.

I don't have the numbers yet and I might be wrong but services like Cloudflare are becoming similar to some grocery purchases: Sure you might skimp a bit during a downturn, but you won't do without them


300-400ms for blinking? is that during a stroke?? I see they went with the top search engine result Quora - not the best source for facts - and the second result states a tenth of a second, which is probably more accurate. we get it, your service is quite fast, as fast as blinking


>On average the human blink lasts only a tenth of a second which is 100 milliseconds. Wow, that’s fast! Sometimes, it can even last up to 400 milliseconds.

This is what the second result says. Bit weird to focus on this for what seems a fantastic startup to succesfully IPO.

Congratz to the entire team, and the CEO (who sometimes visits here I think)


not sure what your point is. pretty sure they use the average ms too in their estimate. this claim is the main driver of their business. they are basically saying their service is 3-4 times faster than blinking, which it is not. blinking is so fast you don't notice it, but that wasn't fast enough! so they amplified based on a dodgy source. false advertising gone nuts.


Absolutely. I think we should shut down the stock market until we get to the bottom of it.


Not actually sure what your point is either.


>We estimate that we operate within 100 milliseconds of 98% of the Internet-connected population in the developed world,

Am I missing something here? For Reference; A one way New York to Hong Kong connection takes roughly 110ms.


I'm assuming User -> Cloudflare, not User -> Cloudflare -> Endpoint


I guess is not a very impressive number in that case


It is, considering the majority of the internet-connected population is not on fiber.


Fiber does not impact latency


From a physics perspective, perhaps not.

From a real-world perspective, fiber buildouts almost always include newer hardware and better routing, resulting in lower ping times on average.

Additionally, fiber (along with copper) is going to be faster than anyone on satellite internet.


I think they mean 100ms real latency. HK-NY might be 110ms in theory (or if you have your own infrastructure), but a NY resident pinging a HK server will probably often average around at least 150-200ms.


Do you have reference for the 110ms ny-hk? I’m doing research on latency and wish to assess that information.


As a measure of fiber distance, it’s roughly 75 o/w from LA to HK via AAG and the balance lies between LA and NY. That’s before any delays created by layer 2,3 and up.


I would contend that Zoom is also a good example of this.


If Zoom is, then Slack must also be.


Only issue is that they don't have that much revenue compared to the amount of interest there will be in their stock so its going to turn into a speculation vehicle.


I'm not sure how that comment holds given what they've outlined. For the 6 month ending in 2019 they had roughly 75k paying customers. Now the interesting part, to me, is that only 408 of them are spending over $100k in annualized billings. Given that they have some runway to expand into organizations who are down a path of transition to cloud. In the S-1 they reference a lot of "band-aid" box vendors (Juniper, Checkpoint, Cisco, Palo Alto Networks, Fireeye, etc) and so they seem to be positioning themselves squarely in the security space in competition for those budgetary dollars. I think this is the right play for them, especially because as cloud offerings continue to blur lines into hybrid architectures Cloudflare sits in a very nice position with CDN, security, VPN, services (DNS), etc. And security budgets are still flush.

But back to your comment... Given 408 customers probably generated the majority of the $100M GP over the first six months of the CY and they have another 74k and change customers they've landed and have potential expand opportunities with, I'm not so sure there's no revenue there to be had.

Now that being said I think the stock will likely float to ridiculous overvaluation at IPO and all the talking heads will argue how those "band-aid" vendors have staying power through brand loyalty and proven models... But, I personally, think CloudFlare will be around as a leader in this space for a long time, especially if they continue to keep playing their cards as they have.


In addition to the 408 larger accounts, Cloudflare probably has a large-ish number of accounts with about $50k in annualized billings, as that's a common entry level for their enterprise plans.

Those I'd expect to slowly but steadily creep up in billings since Cloudflare introduces new products all the time, they tend to be very easy and desirable for existing customers to adopt, and they tend to be upsells over the base enterprise plan.


The lowest paid plan is $20/monthly for 75k customers, hypothetically, that alone would generate $18M a year.


[flagged]



[flagged]


They may not be lying, but simply have a different source.

For example:

300ms : https://www.newscientist.com/article/dn28728-memory-recall-w...

200ms : https://www.nature.com/news/2000/001130/full/news001130-3.ht...


"disgusting"? Really?


I've noticed this is one of the internet's new favorite words. Following behind "slams", "narcissist", and "gaslighting"


And my favorite pet peeves, "claps back at", "demolishes", "owns", and "destroys".


If we could only drop some old favorite words like "grok"


“toxic” still tops the charts too


Does messy handwriting disgust you too?


The free tier of Cloudflare has been really amazing for small to medium websites.

It gives you a basically unlimited CDN, SSL, HTTP/2, DDos protection and fast DNS servers with almost 0 effort... for free ...

Thus increasing the stability and speed of many web properties that otherwise wouldn't pay for it.

I'm afraid this could easily change once the company is public and is under the pressures that come along with it, which is a shame.

(I also try to get them paid business when I can by nudging companies to use them)


They list it as a key element of their business model:

> Free customer base—Free customers are an important part of our business. These customers sign up for our service through our self-serve portal and are typically individual developers, early stage startups, hobbyists, and other users. Our free customers create scale, serve as efficient brand marketing, and help us attract developers, customers, and potential employees. These free customers expose us to diverse traffic, threats, and problems, often allowing us to see potential security, performance, and reliability issues at the earliest stage. This knowledge allows us to improve our products and deliver more effective solutions to our paid customers. In addition, the added scale and diversity of this traffic makes us valuable to a diverse set of global ISPs, improving the breadth and economic terms of our interconnections, bandwidth costs, and co-location expenses. Finally, the enthusiastic engagement of our free customer base represents a “virtual quality assurance” function that allows us to maintain a high rate of product innovation, while ensuring products are extensively tested in real world environments before they are deployed to enterprise customers.

(page 80)


This. I've mentioned the first aspect of that in the past here[1][2]. The interconnect benefit never occurred to me, though. That's a neat aspect!

Which just continues to reinforce what I said at the end of [2], about their business model instilling confidence in leveraging them at a free-tier level.

