I’m using CloudFlare to hide my home IP and to reduce traffic from clankers. However, I’m using the free tier, so how am I the product? What am I sacrificing? Is there another way to do the above without selling my digital soul?
This is basically “the first hit is free”
It costs cloudflare basically nothing to host free customers ( if you start to push real traffic you will get an instant call from sales). By being a free customer you are basically a guinea pig for all new features as they are rolled out globally.
How much traffic before the sales team comes knocking?
I am no expert, so grains of salt and such. But my assumption is that it’s a marketing expense. They get a lot of people familiar with cloud flare services and some of them later need a professional level solution. So people use what they are already familiar with. This is the same reason why tech companies provide hardware/software to schools for cheap/free.
Developers, like me, use the free tier for staging and testing and then when the project is deployed to production, I setup a paid account for the client.
I also use their domain registrar and sometimes buy CDN bandwidth in complex setups.
The simple answer is twofold
-
Their attack surface is massive. By getting all this data from millions of devices they are fantastic at detecting and finding solutions for zero day attacks. This is a big selling point for enterprise who care about zero day a whole lot
-
Free tier also used by IT tinkerers means when the question is asked “what X should we use? What have you used before?” CloudFlare is heads and shoulders above the rest. This is why Microsoft allowed a lot of world to pirate their OS.
This is why Microsoft allowed a lot of world to pirate their OS.
Microsoft actually took a unique approach to piracy. In a lot of lesser developed countries in the past, users were ‘allowed’ to use pirated copies. There used to be a running joke that the Israelis ran their country on a single license of MS. How true that is remains to be seen. So, while companies bristle in public about piracy, it is indeed a topic of discussion in the board room and is often a part of their loss leader strategies.
Cloudflare kind of the same thing. I can tell you that even tho I realize a large portion of the user base here are anti-Cloudflare, and while there are definite pros and cons one needs to understand before using their services, and even tho I know there are other ways to skin the cat… even on the free tier side, I am more apt to recommend that which works well for me.
-
You’re using a service that is proxying your data. They can read all of it.
If you don’t care, then good for you. You’re still the product as being a user because whatever you happen to be serving may eventually become interesting to them.
If not, no harm done. It costs pennies to host a 24/7 load balanced reverse proxy. You just can’t do it yourself.
In what way am I the product when using CloudFlare’s free tier?
I realize the name of the game is to protect as much of your data as possible, however, unless you have your own ISP/backbone, you are, at some point, the product. I utilize the evil Cloudflare Tunnels/Zero Trust. For last month, I used 375.28 GiB. I don’t run the 'arr stack tho. I do, however, stream my own audio collection via Navidrome. I have had zero issues with the evil Cloudflare Tunnels/Zero Trust, except for a brief pause while Cloudflare had some issues last month. Other than that, smooth sailing. I also have tailscale as an overlay on the server and on the stand alone pfsense firewall, which has a very robust set of rules and heavy filtering going on.
Is there another way
There are always other ways. Pangolin, et al. It just depends on you, and what you want to put in to get out of it all. If you are going this route, investigate a WAF like Crowdsec, or similar, and you might want to look at pfsense or opnsense.
All these answers are wrong. If you use cloudflare you’re giving them all your data unencrypted as that’s how reverse proxying for them works.
I mean, in certain circumstances sure. But all it would take is a whisper of proof that they abused this position to destroy their business model.
An alternative would be to install Pangolin on a small v-server
