> Additionally, there's plenty of "Upgrade to Pro" buttons sprinkled about. It's the freemium model at work.
I don't think they care much about few "Pro" upgrades here and there. The real money, and their focus as a company, is in enterprise contracts. Note that, Matthew Prince, the CEO, had outlined a few reasons why they have such a generous free tier on an Stack Exchange answer[1]. I think the biggest reason is this:
> Bandwidth Chicken & Egg: in order to get the unit economics around bandwidth to offer competitive pricing at acceptable margins you need to have scale, but in order to get scale from paying users you need competitive pricing. Free customers early on helped us solve this chicken & egg problem. Today we continue to see that benefit in regions where our diversity of customers helps convince regional telecoms to peer with us locally, continuing to drive down our unit costs of bandwidth.
Cloudflare had decided long ago that they wanted to work at an incredible scale. I would actually be very interested in understanding how this vision came to be. Hope Matthew writes that book someday.
I think there are a few other benefits (even if that was the main benefit/driving force behind the decision).
When you have low-paying (or zero-paying) customers, you need to make your system easy. When you're enterprise-only, you can pay for stuff like dedicated support reps. A company is paying you $1M+/year and you hire someone at $75,000 who is dedicated to a few clients. Anything that's confusing is just "Oh, put in a chat to Joe." It isn't the typical support experience: it's someone that knows you and your usage of the system. By contrast, Cloudflare had to make sure that its system was easy enough to use that free customers would be able to easily (cheaply) make sense of it. Even if you're going to give enterprise customers white-glove service, it's always nice for them when systems are easy and pleasant to use.
When you're carrying so much free traffic, you have to be efficient. It pushes you to actually make systems that can handle scale and diverse situations without just throwing money at the problem. It's easy for companies to get bloated/lazy when they're fat off enterprise contracts - and that isn't a good recipe for long-term success.
Finally, it's a good way to get mindshare. I used Cloudflare for years just proxying my personal blog that got very little traffic. When my employer was thinking about switching CDNs, myself and others who had used Cloudflare personally kinda pushed the "we should really be looking at Cloudflare." Free customers may never give you a dollar - but they might know someone or work for someone who will give you millions. Software engineers love things that they can use for free and that has often paid dividends for companies behind those free things.
I feel like there might be an additional motivation too, which is that this investment in a better internet (free SSL for everyone before LetsEncrypt came around, generous free tiers for users, etc. etc.) means that Cloudflare builds a reputation of being a steward of the ecosystem while also benefitting indirectly from wider adoption of good, secure practices.
In some ways it's analogous to investing in your local community and arguably paying tax: it's rare that you would directly and personally benefit from this, but if the environment you live in improves from it, crime is reduced, more to do, etc. then you can enjoy a better quality of life.
I went back and reread that reply by Matthew. Essentially, nothing has changed; the free customers are very important to us for all the reasons that he outlined. See also this blog post on us and free customers from 2024: https://blog.cloudflare.com/cloudflares-commitment-to-free/
> I don't think they care much about few "Pro" upgrades here and there. The real money, and their focus as a company, is in enterprise contracts.
Cloudflare's enterprise customer acquisition strategy seems to be offering free or extremely cheap flat-rate plans with "no limits", then when a customer gets a sizeable amount of traffic they will try to sell them an enterprise plan and cut them off if they don't buy (see https://robindev.substack.com/p/cloudflare-took-down-our-web...). IMO this is pretty shrewd, as it means that companies can't do real price comparisons between Cloudflare and other CDNs until they already have all their infrastructure plugged into Cloudflare.
That particular story / case had a lot more context to it that we weren't given. I wouldn't be ready to place any kind of merit on it without hearing more. I also think given the OP's industry it's likely there were issues with IP reputation. Could it have been handled differently? Probably. In this case I think it would have been smarter to just part ways upfront and let the client know it's not going to work out. I suspect the contract was designed to say.. we don't see the value in this relationship.. but at this price we'll make it work type deal. I don't think that's the right way to go, but I hardly believe this is how they operate.
I've used their free -> enterprise services in multiple companies and clients. Haven't had a single bad experience with them yet. Always helpful, if a bit delayed at times.
It doesn't seem like Cloudflare has any problems with online gambling, especially since the first email the author got from Cloudflare came from someone in their "Gaming & iGaming" division. There's people in this thread in other industries who have had similar experiences with them.