[1] https://news.ycombinator.com/item?id=19127523#19130562

[2] https://news.ycombinator.com/item?id=19127523#19131411


Yea, it didn't occur to me either - as implementers we'd be like "why would we want the responsibility of so much scale that we need to support without corresponding revenue," but in their position they can say "we need all the tooling for that scale anyways, why don't we leverage that into better bulk discounts with the interconnections!" And presumably they've run models that say that their bulk savings from interconnect make this far from just a loss leader.


> And presumably they've run models that say that their bulk savings from interconnect make this far from just a loss leader.

It's basically real world chaos monkeys that are stress testing their systems.

Combined with signal intelligence, those chaos monkeys are actively improving their systems.

Then, as a final bonus, absorbing the DDoS attacks aimed at those chaos monkeys (and their paid tier) provides a lot of globally diverse and distributed inbound traffic to them, favorably offsetting the outbound traffic they're serving from from their network. Improving their position during interconnect negotiations.

There are quite natural synergies that emerge as a product of their particular choices in structuring their business. Which is far more rare of a thing than you'd expect.


> They list it as a key element of their business model:

And we all know public companies never change 'key elements' of their business models... (hint: they do)


This. I have about 20+ hobbyish domains total, & 13 of them are with free Cloudflare Plan, & 3 of them are with their Domain Registrar side. I am completely fine with their free tier & paying for Domain Reg/Renewal. But just in case if in future i need to paygor DNS hosting, I would fallback to regular domain registar's free dns.


I had one website that I was working on, basically zero traffic, besides me testing it. After a couple of months Cloudflare kicked me off the free tier, asked for money. No idea why. I didn't use much of their resources, well within the limits.


That's quite peculiar. I never had that happen and I have over 10 domains with them that I'd describe as basically zero traffic.


Agree that this seems suspect. Have had free domains with plenty of traffic on them for years.


Domain reg/renewal, once you have the infrastructure, seems like it would be minting money.


You forgot the API! I have my own dynamic DNS with a raspberry and the cloudflare API for instance, it's very useful.


Oh I didn't know you could do that. Do you move the Rpi around a lot? What do you use the dynamic dns for?


Many ISPs around the world give you public IPs without NAT, but they're dynamic and change every once in a while.


Exactly my case! So I have a cronjob that compares the current IP with the previous one and, if different, sends an API request to update the DNS record.


Can you do a quick write up about how to do this? As a web developer, I feel like I should know how to host my own website from my own machine, but I've always struggled to get all the right steps in place. It'd be nice to hear from someone more experienced, so I can make sure to do it correctly!


Essentially you write a script in any language that:

1) checks what's your current IP (an easy way is to do a GET request to http://icanhazip.com/, available thanks to Red Hat engineer Major Hayden)

2) checks what was the last IP you sent to Cloudflare (saved in a text file on your disk or something like data)

3) if they are different, send a PUT request to the Cloudflare API with the new IP: https://api.cloudflare.com/#dns-records-for-a-zone-update-dn...

4) Then save that new IP in the text file, so you can check next time

Finally, you edit your crontab to run that script every few hours or so.


I've checked icanhazip.com and it's not returning the same ip as the one from ipconfig. What does it mean? Note I know nothing how networks work and that I'm in a corporate network


Your corporate network is using network address translation (NAT) to map an external address, shown on icanhazip.com, to a local network address, shown in ipconfig. You likely share this external address with many other users and mapping services to it will be challenging without having access to the routing/forwarding configuration.

https://en.wikipedia.org/wiki/Network_address_translation


Okay, thank you for this information.


Oh I didn't know this, mine has always been static.

What's the reason for having such a low lease time on public IPs?


ISPs assign IPs depending on usage abd generally do not have a 1-1 userbase / IP pool.


I'd imagine there is significant value in capturing small customers with a free product who end up growing into their enterprise products.


Cloudflare is getting too big so I'm all for anything that could possibly make it smaller


In defense of this user we have had a few system wide outages which have shut down major communications networks and news outlets.

Additionally they're less than friendly to users who strive for anonymity via forced captcha which further empowers google's massive machine learning/data classification efforts.

Cloudflare are big and competition is something they clearly lack.


Site owners can turn off the captcha by reducing the security level. I understand why it exists, I just wish they didn't use a Google service for it...

The lack of competition probably shows the difficulty of the task. A global CDN is complicated and expensive (physical infrastructure, all the interconnect agreements) and a big technical challenge.


It is quite possible to setup a global CDN overnight. Spin nginx reverse proxies in all AWS, Digital Ocean, and Linode POSs, and you'd have a good enough network. Throw Inna control panel and you got yourself a contender in the budget CDN sector.

Cloudflare was rather innovative, with their authorative and recursive DNS, peering agreements with many ISPs including the ones that others didn't bother about, free SSL (Which they offered with Comodo even before Let's Encrypt), etc.


That is a fast way to burn a lot of money . Cloud Service Providers like the ones you mention heavily marked up sell metered bandwidth with no guaranteed allocation and are considerably more expensive than say a tier-2 player like hetzner/OVH or spinning your own servers in a Colo.


Sure, but no cloud company offers the amount of locations you can get on Cloudflare. Now you've even got edge compute, bringing really low global latencies for some applications.


hcaptcha.com


CloudFlare offers Privacy Pass where with 1 captcha completion you generate something like 20 tokens, meaning you can bypass 20 captchas after that. Sadly nearly every website just uses pure Google captcha which forces you to go through the ordeal every single time.


hcaptcha.com also supports privacy pass, and we contribute to the standard


Is this your product? If so, how can I cash this out into tangible currency rather than an ERC token, and is it possible to select the amount of labeling (ex: users I identify as bad have to go through 10+ pages, users I identify as OK go through 1)?


It is. We support paying in paypal. We get users asking us to mainnet our token so they can be paid that way everyday, so expect news there.


thanks a lot for articulating my point better then I did, but I don't really care about the downvotes because I know that my opinion will be accepted within 5-10 years if the trend keeps going the way it is... ;)


How so? If the service is WORTH paying for, then it SHOULD be paid for. The world of service, if proven magnetizable, should always be monetized. #FreeMarkets


The salami I try at Costco, as a free sample, is worth paying for. It is food, and it has value.

However, they give me a small sample as an inducement to buy; presumably to increase sales beyond a baseline, in quantities and at prices sufficient to cover the cost of not only the free food they give away, but the labor to do so.

