1156
Cloudflare took down our website after trying to force us to pay $120000 within 24h
(robindev.substack.com)
This is a most excellent place for technology news and articles.
I did a quick search through Cloudflare's TOS and did not find anything about gambling. What was the TOS violation here?
What I'm seeing is Cloudflare communicating very poorly about what actions the customer would need to take to keep their site operating, why, and what the timeline would be. "We've determined operating your casino website on Cloudflare IP addresses is an unacceptable risk to our other customers and we require that you upgrade to an Enterprise plan within two weeks or your service will be terminated" is clear, concise, and I believe entirely fair. What they did here makes me think they're an unreliable and unpredictable service provider.
Gambling is not TOS violation. Exposing CFs IPs to be blocked would affect ALL customers so CF is naturally aggressively protecting those Running any business that puts CFs IPs at risk is the TOS violation here.
I wish I was the fly on the wall during that meeting, but I have very little doubts casino understood the problem very well and were trying to weasel their way out of paying for an enterprise service (to anyone) and having to use their own IPs which are trivial to block. And if you continue buying more and rotating it will likely quickly get you on the black list with anyone still selling them.
I may be simplifying and maybe casino's CTO and the entire tech team are a bunch of naive newborns, but I really fucking doubt it.
Again, I'm not seeing an unambiguous TOS violation here. They have some catch-all stuff about creating an undue burden and an even broader clause saying, essentially they can drop any customer without cause. I have no doubt Cloudflare is legally in the clear, but when I read about something like this, I think I wouldn't set anything important up with Cloudflare as a critical part of its infrastructure.
Of course, the author could be leaving out a bunch of context to make himself look good.
If the article was about a non profit or a legit small business with a web presence, I would agree with you. We're talking about massively risky business with spectacular profit margins.
I just don't believe that CF suddenly realized these guys are rolling in money and wanted their cut. The risk just wasn't worth it to CF confirmed by the fact that they did not negotiate at all and happily lost the casino as their client.
We're easily making enough to pay $120k/yr to CF, but they are not creating that much value for us and we're not introducing any risk to them so what we pay makes sense for both sides.
Maybe I haven't been clear enough.
I have no objection to Cloudflare or any other service provider dropping a risky or unprofitable customer. That's normal and fair in business.
What I don't like is their apparent poor communication and failure to provide a clear (and reasonably distant) deadline so that the author's company could find a solution that avoided downtime. Were I on that company's board, I'd likely be pretty unhappy with the author for not having a contingency plan prepared in advance, but as a third-party observer my main takeaway is that if I rely on Cloudflare and they suddenly decide they don't like something I'm doing, I'm screwed.
Your conclusion is based on only one side of the story. And this story is coming from an unnamed business that's using social media to shit on a provider that dropped them.
But even assuming that's true, name any other large provider that would behave differently. AWS will terminate your services instantly and their support is even worse than CF. Apple is the same and then will take 2 weeks to reply. Google is a ghosting champion.
Just to be clear I'm talking about B2B relationships. Not end user communication.
It's true I'm assuming the author is being honest about what Cloudflare sent them and not leaving out a message where they made the situation abundantly clear. That's definitely possible, and we probably won't find out because big companies don't usually give public responses to this sort of thing.
I can't, and this makes me inclined to believe it's a mistake to rely on any of them without a failover plan. Of course that's effectively impossible for some situations, like mobile apps requiring app store access. That seems like a situation that calls for antitrust enforcement.