IMO the biggest problems are how Cloudflare kept inventing excuses like "issues with account settings" to get the customer on the phone with their sales team, and the mixing of "trust and safety" with sales (like deleting their account for ToS violations after the CEO mentioned talking to a competing CDN).
I don't know that I can trust the perspective of the Op here. Gaming and Gambling aren't the same thing. We don't know that they invented excuses here either. I would also suspect the comment about a competing CDN was used by the OP to try and gain leverage and it failed.
All i'm saying is we can't make a determination of right and wrong without more data. All things considered, it reads more to me that the data withheld is on the original OP side rather than the CF side.
Either way, it's a unique one off. Most of the mentions in this thread of this behavior all rely on this one experience. I think that in of itself is probably a positive on the side of cloudflare. If it were institutional that they treat clients like this we would hear it regularly.
Yep, and if you contact their sales directly because you've been bitten before and tell them your traffic they will be happy to tell you that yes, other than a short trial you have to pay them for huge bandwidth from month one. It's actually surprising to me people would believe it's fully free. Like think for a bit that if that was the case Netflix would just move to Cloudflare free tier and Cloudflare would go bankrupt immediately.
Like think for a bit that if that was the case Netflix would just move to Cloudflare free tier and Cloudflare would go bankrupt immediately.
Cloudflare's free tier specifically excludes video. See https://www.cloudflare.com/service-specific-terms-applicatio...:
Content Delivery Network (Free, Pro, or Business) Cloudflare’s content delivery network (the “CDN”) Service can be used to cache and serve web pages and websites. Unless you are an Enterprise customer, Cloudflare offers specific Paid Services (e.g., the Developer Platform, Images, and Stream) that you must use in order to serve video and other large files via the CDN. Cloudflare reserves the right to disable or limit your access to or use of the CDN, or to limit your End Users’ access to certain of your resources through the CDN, if you use or are suspected of using the CDN without such Paid Services to serve video or a disproportionate percentage of pictures, audio files, or other large files. We will use reasonable efforts to provide you with notice of such action.
Replace Netflix with Reddit in that hypothetical then, would they be allowed to serve their substantial non-video traffic through the free tier? If so, you have to wonder why they choose to pay for Fastly instead.
Does this apply to caching R2 with the free tier CDN?
The R2 overview page explicitly lists "Storage for podcast episodes", but a podcast host under the free tier would serve a disproportionate percentage of audio files.
Audio is tiny compared to video (and even images), especially for podcasts, think ~1MB/minute. And they compress well if you want them to be smaller. High quality video (think 4K HDR) can quite comfortably be over 1MB per second.
I assume they don't want to become a file sharing website, but hosting a podcast is relatively easy on the bandwidth requirements.
Well bad example, but as someone else said, replace with any other large non video service. I'm not making this up, I had calls with sales. And like I said, I don't think this is surprising, it's like "infinite bandwidth" deals from ISPs and phone data plans, etc. It's a reasonable expectation that you'd have to pay at some threshold.
I haven't heard about this in particular but based entirely on your depiction here it sounds more like fraud to me.
If I was paying a flat rate for a no limit plan, that company tried to sell me an Enterprise plan which I declined, then they cut me off, we'd be in court as soon as the clerk would schedule it.
If you were rotating IPs against the TOS I don't think you'd have a leg to stand on
The GP doesn't mention anything about rotating IPs
It's a very elegant business strategy because you have one clear focus (handle loads of bandwidth), but it can be expressed in so many ways (DNS/Caching, object storage, video delivery/streaming, static site hosting).
I've always wondered if there is an accounting benefit for them. Can the free tier be charged as 'marketing'? No idea how you would internally break up the costs, but it could make your margins look better.
It's not really free. One day, you get a call from their sales team saying "you're straining our network". I kid you not. We were on a business plan and still got this. When we met them in person, we were asked to upgrade to a $2000+ per month plan. From a $200/mo plan. That's a 10x increase. I searched their TOS, nowhere it was mentioned about "straining their network". Turns out that's just their scammy tactic to get you to pay. We refused. That really left a bad taste in my mouth.
Today, I refuse to recommend any client or startup to them because of this extremely unethical practice. All around, I'm not sure they deserve so much positive press/attention, especially after screwing some of their own employees (one even got super famous live streaming the firing).