Cloudflare can provide a free product that's WORTH paying for, if their paid product is so much better, and its sales increased by so much, that the free giveaway can be considered a marketing cost that pays for itself.


I'm a #freemarket guy and all, but freemium is a long standing monetization model that many companies have used to accelerate net profits in the long run. Not really anything anti free market about freemium. The problem with freemium has always been building the premium tier that someone wants to pay for :P


Markets don't equilibrate at the value to the customer any more than they equilibrate at the cost of production. They compromise between the two.


> Markets don't equilibrate at the value to the customer any more than they equilibrate at the cost of production. They compromise between the two.

No, they don't compromise between them, nor do they reflect one more than the other: the basic law of supply and demand is that markets clear at the quantity and price where the marginal cost to produce equals the marginal value to customers which also equals the sale price.


assuming a huge number of perfect circumstances which is not how reality works. Assumptions made for what you said to play out include: perfect competition, perfect information, perfect rationality of actors, 0 barrier to entry, that value and cost is strongly bounded and defined on either end, and much more.

Common examples that violate each one in term: Facebook, Used cars, Veblen goods, Utilities, Healthcare.

A market that has one large player that completely dominates certain segment(s) is not likely to be a healthy one that is providing value at near cost, why would it be? The incentive is always to charge as much as possible.


> assuming a huge number of perfect circumstances which is not how reality works.

I don't think there is actually an equilibrium price defined as some kind of compromise between supply and demand curves absent those circumstances, either; there's an actual price at any given time, but it's not an equilibrium (particularly, without rationality—which incorporates perfect information—you don't have any expectation of an equilibrium even if all the other factors are present, at any price.)

Once you are discussing equilibrium—as the post the grandparent addressed did—you are implicitly discussing at least some of the ideal circumstances you’d like to negate.


The market can still reach equilibrium even with non optimal conditions, just not the "efficient market" equilibrium.

Additionally, irrational does not mean unpredictable, after all advertising is extremely effective.


It’s quite possible that cloudflare gains more value from the customers than they gain from cloudflare.


For instance? (Honest question)


> Free customer base—Free customers are an important part of our business. These customers sign up for our service through our self-serve portal and are typically individual developers, early stage startups, hobbyists, and other users. Our free customers create scale, serve as efficient brand marketing, and help us attract developers, customers, and potential employees. These free customers expose us to diverse traffic, threats, and problems, often allowing us to see potential security, performance, and reliability issues at the earliest stage. This knowledge allows us to improve our products and deliver more effective solutions to our paid customers. In addition, the added scale and diversity of this traffic makes us valuable to a diverse set of global ISPs, improving the breadth and economic terms of our interconnections, bandwidth costs, and co-location expenses. Finally, the enthusiastic engagement of our free customer base represents a “virtual quality assurance” function that allows us to maintain a high rate of product innovation, while ensuring products are extensively tested in real world environments before they are deployed to enterprise customers.


It adds latency to API services, it doesn't add value in conditions where you aren't under attack. It inhibits legitimate users with privacy controls (and/or Firefox) in place.

It may or may not be worth it, but it isn't a panacea.


Here's the meat and potatoes:

> We have experienced significant growth, with our revenue increasing from $84.8 million in 2016 to $134.9 million in 2017 and to $192.7 million in 2018, increases of 59% and 43%, respectively. As we continue to invest in our business, we have incurred net losses of $17.3 million, $10.7 million, and $87.2 million for 2016, 2017, and 2018, respectively. For the six months ended June 30, 2018 and 2019, our revenue increased from $87.1 million to $129.2 million, an increase of 48%, and we incurred net losses of $32.5 million and $36.8 million, respectively.

Compared to the numbers we've seen for recent tech IPOs, being on track to lose about $72M for 2019 seems reasonable.

Also, haven't read through it all but I'm curious how strong this clause will be for future control:

> The dual-class structure of our common stock will have the effect of concentrating voting control with those stockholders who held our capital stock prior to the completion of this offering, and it may depress the trading price of our Class A common stock.


What the heck happened to their OpEx in 2018?!

They went from growing at 60% YoY in 2017 with an 8% Operating Loss, to growing 43% YoY with an Operating Loss of 44%.

To put it another way, in 2018 they grew their revenue 40% (+$58m) and grew expenses 100% (+$115m).

I mean, apparently they raised a huge round and felt the need to increase spending massively. And then saw slowing growth as a response?

Was there a massive boost in R&D output? Entering entirely new product lines? My uneducated impression is that they offer largely the same product this year as they did last year.

The only thing I can think of is that they went from “scrappy startup” to “bloated unicorn” status?


They explain the huge changes in Operating Expenses here: https://wallmine.com/doc/edgar/0001477333/000119312519222176... It doesn't go into much detail but breaks them down nicely. Disclaimer: I added the next two highlights too


My guess: new development-intensive products like the 1.1.1 DNS, Wireguard, WAF etc plus general scaling and growth on one side, and increased competition from established cloud services on the other.

After all, if you are already on eg AWS, just using Cloudfront is temptingly easy. (even if bad from a redundancy perspective)


It's easy, but we're saving thousands of dollars a month using Cloudflare instead of our cloud service provider's CDN (~250TB/month), and that's without any kind of discounted egress agreement between our cloud service and Cloudflare (which is supposed to be in the works, but it's been literally years with no further word)


You missed Magic Transit that was announced few days ago: https://blog.cloudflare.com/magic-transit/


AWS also offers a managed WAF - https://aws.amazon.com/waf/


> just using Cloudfront is temptingly easy

IMO this is giving way too much credit to AWS


Assuming you’re already integrated on AWS, just using Cloudfront is a lot easier than Cloudflare. You’re likely already using S3, maybe use CloudFormation as well. Then it’s often much more straightforward to use AWS services rather than a third party provider.


Arguably a lot of that R&D should be capitalized and not be on the I/S. Investments like that shouldn’t impact net income. I’m more concerned with G&A going up 500%.


They are claiming the work needed to become IPO ready (accounting, legal, etc) spiked G&A. I see that a good a chunk of that was 1 time consulting but most was from additional staff.