To be honest, sales people are sales people. Their job is to sell you on packages, and they will generally do anything to get you to upgrade.
It's not like they threatened to remove you from their service. They asked you and gave you a "canned" reason.
If you don't mind me asking you had a $200 a month plan, and changed to another provider. Did the plan price go up or down?
If CF is calling you like this then I’m not sure how you’re interpreting this as a donation call. They’re basically saying you’re about to be fired as a customer.
Except now there isn’t a clear formalization on how much you were expecting to pay or how much runway or patience CF has left for you.
>I searched their TOS, nowhere it was mentioned about "straining their network". Turns out that's just their scammy tactic to get you to pay.
You seem to be pretty cagey about what your usage actually was, and whether it was indeed "straining their network". Were you using more resources/bandwidth than a typical customer would? Most ToS contains clauses that allows the vendor to unilaterally cut customers off if they're an excessive burden, even if there aren't explicit quotas, or are explicitly "unlimited". ISPs don't let you saturate your 1Gbit connection 24 hours a day, even on "unlimited" plans, but I wouldn't call it a "scam" if they told you to upgrade to an enterprise plan.
You should report that to them. Their CTO multiple times said this in HN.
I'm not a fan of Cloudflare's enterprise pricing model. It seems like they'll charge you whatever they'd like to when renewal time comes around, and will play with the numbers to ensure you stay around whatever total they'd like to see. They charge for each protected domain, in addition to sane metrics like bandwidth utilization and number of requests. Charging thousands per protected domain per year is scummy. Maybe I'm just too used to AWS/GCloud/et al. pricing that actually bills me on utilization rather than arbitrary metrics.
Did you move from cf to someone else, or are you still using them?
I heard a great theory about this recently.
The hardest part of onboarding a new customer to Cloudflare is the bit where you need to switch over to having them manage DNS for you.
If you're under a DoS attack or similar, waiting for DNS changes to propagate is the last thing you want to have to care about!
Cloudflare's generous free tier is an amazing way of getting that funnel started: anyone who signs up for the free tier has already configured everything that matters, which means when they DO consider becoming a paying customer the friction in doing so is tiny.
The OP doesn't link to Cloudflare's (repeated) explanation about this exact topic.
Oh
I suspect they also greatly benefit from developers using them for hobbies and suggesting that their workplace use them in turn. Though, that's much harder to track.
The reason it's free and with unlimited bandwidth is that it's not.
Unless you stay very small, you'll eventually get on the radar of the sales team and you'll realize the service is neither unlimited nor free. In fact, you'll likely have to look at a 5 or 6-figure contract to remain on the service.
(n = 1 & all) A project I co-develop pushed 30TB to 60TB per month on Cloudflare Workers in the past (for months on end) for $0. No one called us to sign 6 figure contracts.
Workers are a very different product so I'm not too surprised by that. The main workers payment model is entirely concerned with CPU use and you must be minimizing that.
wait
Do you have a counter example, or is this just your assumption?
There are several counter examples in the comments on this page.
none of which seem to have given their bandwidth figures.
I can second this. Their sales people have such poor behaviour that I am considering moving away simply on principle. There is nothing predictable about being on an enterprise contract and they will hit you with bullshit overage charges like using too many dns requests (wtf??) all of a sudden to force you onto a much larger contract. On the 28th of December no less ! We have used them for a very long time but I am having very big doubts about how much we can use them in the future even though their products are great.
(disclaimer: I'm an employee but no commission is earned for this, we just work hard, opinions on HN otherwise don't reflect that of my employer)
At which point do you think you get in the radar?
I run a $3m/yr startup on a free tier Cloudflare account. To this day I have no idea why Cloudflare is not charging us for anything. I would have happily paid them for their service
This seems like little more than a sales pitch. For instance:
> Second, companies like Cloudflare benefit from a fast, secure internet. If the internet is fast and reliable, more people will want to use it.
The author doesn't seem to have anything to say with any more substance than this gem.
It's kind of the same reason Google does it. There's a saying about this that I do not recall how it is phrased but it's something to the effect of, if you're not paying for it you're the product.
You're the guinea pig to help them make the product better for paying clients and to help them market the product usefulness to those that pay.
We're building our startup infra on cloudflare over the other major hyperscalers and it turned out to be an amazing decision...
Generous free tiers, pricing scales very competitively after that, and their interface is not nearly as bad as GCP / AWS.
I highly recommend this stack.
you run compute workloads on there?
Yes: https://developers.cloudflare.com/ Look at Cloudflare Workers and Cloudflare Workers AI.
Cool. What are you building?
srcbook.com (not OP, just trolling through their profile).
Same here!
Cloudflare offers a lot for free. I think they are able to cover the free users from how much they charge enterprise customers.
I understand interconnecting Cloudflare’s network and hosting their servers by ISPs builds a beefier Internet and that’s great, but isn’t it potentially problematic for a small number of vendors to become a significant part of the network? What happens if they go out of business? Are we no worse off than before, or do we worry about equipment that’s in limbo unless purchased by another business? Or is it potentially bad but inevitable since investing in growing the Internet requires deep pockets so it will always be the bigger corporations owning large chunks of the network?
Infra like Internet cables under the ocean are to me more obvious things to be purchased by other businesses. ISP-collocated content servers that came to be due to discovered mutual benefits of content and service provider seem to me more complex in terms of managing them in the face of business changes.
Hey Matt! DB here from last summer haha!
cool to see you started writing! looking forward to seeing more, keep it up
As other commenters have mentioned, it is a bit of a bait and switch and not "truly" unlimited - but pretty much this is true for any XaaS that advertises "unlimited" anything. That said though, I still find cloudflare's free basic product incredibly good for the price. The proxy will handle a pretty good amount of load before you get any sales emails. I use some of their enterprise products and I'm extremely pleased, so it is a little hard to complain when I am getting great value out of it. I am however always wary of this not remaining the case forever. For what it is though, I can't really find many comparable products. It's sort of like datadog to me - yes, it's expensive, yes, their pricing can be a bit nebulous and feels bad at times, but the product is still extremely good for what I need it to do and until that changes I guess I'll just keep forking over dollars. That seems to be the way of things now.
because they’re an amazing piece of technology that also happens to be a state sponsored man-in-the-middle platform.
I was assuming that it's a loss-leader sort of business strategy at play before reading your comment. Do you care to share any insights/references to support this claim?
Nah that’d be a national security crisis.
But the presence of https://en.wikipedia.org/wiki/PRISM well over 10 years ago should be sufficient.
Gotcha. Yeah, I mean all of these platforms are certainly juicy targets for room 641A [0] shenanigans. I just wondered if there had been some public leaks or something which we might not all be aware of yet.
I'd also point out the following from Cloudflare CEO Matthew Prince's wiki page [1]:
> "Prince co-founded Unspam Technologies, which supported the development of Project Honey Pot [2], an open source data collection software created by Prince and Lee Holloway designed to gather information on IP addresses used by email-address harvesting services."
> In 2008, the Department of Homeland Security (DHS) contacted Unspam Technologies, asking, "Do you have any idea how valuable the data you have is?" The DHS' email served as the impetus for Cloudflare, a technology company Prince co-founded with Holloway and fellow Harvard Business School graduate Michelle Zatlyn the following year
> The DHS' email served as the impetus for Cloudflare
Emphasis mine. I love Cloudflare, their tech is amazing, but to bury our heads in the sand that it wasn't started from day one to be a government spying program would be extremely naive.
https://blog.cloudflare.com/cloudflare-prism-secure-ciphers/
> At CloudFlare, we have never been approached to participate in PRISM or any other similar program.
> To date, CloudFlare has never received an order from the Foreign Intelligence Surveillance Act (FISA) court.
US based companies (like china and europe based ones) are not allowed to talk about it, when state actors implementing their spying tools. It is just naive to think that cloudflare doesn't give access to state agencies. As others have said, it is more likely that cloudflare as a company is entirely built around the idea to provide a singe point of surveillance to US agencies.
Love the double standard here. An offhand comment about an email from the DHS is considered strong evidence that Cloudflare was "started from day one to be a government spying program" while anything Cloudflare could say to deny it is brushed off as not strong enough.
Overly specific weaseling. (Not by you, by Cloudflare).
The questions are not about if they were approached or participate in any programs, it's what they do and if they provide the data or not.