Both CloudFlare and Zoom are pretty great products and as much as I applaud their team's IPOs, I'm worried that the vagaries of being a public company will result in the GOOG syndrome. That's where a company with a great product is forced to expand every quarter to the point that it becomes a frankenstein-ish hulking version of itself.


Why not just pay a dividend? That's what stocks are supposed to be, shares of ownership in legitimately valuable enterprises with return on investment.


Well, at least prior to 2003 there was a strong incentive to prefer gains from stock sale since it could get long term capital gain tax rates (15% now, 20% at the time) vs. dividends which would be taxed as normal income. Since then however, qualified dividends are taxed the same as long term capital gains.


There's more to it than that. In order to pay dividends, you have to pay corporate tax before you can pay out the dividends. And that is almost 40% on the top end. So the effective tax of qualified dividends is more like 60%.

Alternatively, if you can stash money overseas in tax free accounts or invest the money back into the business to avoid taxes, then you only have the long term capital gains tax.


"After the passage of the Tax Cuts and Jobs Act, on December 20, 2017, the corporate tax rate has been changed to a flat 21% starting January 1, 2018"


You are right. So only double the taxes instead of triple by receiving a dividend.


Corporate taxes are different from personal income taxes.


> Since then however, qualified dividends are taxed the same as long term capital gains.

Share buybacks are still better than dividends, because the investor can choose when to recognize the income.


Top US long term capital gain tax rate is 20% and there is a 3.8% tax on that


No, the return on investment is provided by the claim on assets at dissolution. It can be realized in advance of dissolution (since, as it turns out, companies tend these days to be chartered for open-ended purposes and so not to dissolve when successful) either by trading the claim for money or by the company doing periodic partial dissolutions. The whole idea of public trading is to enable the first to be done efficiently, dividends provide the second, but there is no reason a firm must do both. A firm that does neither makes it harder to realize returns but some investors may be happy to trade that for what they perceive to be higher returns or better serving non-financial interests the investor has.


Growth will also give return on investment. I'd rather see Cloudflare invest in growth and R&D than give a dividend. They are nowhere near finished growing.


What more would you expect from them? Not looking for an argument, honest question.


They’re getting into some sort of “accelerator VPN” market. They clearly have ambitions to Be The Internet.


With the growth of space initiatives as we've seen recently, maybe they could pursue some of their own?


AWS-like cloud infrastructure


Yep, this would be a godsend. They're already doing something similar with Workers and I do hope the trounce other cloud providers in providing a "Serverless Cloud"


The purpose of an IPO is to raise money to do something. It doesn't make any sense to sell part of your company to a random set of people, just to pay them back over time. That's like me getting a mortgage for my house and after 30 years I pay back the mortgage and the bank still gets to own my house.


That’s what it’s original intent was, but an IPO is now a way for all the investors to earn a return on their private investment and cash out at any time moving forward.

In all fairness, private investment was much lower when this was the case. Companies used to do an IPO much earlier when they needed funding instead of raising hundreds of millions in private investment money.


I believe the point is that you if you don't need to raise any money, you can do a direct listing instead of an IPO. Then you allow investor liquidity without selling equity.


> It doesn't make any sense to sell part of your company to a random set of people, just to pay them back over time.

It's unfortunate that this doesn't make sense to you, because that it literally the original purpose of shares in a company.

Someone wants to finance a voyage to a far-off land to trade. To do so, they form a company and issue shares of the company. The profits off the voyage (if any) are then divided amongst the shareholders, in proportion to shares held. It was a pretty good idea.

(Debt is not the same as equity, not sure why you are talking about mortgages).


That's exactly it's purpose though. If you only want a loan you would be raising debt (i.e. corporate bonds) rather than selling equity.


The owners will make more money if they double the company's value than spend their profits on a 5% dividend to shareholders. Simple capitalism at work.


...but less money if Google spends the 5% on Google Plus or an Google Messaging Platform No.8 and doesn't double the company's value.


These are huge swings. Each of these projects has the potential to increase the company's value by $100B and only cost single digit $B. Same model as VC.


I wish more of the companies represented in my index tracker could make 1B investments with 100B returns.

If only it were that easy!


I agree, but the greater fool theory and financial engineering (ie buybacks) will lead to greater profits for stockholders in the long run.


Buybacks are closer to a one-time dividend than they are "financial engineering."


Buybacks are a more tax efficient vehicle for returning capital to shareholders.


They're also arguably more cost-efficient if a large portion of investors would just take their dividend and use it to reinvest in the stock - the buyback means that group don't need to incur the friction costs of doing so.


While this may be true, they seem to be largely funded by debt. Taking on debt and not using it for capital seems exceedingly risky in the face of a recession.

And I gather this popular because of the tax implications of a dividend vs increase in stock price. I'm in favor of people paying taxes, so I'd prefer a dividend.


This is an entirely different problem and not really true, except for the companies that do so to avoid repatriating foreign capital and incurring US tax rates.


Should Google have paid a dividend in 2004? They made $150MM in profit in the 1st half of that year they definitely had the money to spare...


Zoom is great especially the malware side of it


Finally an IPO I want to buy into. Technical fundamentals matter.

Edit: I mean that in the software/service way, not the economical way, in case there was any confusion.


> Technical fundamentals matter.

Centralization of the entire internet behind a single entity is a _bad_ thing for people who care about technical fundamentals.


Exactly! I don't why Internet folks fall into this trap time and time again! It's probably simply because it is an easy and quick way to tell your boss your website is protected consequences be damned.

I can imagine the next Edward Snowden will reveal the intelligence community's direct line into the traffic running over Cloudflare's infrastructure. Cloudflare is providing DNS and HTTPS services on a massive scale which means they can essentially MiTM any of their customers on behalf of the government.


It depends on the topic of discussion. If we are discussing the viability of a company, and trying to project long term success, then this is all good news.

If you are discussing whats best for society and how these businesses impact those things, then this could be alarming news.


There's a big shift towards privacy happening now. If Cloudflare came out a decade ago I'd also be in their camp. But the risks are too high and developers are starting to recognize that Cloudflare is far from free and comes with long terms consequences for the health and resiliency of the internet.

I appreciate how they pushed HTTPs widely. But now that's Let's encrypt exists there's no excuse.