Again, an offhand comment about an email from the DHS is given all the weight in the world while a direct statement from Cloudflare is nitpicked to death.
The whole point is it's not a direct statement. It is a lot of words which fails to answer the core question: is cloudflare syphoning data off to any of the Five Eyes (and I almost wrote Five Guys . . ) government intelligence agencies or their allies?
For example, in your link: "One of the ways we limit the scope of orders we receive is by limiting the data we store. I have written before about how CloudFlare limits what we log and purge most log data within a few hours. For example, we cannot disclose the visitors to a particular website on CloudFlare because we do not currently store that data."
So if they are MITMing everything they totally could just send everything out straight away and not contradict what they're saying at all. Them storing the data or not is completely beside the point.
Post Snowden, I think the assumption has to be any large US hosting/service provider is compromised in a similar fashion.
One half of the NSA's mission is defensive, dedicated to improving the security of US systems and infrastructure: https://www.nsa.gov/Cybersecurity/
They have the nickname "Crimeflare" for a reason and there is a reason so many threat actors, phishers, and malware people use CF on their landing pages and c2s.
When you file an abuse ticket with CF, CF takes the route of "oh we are only routing the data and content, not hosting it" and will refuse to terminate the CF accounts of someone being malicious. Threat actors know this which is why so many use em.
>When you file an abuse ticket with CF, CF takes the route of "oh we are only routing the data and content, not hosting it" and will refuse to terminate the CF accounts of someone being malicious. Threat actors know this which is why so many use em.
Their abuse page says they forward abuse tickets to the origin hosting provider. The origin hosting provider could ignore your tickets, but I don't see how that's any different than if they didn't use cloudflare to begin with.
So the deep state is smart enough to take over the corporation and inject all this secret squirrel tech, but didn't think to cook the books to make it look like a marginally-profitable (but boring) business?
It reminds me of the counterargument to UFOs where they say "so the UFO flew here from 100 light-years away, through extreme cold, deep space, intense radiation, dodged space rocks, but as soon as it came into a lukewarm atmosphere with a modest gravity and tame weather, it crashed into a field in New Mexico?"
To be fair, you could see how a vehicle designed rigidly for extreme cold, extreme vacuum, zero gravity, etc. might fail catastrophically when introduced to modest temperatures, a modest atmosphere, and a modest gravity.[1]
It wouldn't say much for the foresight of the alien designers, mind.
[1] "100 KILOpascals? KILO? I thought you said milli, you blithering nixflorp!"
What? What does business profitability or viability have to do with anything? Cloudflare can serve both customers at the same time. They still make amazing products, have incredibly talented engineers, and provide extremely valuable commercial services.
PRISM worked with numerous participants from well-oiled tech startups to aging why-wont-you-just-die companies.
What are some alternatives? Preferably the more open source the better.
Idk if they're open source, but netlify was the company that I thought sort of made this feature free and easy to use. Github pages is also a free alternative.
Someone was (incidentally?) ddos'ed on Netlify last year and was served a 104k bill. The fees were waved in the end, but the caveat remains on all these free services that you pay by bandwidth.
This is one of those things where the act of trying to evade state-level actors by definition puts you on their radar big time.
what is an "open source" network infrastructure provider?
Cloudflare is mostly open-sourced, alternatives are more often than not closed-sourced
I don't think putting up a few libraries on GitHub and writing great post-mortems makes something "Mostly open-sourced".
Alternatives to what? Five Eyes? Good luck with that.
China is happy to offer an alternative. It has pretty high costs, and I don't think it's worth it, but it exists.
Honestly this is the most likely hypothesis, but would be nice to have some more evidence.
PRISM revealed secrets. It also revealed that some companies fought back as much as possible. It's also possible to design core tech so that even when forced to participate, you reveal as little or no information.
CloudFlare, PRISM, and Securing SSL Ciphers, 2013-06-12 Matthew Prince https://blog.cloudflare.com/cloudflare-prism-secure-ciphers/
Because they own the CDN and most of the bandwidth is from peering, so it essentially costs them nothing. Netlify on the other hand has to pay per GB to AWS.
Netlify manages to be wildly overpriced even by AWS standards, CloudFront starts at about $85/TB, which isn't cheap by any means, but that turns into $550/TB(!!) if you go through Netlify. They have some of the most obscene bandwidth pricing in the industry by a huge margin, and to add insult to injury they don't allow you to set a spending limit either.