Ill also never forgive them for making Tor completely unusable for accessing any normal website. It's almost impossible to pass the security checks and if you do another one is coming once you switch IP. I understand Tor is a niche product but it's an important one for activists and other persecuted people. And it will only continue to grow in importance as the dictators all learn how to do NSA style mass surveillance.

The DDOS stuff if the harder problem to solve and I don't know enough about it to judge the competition's ability to offer it safely and privacy friendly way.


I mean, that's like your opinion or whatever, sure. But this S-1 filing is about if they are a sustainable business. And none of what you touched on would seem to have any serious impact on their business model.

The Tor stuff feels way over blown to me. I worked at CF while it was a problem, and was an avid Tor user at the time. It was a terrible user experience, but it wasn't completely Cloudflare's fault. They didn't target Tor users, Tor exit nodes have terrible IP rep which is an industry standard for risk rating IPs. ReCaptcha had some functional issues that could not be solved by Cloudflare. And lastly, site owners did next to nothing to support their Tor visitors even once dedicated options were available via the IP Firewall. This seems like hyperbole, especially as JGC was avid about getting this resolved, and was very public with the discourse. Companies don't do things perfect all the time, and it seems extreme to hold CF purely responsible and hold onto that anger for something that's long been resolved.

In the end, everything in this S-1 is promising for people interested in tech businesses, which is what many people are praising. They already generate a profit, their operation costs are reasonable, etc.


> They already generate a profit, their operation costs are reasonable, etc.

They don't turn a profit, and their operating costs are growing sharply. From the S-1:

> As we continue to invest in our business, we have incurred net losses of $17.3 million, $10.7 million, and $87.2 million for 2016, 2017, and 2018, respectively.


There's always a compromise with privacy that people are willing to ignore in the short term, but I'd rather bet on long-term trendlines than people's laziness today.

Their business model of taking over and centralizing whole sections of internet will continually cause a backlash. They only have a percentage of all traffic today and it continues to increase. And apparently so does their willingness to not be a neutral service provider as we saw with 8chan, which is in stark contrast to their policy towards the LulzSec hackers and plenty of other "bad guys".

I'm sure Cloudflare will continue to be a good business in the short-term, but that should never be the relevant metric for any business. But it will become more and more obvious to everyone the bigger they get.


> Ill also never forgive them for making Tor completely unusable for accessing any normal website.

Is the privacy pass extension an invalid fix for the problem?


> Centralization of the entire internet behind a single entity is a _bad_ thing

They do the opposite. They enable small website owners to survive on the internet without having to use vertically integrated services like cloud offerings.


I'm not sure you fully understand the problem. If I hit the big red button and just shut Cloudflare off, millions of websites drop off the Internet. It is a massive single point of failure, and as you point out, a vertically integrated service (DNS, DDoS protection, WAF, proxying, etc).


I have said that it's not a vertically integrated service. Others are. Like S3. Or GCP. Cloudflare makes it possible to avoid the big clouds and do your own hosting or to use a smaller hosting company.

As for the millions of websites going offline. Surely, Cloudflare has tons of customers. It's an internet scale company. If they act sloppy and have tons of downtime a competitor might take over. If it's hard to architect a DDoS protection service in a robust way then that's just the world we live in. But I think you should appreciate that Cloudflare sells DDoS protection (their core product atm) without selling you a big package like http serving or root servers.


DNS is far from centralized and DDoS protection is something that small websites would have no ability to do on their own. It isn't just a convenience thing, it's a literally-impossible-without-scale thing.


DNS for sites protected by cloudflare are on cloudflare's DNS afaik.


That's optional and has been for awhile now I believe, you can CNAME from your own DNS provider. While that does rely on their DNS for that one record, it means you still have control to changeover if need be.


And, that doesn't change the point... the website protected by cloudflare still controls the effective dns for that site. The lookups are controlled, and CF is a mitm vector.

A client deployment of an app, that the client had behind cloudflare was making 80ms API requests take 8 seconds. It's not always great.

I'm not saying that there aren't alternatives, and that people have to use Cloudflare... but there really isn't much in the way of an alternative at even a similar level of support and price on the low/introduction side of things. The issue regarding recaptcha can be REALLY annoying, especially on a non-google browser.


Right but there are plenty of other options for DNS providers.


There are... but as CF correlates to a significant portion of internet traffic and DNS lookups, it's not like the original point is invalid.


DDoS protection is something that small websites should not need.

Current circumstances are a sad and unfortunate state of the internet.


Not only that, Cloudflare has helped to ensure that DDoS protection is something that every website needs. Under normal circumstances, all the shady DDoS-as-a-service providers would DDoS each other off the internet and leave everyone else in relative peace. However, Cloudflare kindly provided them all with free, world-class, no-questions-asked DDoS protection to ensure that they could continue operating their business of destroying sites that didn't use Cloudflare.


This doesn't make any sense at all. What are you basing it on?


See for instance https://krebsonsecurity.com/2015/01/spreading-the-disease-an... or more recently https://www.secureworldexpo.com/industry-news/does-cloudflar... - this has been going on for years and is officially permitted by Cloudflare policy. (The reason why these booter services need such good DDoS protection is that knocking the competition offline makes for good business - it's a great demonstration of effectiveness and cuts off their business at the same time. In the pre-Cloudflare era those services were locked in an almost continual war against each other.)


Look at any big cloud provider or CDN and the same can be said. If you don't have a DR plan in place to bypass a CDN provider in a downtime situation then you're doing something wrong. (assuming it isn't a hobby project)


I'm not sure you fully understand what Cloudflare does.


It's really both. I think the biggest issue that some have is that Cloudflare has no real competition at this point for those that cannot afford the more expensive options. And combined with that, they control a very large portion of internet web traffic and are in a position where they could potentially be heavily influenced by government actors.

I'm not saying that it's happening, or even that it is the biggest concern for most. But it should be a bit of a concern to some, and one may want to think about if they really want to use them in this context. It's a matter of knowing and evaluating all of the risks involved.

Does it really matter for a static blog that only publishes a few articles a week? Not so much.

Does it matter for a media company that publishes articles a government doesn't like and initiates contact through it's website? Probably.


If you are just using the basic service for a firewall/DDOS protection and CDN there doesn't seem to be much lock in. If other competitors come along, and they undoubtedly will if Cloudflare proves the value of the market, it should just be a matter of switching your DNS records to said competitor. Maybe I'm not imaginative enough, so please share if I'm not thinking of something, but it doesn't seem like their market share makes it harder for other competitors, they aren't monopolistic.


You realise that Cloudflare is nowhere near a monopoly, right? They might be the most 'household' CDN, but they're far from the first or biggest


> the entire internet behind a single entity

You're giving CF too much credit. They are very small fish, as it seems from the S-1. But still dangerous because they MITM while operating for free at loss, so don't reuse passwords and logins between sites.


They handle about 10% of web requests according to this blog post: https://blog.cloudflare.com/why-we-terminated-daily-stormer

If we trust that metric, it seems significant to me. Not what I would call small fish.


Small animals tend to puff to look bigger :) 10% of whole internet on a budget of 50-80M / year is hard to believe.


US ISPs make you think that internet traffic is like gold ;). I get tens of terabytes here in Europe for 10€.


Yeah, from a citizen perspective I agree. C'est la vie. Our governments need to work against this via legislation.

It should not be up to Matthew Prince to decide who to block. He has demonstrated his inability to function as censor in a very visible (and frankly embarassing) way.


> He has demonstrated his inability to function as censor in a very visible (and frankly embarassing) way.

How? There have been exactly two cases of "censorship", and that is the Daily Stormer and 8chan. One is an utterly vile peddler of antisemitism (literally named after a Nazi paper) and conspiracy theory, and one was linked to at least three terroristic attacks. If it were not white supremacists but Islamists, it would be closed down in an instant and no one would bat an eye.

If anything, Cloudflare seriously lacks (like Facebook and Twitter) policing their customer base.


>If it were not white supremacists but Islamists, it would be closed down in an instant and no one would bat an eye.

This is ironic since Cloudflare has famously been under fire because Prince specifically decided against removing ISIS websites from Cloudflare and vehemently defended his decision that Cloudflare should not be censoring anyone.

Prince himself even agrees with the parent comment, and he goes into pretty good detail in his blog post here [1] about why companies like Cloudflare should not be able to make the decision to remove websites, and that it should be left up to governments. I guess he got overruled on that stance when it came to 8chan, though.

1: https://blog.cloudflare.com/why-we-terminated-daily-stormer/


I'm sure it's just in my head, but it feels like the first tech IPO in several years where there actually seems to be a viable business model.


> where there actually seems to be a viable business model.

It has carried them this far, but the real money will be when they turn to advertising (which investors will eventually figure out and insist on).

Remember all the crazy marketing data ISPs wanted to collect, then we pushed everyone to move to TLS? Well Cloudflare unwraps TLS for all their clients and is in a position to collect all the same data.


Zoom stands out in this category too. Random blog on Medium, but the points all stand:

https://medium.com/@alexfclayton/zoom-ipo-s-1-breakdown-1192...

Growing >100% YoY, profitable, generating cashflow, NPS above 70, just an all around solid business.


Zoom has very little defensible tech, it's more about packaging/marketing. Cloudflare is very difficult to duplicate.


Not true, Zoom has developed and deployed very sophisticated malware which would be hard to replicate on purpose or through incompetence.


You would think...

But, every competitor that I’ve tried to use is a train wreck. Zoom just works. All the time, every time.


The fact that Zoom has gotten software engineers to _like_ Zoom is a testament. Most engineers I know detest almost all video conference solutions. Hangouts eats batteries for breakfast, Cisco products are clunky and expensive, Skype is ancient, etc.... but Zoom just works.


Zoom has network effects. If a company has deployed zoom in their conference rooms, talking to non-zoom shops stinks.


> Cloudflare is very difficult to duplicate.

Unless you're one of their many competitors, like, say, AWS. From the S-1:

"Our current and potential future competitors include a number of different types of companies, including:

• on-premise hardware network vendors, such as Cisco Systems Inc., F5 Networks, Inc., Check Point Software Technologies Ltd., FireEye, Inc., Imperva, Inc., Palo Alto Networks, Inc., Juniper Networks, Inc., and Riverbed Technology, Inc.;

• point-cloud solution vendors, including cloud security vendors such as Zscaler, Inc. and Cisco Systems Inc. through Umbrella (formerly known as OpenDNS), content delivery network vendors such as Akamai Technologies, Inc., Limelight Networks, Inc., Fastly, Inc., and Verizon Communications Inc. through Edgecast, domain name system vendors services such as Oracle Corporation through DYN, NeuStar, Inc., and UltraDNS Corporation, and cloud SD-WAN vendors; and

• traditional public cloud vendors, such as Amazon.com, Inc. through Amazon Web Services, Alphabet Inc. through Google Cloud Platform, Microsoft Corporation through Azure, and Alibaba Group Holding Limited through Alibaba Cloud. "


>"on-premise hardware network vendors..."

Wow, they grammar goofed "on-premise" 33 times on their filing. (should be on-premises)


Not sure why the above getting downvoted, unless On-Premises is wrong? ( Honest Question, I have always used On-Premises )

Edit: And Now I am getting downvoted for asking a question.


"on-premises" is indeed correct in this context.

"premise" is a thought or idea. "premises" is a location, like your servers can be "on-premises". Completely different meanings.

I hear lots of people these days mistakenly saying "on-premise" during hybrid-cloud conversations and in documentation when they really mean "on-premises". (And yes, looks like I've been down-voted for my first hacker news comment too.)


It just means the quality of HN is downgrading very rapidly.


This is a sure sign that:

* You won't get allocated any shares

* Trading will start at a ridiculously high valuation, maybe 10x sales or more


GOOG and FB also seemed overpriced a week after their respective IPOs.


Zoom and Twilio as well.


Also fastly, which has the same business model


How about Slack, PagerDuty, Zoom, Crowdstrike, or Pinterest? These were all in the last few months.


You can also add DocuSign (last year) to that list. They're heading toward a billion in annual sales and they offer a straight-forward and useful service.


Exactly - relatively little technical depth.


I was responding to buildzr who wrote:

> I'm sure it's just in my head, but it feels like the first tech IPO in several years where there actually seems to be a viable business model.

The companies listed above have what appear to be viable business models. I didn't intend to comment on technical merits, but I think you may be underestimating the technical depth of what some of these companies are doing.