I still cannot believe the pricing on R2, unlimited egress. It's absurd, I love it!
And their free tier is 10GB of free storage.
Loss leaders are like that.
Bandwidth has become super cheap nowadays. Even on a CDN if you have a large enough commit the prices go very low, so you can imagine what the real cost must be:
> In Q1 of this year, I completed my yearly CDN pricing survey of over 500 customers and saw the lowest pricing rates I have ever seen for the largest customers, as low as $0.00038 per GB delivered in the US. Blended pricing globally at $0.0006. (Please note, this doesn’t mean these are the prices you should be asking for or paying!) Lower pricing is okay if traffic and commits are growing, but they aren’t
https://www.streamingmediablog.com/2024/05/cdn-pricing-press...
We're incredibly biased since several members of our team worked at Cloudflare, but we spend between $20 a month on Cloudflare for our startup and it is fantastic.
- Marketing videos on stream
- Pages for multiple nextjs sites
- DNS + Domain Reg
- cloudflared / tunnels for local dev
- zaraz tag manager
- Page rules / redirect rules for vanity redirects we want to do.
The list gets longer every day and the amount of problems we can solve quickly is amazing. The value to money is unmatched
Piggybacking on the thread a little, anyone has experience to share using Pages or Workers at scale? Perhaps I bought too much into the JAMstack hype, but it seems like a much more convenient approach compared to the k8s rube goldberg machines every other shop is utilizing (assuming they work and scale as advertised on the tin). Wondering what are some drawbacks or even show stoppers.
I have done a few products, X million WAU, workers/pages scale really well. I haven't had any issues. I know docker/k8s extensively (and have scaled them previously).
Drawback: less nodejs api, so limited apis.
Cloudflare is not profitable [1]. I’m wary of what might happen when they need to become profitable. Could this be another case of a company offering an excellent, cheap product while being propped up by investors, only to later have an “enshittification” [2] phase where they aggressively cut corners and increase prices to make a profit?
[1] https://www.wsj.com/market-data/quotes/NET/financials/annual...
>Cloudflare is not profitable [1]. I’m wary of what might happen when they need to become profitable
The unit economics are sound. They have 76% gross margin, so it's not like they're selling $10 movie tickets for $8, and unlike companies like uber, they're probably not using their marketing spend to buy revenue (eg. spending $20 in promo credits to get $50 worth of sales). There's nothing wrong with a business that "unprofitable" when their unit economics work out, and are plowing their profits back into expanding the business.
Leaving out stock compensation in a non-gaap perspective would show they are close. Granted compensation is a real cost to value of shares, It's not as wide a delta as many other companies.
I would suspect they're going the other way and will continue to double down into new areas of services to expand their product line.
Cloudflare requires a $3,000/year business plan in order to have custom name servers. Namecheap offers this for free.
"Account/Zone custom nameservers are available for zones on Business or Enterprise plans. Via API or on the dashboard."
Update: I say this to further illustrate how they operate.
- collect telemetry data they can use in their products
- bandwidth is cheap but the bad actor data they gather directly helps their paid enterprise tools
- people wouldn't pay for it and move to a competitor that offers it free, so its basically a monopoly on a large portion of the sales funnel
- branding message as "we are the good guys we are so generous" as you can see from the comments has worked in their favor
We are currently developing a project and were very open regarding the provider and none came close to Cloudflare pages.
The free geo information in the header alone is already worth it for us so we save money on purchasing a separate ip db but also don't waste time for the separate db call looking up the location.
I was very disappointed by their kv store latency and that d1 does not replicate yet. So we ended up comparing a poor man solution in just providing the json at a http endpoint on our webserver vs. quite a few global kv providers.
We set up a promise race and did thourough global tests. Doing the http request beat the global kv store providers by far, even if they have a pop in syd, the cloudflare http request to europe or the us was still faster. We are using Argo though, this might have helped as well.
What was the latency for the KV store?
Top of the funnel.
Why does any paid platform have a generous free tier?
Right, and why don't all products get priced at cost+? Such a puzzle.
/s
Pricing is not about today's balance sheet, but about the future of the business. If pricing ever becomes about making this month's payroll, the business is probably in trouble. There are exceptions, especially for small businesses.