It's quite refreshing, right?


Ditto, I'm excited about this one.


Activities of our paying and free customers or the content of their websites or other Internet properties, as well as our response to those activities, could cause us to experience significant adverse political, business, and reputational consequences with customers, employees, suppliers, government entities, and others.

... We also received negative publicity in connection with the use of our network by 8chan, a forum website that served as inspiration for the recent attacks in El Paso, Texas and Christchurch, New Zealand. We are aware of some potential customers that have indicated their decision to not subscribe to our products was impacted, at least in part, by the actions of certain of our paying and free customers. We may also experience other adverse political, business and reputational consequences with prospective and current customers, employees, suppliers, and others related to the activities of our paying and free customers, especially if such hostile, offensive, or inappropriate use is high profile.


It’s odd to have these IPOs in the middle of August, in the middle of a super volatile market. I can’t help thinking that there must be a sense of urgency, based on the perception that this is the last opportunity before a bear market and much more modest (realistic?) valuations.


> It’s odd to have these IPOs in the middle of August

Read my other comment further down. It is from doing your private SEC filings in December to use a loophole to avoid disclosing a bunch of information.

These companies didn't just wake up in the morning and plan to IPO, it a good 18 months of planning that end with a public filing.


That's all well, but I am more familiar with bond issuances than equity, and the issuer always has the option to delay until the right market conditions, and I don't know any banker who would ever advise issuing in the middle of big market correction, in the least liquid part of the year.


You actually have that option but there is a limit to how much you can delay - I'm not familiar with US regulation but in most jurisdictions I know about you could delay for max 3 months after your public submission (mostly due to the fact that you present quarterly numbers on the prospectus, which means you need to update it X days after closing the quarter).


This is just about when kids go back to school. You see fewer IPOs over the summer because the bankers are all off in houses in the Hamptons or Nantucket. Your underwriters may not want to IPO until you get back, and there will be fewer people to buy your shares.


Or last resort because private money has dried up.


They just got an additional series funding and turn a profit year over year currently.


I adore, and extensively use, Cloudflare's free services for a couple of hobby projects. I hope they don't substantially change them post-IPO.


But tinbucket, I’m pretty sure you just loudly proclaimed you would be happy to pay at least $5/month!


I'd actually love a subscription that covers multiple low-traffic domains.

Next to a few business accounts for larger projects, I probably have 30 low traffic sites which aren't much of a cost for Cloudflare. I'd happily throw something like 20$ per month their way to have them covered.


I'd happily pay $5/month if it covered all of my hobby projects.

I'm not interesting in paying to run just a single project.


I'd be the same as you. All of my hobby sites combined probably get 1,500 views a month. I'd happily pay the $5 to cover that.


This is perfect timing considering they made headlines all of last week for banning that one site from their platform. But Google Trends seems to reveal that the banning incident was only 1/4 of the search volume they got for their big service outage on July 2nd:

https://trends.google.com/trends/explore?date=today%203-m&ge...

I wonder how the IPO news will compare in terms of global search volume


This is noted in their risk factors:

> Following the events in Charlottesville, Virginia, we terminated the account of The Daily Stormer. Similarly, following the events in El Paso, Texas, we terminated the account of 8chan. We received significant adverse feedback for these decisions from those concerned about our ability to pass judgment on our customers and the users of our platform, or to censor them by limiting their access to our products, and we are aware of potential customers who decided not to subscribe to our products because of this.

Within the next week we'll see the trends that represent how much nouse their IPO made (IPO news is generally slower moving): https://trends.google.com/trends/explore?date=today%201-m&ge...

Side note: you can see that an outage makes about 4x more noise than PR about DDOS protecting a website like 8chan: https://trends.google.com/trends/explore?date=2019-06-25%202...


If you think they banned sites for PR cover against the moral high ground before they went public, just wait till you see them once they are public!


Am I reading this right when it looks likes they spend twice as much money on sales as engineering?

There was also a very strange spike in stock compensation in 2018, $27,000,000 compared to $2,755,000 in the previous year and $1,849,000 in the next. What happened there?


Stock compensation spiking a year before their IPO doesn't seem unusual. It's likely an employee incentive.


Of all of these IPOs, this is the one with the most "product" behind it IMO.


> We have applied to list the Class A common stock on the New York Stock Exchange under the symbol “NET.”

Pardon?


I guess someone beat them to CLOUD?


I'm more shocked that NET is still available!


I don't think NYSE has 5 letter tickers.


The limit for a ticker symbol on NYSE is six characters... from Section 2.1 of the NYSE Symbology spec [1]:

The NYSE defines the symbol into two parts: a root and a suffix. The root constitutes the first part of the symbol and it can be up to six characters (although traditionally, most symbols representing companies only use a three-character root).

That said... in the early 00's, our is_nyse(ticker) function looked like: { return ticker.size() == 3; }

[1] https://www.nyse.com/publicdocs/nyse/data/NYSE_Symbology_Spe...


https://www.cnn.com/2019/08/12/investing/ticker-symbol-confu...

> Bankrupt electronics retailer Tweeter Home Entertainment soared nearly 1,000% in 2013 after Twitter (TWTR) filed to go public. That's because Tweeter's ticker was "TWTRQ" and Twitter had registered for "TWTR."


That is NASDAQ not NYSE.


The maximum, as provided by general consensus are 4 letters. The fifth letter, when applicable, signifies company status. "Q" for bankruptcy, "A" or "B" for class names, "E" for delinquent, "J" and "K" for voting and non-voting respectively, and so on. See https://www.investopedia.com/ask/answers/06/nasdaqfifthlette... (doesn't just apply to NASDAQ)


Looks like CFR and CLD are already taken, to be fair


There's still CLFL and CFLR and probably others.


an interesting article from the other day, Confused investors keep buying FORD, thinking it's Ford - https://www.cnn.com/2019/08/12/investing/ticker-symbol-confu...

Maybe they are trying to stop these types of scenarios by using NET.


Compact Fluorescent Lighting?


Yeah, i would have tried CFLR, or something like that...unless, they have other ambitions...?


Cloudflare has excellent offerings in the networking space, their tech stack seems solid. The customer base seems loyal: Once you're a customer, free or paid, there's very little reason to move out. Their revenue has been growing 43% and 59% for past 2 years: The business side of things seem to be kicking along at a good pace. They seemed to have figured out a perfect balance at offering services to freelancers, to small to medium businesses, to enterprises, to Fortune 500s. The diversity is astounding.

A few acquisitions and the next thing you know they are in the video-streaming business, in the ISP business, in the mobile carrier business as 5G rolls in and what not: The possibilities are endless? Esp as the world becomes more and more connected (IoT and proliferation of smartphones) and business move online, security and speed at scale are going to be of paramount importance and Cloudflare is primed to seize that market, imo

From running a honeypot network to winning techcrunch disrupt to this. What an amazing journey. One the few tech IPOs I'm genuinely excited about.

Congratulations eastdakota et al.


They already are in the video streaming business. ;)

https://www.cloudflare.com/products/cloudflare-stream/


And we’ve been very happy with their Stream product for about 6 months now. No complaints.


Curious: are you using the default player, the player but customized (as per the docs), or the trick to get the HLS manifest via `videodelivery.net/{video_id}/manifest/video.m3u8`?


> Once you're a customer, free or paid, there's very little reason to move out.

I find their sales tactics and pricing strategies aggressive and unfriendly.


Fun fact: Matthew Prince had to borrow money from his mother when Cloudflare was just starting out.

They've come a long way.

https://twitter.com/eastdakota/status/1129929178382446592


No offense, but borrowing from a parent is not really borrowing, at least in most cultures.


No Offence, but care to explain which part of this is not borrowing?

Edit: And not sure about the down vote.


Completely unrelated: the font that they chose to use in their marketing material looks a lot like San Francisco. I didn't know you could use it for promotional material that wasn't software for Apple's platforms.


I could be wrong here but my understanding is that the letter forms of a font are not subject to copyright, only the font file itself. This is why Microsoft was able to create Arial which is a virtual clone of Helvetica without it being a derivative work.


you mean I could copy a font as long as the resulting font file is different from the original one?


Yes. The file is the only thing with legal protections.


Actually, not necessarily. Drawing font glyphs is certainly protected by copyright (even if not filed, an implicit one) as artwork. You probably wouldn't get prosecuted because they probably couldn't prove if you copy-pasted, but it's still the work of an artist.


Typefaces are not covered by copyright in the US. Bitmapped fonts aren't either as that's just a computerized version of a typeface. Other types of fonts are covered by copyright as they're computer programs that tell the computer how to draw the typeface. This means unless a typeface was created for and used in a trademarked logo there is no protection on it and you can freely recreate it by tracing the output of an existing font.


So, it's legal to make a business that consists in copying all of the pay fonts and selling them for half the price under a different name?


As a long time Cloudflare user, I wish them luck on this! They've been a great service to use.

I usually don't buy stocks individually, especially around the IPO but once it settles down, I might buy some of these.


Now they'll have even more incentives and pressures for censorship.


That’s an interesting opinion. What about being publicly traded makes you think they’ll me more incentivized to censor?

Facebook’s performance suggests that playing fast and loose is preferable


So far the CEO has twice bowed to public pressure and unilaterally removed completely legal websites from the service because he perceived hosting them made Cloudflare's brand look bad.

As a publicly traded company the company is now actually accountable (rather than just in his head) to a slice of public opinion and to keep the brand as profitable as possible. That means not providing services for anything controversial.


As Daily Stormer and 8chan have shown, CloudFlare has very few competitors and seemingly none that don't censor.

8chan jumped ship to BitMitigate when CloudFlare dropped them, and then BitMitigate dumped them when they had their backbone link yanked out from under them.

Neither site broke any US laws, but they were both controversial.


> CloudFlare has very few competitors

In the personal/SMB spaces, you're right. Of course, enterprise remains their cash cow, where they compete with the big boys (akamai, incapsula, etc.).

> Neither site broke any US laws, but they were both controversial.

This is basically why so many are bothered by CloudFlare's decision. Who decides what's controversial? We've seen many examples in the past of normal views being "controversial".


> Who decides what's controversial?

CloudFlare, in this case.


What's the difference between this and choosing not to bake a cake for a gay couple? Plenty of people cheered Cloudflare for taking down TDS and 8Chan, but the same people got up in arms to demand a private business provide service to a protected class. Last time I checked political affiliation was a protected class in CA and political activity was a protected class in CA & NY.


> political activity was a protected class in CA & NY.

Yes, but cloudflare is not denying a job to any of those people. Not to mention there are certainly threats of violence on those sites, which are technically illegal. That's grounds enough to take the site down.

I argued above that cloudflare's actions were concerning, but at the end of the day, it's cloudflare's network. Do you really want the state compelling by force a firm to carry the traffic of any one? I don't, and find it the only option more concerning than a firm arbitrarily refusing to do business.

I personally dislike the actions of cloudflare in this case, and am allowed to criticize them. However, I don't think it makes sense to have the state enforce my criticism via compulsion.


> completely legal websites

Are you referring to The Daily Stormer and 8chan?


Not parent, but probably. If they weren't legal, there wouldn't be an issue: Cloudflare complying with the law to block illegal websites would be a non-story.


Cloudflare making the decision not to serve specific customers in a legal fashion that does not discriminate against any protected groups is a non-story as well.

You don't often see private businesses making decisions like this on the front page of the new york times, but this one is a hot topic. They have no social, moral, or ethical obligation to serve these customers, and one's disagreement with that does not mean we should be forcing individuals to cater to everyone.


Something doesn't have to be illegal for it to be a story and it's not ideologically inconsistent to agree that Cloudflare has the right to not serve these customers while also scrutinizing them for it. What is legal/illegal is not a substitute for a personal value system.

A company as large and important as Cloudflare disconnecting a client for moral or public outrage reasons is a big story and they should be watched with a careful eye even if you agree with the outcome.


Cloudflare is incorporated in California where political affiliation actually is a protected class.


They mention those two specifically in the filing itself, https://www.sec.gov/Archives/edgar/data/1477333/000119312519...

"Activities of our paying and free customers or the content of their websites or other Internet properties, as well as our response to those activities, could cause us to experience significant adverse political, business, and reputational consequences with customers, employees, suppliers, government entities, and others."


Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: