It's not really free. One day, you get a call from their sales team saying "you're straining our network". I kid you not. We were on a business plan and still got this. When we met them in person, we were asked to upgrade to a $2000+ per month plan. From a $200/mo plan. That's a 10x increase. I searched their TOS, nowhere it was mentioned about "straining their network". Turns out that's just their scammy tactic to get you to pay. We refused. That really left a bad taste in my mouth.
Today, I refuse to recommend any client or startup to them because of this extremely unethical practice. All around, I'm not sure they deserve so much positive press/attention, especially after screwing some of their own employees (one even got super famous live streaming the firing).
We had a terrible sales experience with Cloudflare at my last place. They would not budge on the $200 a month quote, and we knew that was BS because the next closest quote we had was $3000 or something. Eventually, like the fourth try, we said, in writing, “just to be clear, for exactly $200, a month we will get XYZ bandwidth”, and of course they said “ohhh well actually maybe it’ll be $8000”.
We had discussed our requirements, our scale, our product with the sales team multiple times but it was only when we wrote down something that we could potentially have used in court that they finally acknowledged their pricing was actually nearly two orders of magnitude higher.
>I searched their TOS, nowhere it was mentioned about "straining their network". Turns out that's just their scammy tactic to get you to pay.
You seem to be pretty cagey about what your usage actually was, and whether it was indeed "straining their network". Were you using more resources/bandwidth than a typical customer would? Most ToS contains clauses that allows the vendor to unilaterally cut customers off if they're an excessive burden, even if there aren't explicit quotas, or are explicitly "unlimited". ISPs don't let you saturate your 1Gbit connection 24 hours a day, even on "unlimited" plans, but I wouldn't call it a "scam" if they told you to upgrade to an enterprise plan.
This is for a normal news website, no gambling, no offensive content. Just regular news. Their business plan explicitly mentioned "unlimited bandwidth" at the time of signing up. I clearly remember reading every bit of their TOS to find any gotchas but there were none.
If you claim you provide unlimited bandwidth, then don't call me tell me I'm straining your network.
By the tone of your comment it does sound like they give you a lot before asking you to pay more.
I still really would like to hear a byte amount. How many bytes are you pushing per month?
I don't believe anything is ever free, and everyone promising "unlimited" will still have a point where you are just costing them too much. CF don't want to say the byte number themselves. Could someone please say the byte number. Someone?
> everyone promising "unlimited" will still have a point where you are just costing them too much
I mean, in the business world, if you promise someone something, it has legal consequences, you can't just walk in and say "hey, remember I promised you something unlimited with no strings attached? Yeah, no"
That's exactly my problem with CF. It's not like we are a large news network or anything. We are actually very small compared to their other customers, that much I can tell you.
On the one hand it’s completely reasonable for a business to ask customers to pay for what they are getting.
On the other hand, this entire HN thread was kicked off by a blog post gushing about how awesome it is that Cloudflare offers truly unlimited bandwidth for free.
I’ve been around the industry long enough to understand that anything marketed as free and unlimited is in fact a loss leader. But I also am fine with pointing out this obvious contradiction between marketing and reality.
Free of charge is different from free of restrictions. Cloudflare didn't trick anyone into signing up for these plans, and it's never been a secret that they're a for-profit company.
> contradiction between marketing and reality
I think the important distinction is contradiction between expectations and reality. Cloudflare free plan's outside of Pages have never offered "unlimited free bandwidth" but "generous free bandwidth with conditions". It just so happened that for many the "generous" was unlimited, and this precedence somehow convinced everyone that "free plan" meant "unlimited free bandwidth" instead of "generous free bandwidth with conditions".
I'm with parent in the feeling that most the stories of Cloudflare acting in bad faith end up being the customer up to shady shit but expecting Cloudflare to subsidize them because "free plan". I'd be genuinely curious to read about an incident where I didn't side with Cloudflare.
Separate to this issue is that their Sales team employ strategies that the engineering crowd considers distasteful like phone calls, pressure tactics and private pricing. Most engineers never need to talk to a sales person outside retail, so it's a shock when you're suddenly talking to one trained and incentivized to exploit more from larger clients but is instead using those tactics on you. It's unsettling if you're not familiar with it, and leaves a bad taste in your mouth.
> Cloudflare free plan's outside of Pages have never offered "unlimited free bandwidth" but "generous free bandwidth with conditions".
To be clear, Cloudflare's pricing pages have definitely included statements like "we never charge for bandwidth" for the free plan of the CDN. Here's a snapshot from exactly 10 years ago[1].
They removed it after a while, probably because it's just not true, and I don't think they make any such statements on their increasingly complicated pricing pages any more.
The statement is true in so much as you can not be billed for traffic that has occurred without a paid contract in place. Also no mention of "unlimited", and though free is used throughout never "free bandwidth". It also doesn't contradict that Cloudflare can and does restrict or limit services for perceived TOS violations.
In the many years I've used Cloudflare I was never under the impression I received "free unlimited bandwidth", but "generous free bandwidth with conditions".
So if you're on a free plan you never pay for bandwidth, until you're not on a free plan (or any plan). It sucks to be one of the free plan users that doesn't have the ability to make a paid plan work, but I don't understand why Cloudflare needs to keep subsidizing something that wouldn't be tenable without their handout.
This "straining the network" is the "unlimited pto" of b2b saas. It's all bullshit. Nebulous and you don't really know what you're getting into until you're too locked in and they squeeze you. Don't do business with companies like this if you can avoid it. It's the Datadog model of we'll charge you whatever and make it extremely complicated for you to understand why you're being billed $x this month.
Word of advice, if you have unlimited PTO and you've never gotten called into a meeting to tell you you're taking too much you're not taking full advantage. It's probably higher than you think. I've gotten to normal onsie-twosie days off plus 8 full weeks before I got called in.
Do you think "unlimited leave" policies end up acting a bit like insurance models? Some people take a lot, many take a little, so it evens out to less-than-if-we-had-a-set-number-of-days?
Seems like you don't really have any issue with the underlying business decision (ie. pushing a high usage customer to a higher tier plan) and are only upset about the wording the salesperson used. All the points you've made applies to ISPs as well. Most neighborhoods are probably provisioned well enough that a single customer saturating their 1gbit connection isn't going to bring the network down to its knees, but that doesn't mean ISPs aren't justified in pushing such customers to a higher tier offering (eg. dedicated circuit).
See my other comment[1]. I'm not sure why you're straining so hard and spending so many words to defend "general scumminess", like the the right of a gambling site hosting dozens of domains (to evade government bans) on shared cloudflare IPs, or people expecting to get 1.2PB of bandwidth served out of a $200 CDN plan.
>You want this to be complicated so badly, but it's not.
>Hidden limits are an anti-pattern.
>There is no counter-argument.
Here's a counterargument: do you get similarly upset that restaurants advertising "free refills" cut you off after you've been at the place for 12 hours and you dispensed 8L of coke? Explicit limits is how you get "limit one refill per customer", leaving most customers worse off.
Do I think hidden limits are always better? No. It operates on a spectrum, and depends on how many "legitimate" customers are affected by the limit.
It doesn't sound like the number of refills is the real problem if you're worried about someone staying for 12 hours.
If the rule was "you have to leave after 2 hours" or "after an hour, you get one last refill", that would solve the problem and affect almost nobody else, while being nice and explicit about expectations. (Or cut those numbers in half if you want, it's just an example.)
>It doesn't sound like the number of refills is the real problem if you're worried about someone staying for 12 hours.
A butt in seat doesn't cost the business any money as long as it's not displacing any paying customers (ie. the place isn't packed). Soda might be cheap but it's not free, so dispensing 8L of product does cost the business money.
>If the rule was "you have to leave after 2 hours" or "after an hour, you get one last refill", that would solve the problem and affect almost nobody else, while being nice and explicit about expectations. (Or cut those numbers in half if you want, it's just an example.)
See my other point about people riding up the limit. When you institute an explicit limit, you end up having to be more conservative because an explicit limit emboldens people to ride up right against the limit, rather than a fuzzy limit with the expectation that people act "reasonably". Instituting the limits you proposed would cause the problematic customers to chug soda within the allotted time, for instance. It also becomes a hassle for everyone else who's being reasonable. If I'm meeting with some friends after and need to kill an hour or two, I suddenly have to worry about whether I can stay without getting kicked out, etc. Most people, even above-average utilization customers lose out from this, and the only people who benefit are the ones taking advantage to an absurd degree.
> Instituting the limits you proposed would cause the problematic customers to chug soda within the allotted time, for instance.
How much soda do you think they're going to chug? That sounds weird and rare. I don't think it's a limit where you're going to have a problematic amount of riding.
> If I'm meeting with some friends after and need to kill an hour or two, I suddenly have to worry about whether I can stay without getting kicked out, etc.
That's not consistent with the idea that the business is fine with you sitting around for a while. If they're fine with that, they would only limit your refills after a point. That rule should give you no reason to worry about being forced to leave.
Though is buying a new drink after two hours a big deal in the first place...?
Cloudflare doesn't have hidden limits. Their limits are not written down, and they're somewhat moving targets (which is probably why they're not written down); but they're very obvious (in an economic sense), and their value (at any given point in time) is very easily measured.
Cloudflare's limits can be formalized by imagining one of their PMs saying the following: "You can do things on our general infrastructure for free, as long as we don't offer more-specific infrastructure that's intended specifically for the thing you're doing. And even then, we will let you use the general infrastructure as a "workaround" to needing to engage with the domain-specific infrastructure... up until the point where — if you had been using the purpose-built domain-specific infrastructure from the beginning — the cost model for that specific infrastructure would have had you spending enough money, that the 'uncaptured revenue' you would represent, would begin to affect one of our salespeople's KPIs. Once you hit that point, our salespeople will come to 'convert' you."
For examples:
• You can force regular old Cloudflare to cache large image assets through Page Rules, with long TTLs, for free. Or you can stuff your large image assets into Cloudflare R2, lose the ability to set long TTLs, and pay per (origin-pull) GET request above a certain daily free-tier limit. If you serve enough image assets through Page Rules that you represent non-trivial uncaptured R2 revenue, then Cloudflare will contact you.
• You can force a Cloudflare Pages site to do small amounts of CF Workers logic in the routing phase of serving the page, for free. Or you can put an actual Worker in front of a regular static site, and pay per GET request + per CPU-second after some free-tier thresholds. If you use enough CPU-seconds inside the "unbilled" stage of your Cloudflare Pages site, Cloudflare will contact you. (Note that they're very unlikely to come after you for this, since the limit on the amount of work you can do here is pretty trivial, so you'd have to be getting a ridiculous amount of requests for this overhead to add up to anything meaningful.)
• Previously, you could force Cloudflare to resize images "on the way through" for free, using a /cdn-cgi/ path. These days, you're forced to go through Cloudflare Images, which charges per request and (IIRC) per processed byte. This is because everyone was using the free approach and ignoring the Cloudflare Images infra, and Cloudflare saw hundreds to thousands of accounts with potential non-trivial un-captured revenue here. Rather than address them all individually, they "sunsetted" the support for free image resizing, to force these accounts to either start paying or get out.
---
Note how this is exactly the same as a restaurant saying: "you can have water for free, and we'll put a lemon slice in your water, but we're not going to give you enough lemon slices and table sugar packets to make lemonade with — because we charge for lemonade. Just buy the gosh-darn lemonade; stop exploiting our kindness to make it yourself; by doing so, you're using way more of our resources than if you'd just let us make it."
There's nothing hidden about the cost of lemons or sugar packets. The restaurant is going to give you lemons and sugar packets for free right up until your consumption could have paid for a lemonade. Then they're gonna force you to buy the lemonade.
If 1.2 PB is a problem, then why don't they just specify a bandwidth limit of say 1 PB? They specifically say "unlimited bandwidth", so yes, what they are doing _is_ scummy because there is a very obvious incongruity between what they claim and what they actually offer.
I imagine because people will immediately push up against the limit and no further. It’s much easier to detect these excessive users if their bandwidth naturally keeps growing.
This is just stratified pricing. If you're egressing 1.2PB ($50k+ worth of bw on AWS) there's a likelihood that you're earning a fair bit and an enterprise contract will be worth it to you when it comes to support. On the other hand if you're egressing 1.2PB to serve some open model weights that you don't charge for, CF would prefer to leave you to it and enable you to serve.
If CF is calling you like this then I’m not sure how you’re interpreting this as a donation call. They’re basically saying you’re about to be fired as a customer.
Except now there isn’t a clear formalization on how much you were expecting to pay or how much runway or patience CF has left for you.
> If CF is calling you like this then I’m not sure how you’re interpreting this as a donation call. They’re basically saying you’re about to be fired as a customer.
I've had a call from Cloudflare at my previous job, and it wasn't a "you're about to be fired" it was an attempted upsell.
Sales people work within the policies & frameworks set by a sales organizations whose goals and strategies are set by said organizations leadership team.
This isn't a random sales person gone rouge—its a matter of how Cloudflare chooses to do business with and treat their customers.
The problem with this approach for customers is that it makes there costs entirely unpredictable. What's the stop them from increasing prices from $2,000 on the enterprise plan to $20,000 on the enterprise plus plan?
Very true. I think it was Snowflake we worked with recently where the sales rep said they don't get commission (I assume they have other incentives).
Aggressive commission structures, sales targets, and little oversights have visible impacts on how the sales team operate.
Compare to cloud providers like AWS where you certainly get "reminded" constantly about all the integrated services and features but much less so harassed and threatened into closing deals.
Sure but there's a huge difference between companies that load the call with sales people and sell to execs vs bringing solutions architects and sales/customer engineers on the call and actually explaining the product and its benefits and coming up with a customer tailored solution.
We had a pretty positive experience with a Cloudflare contract last year but it sounds like Cloudflare is more the former than the latter.
Is it written anywhere in their ToS that “gambling content” requires you to pay 120k$ or get booted out? If not, then it's not reasonable at all to give them a 24-hour notice and it definitely sounds like extortion.
I don't buy the “was getting Cloudflare owned IPs blocked left & right” argument.
Remember we are talking about a platform that still protects 4chan despite the internet raids, violence threats, celebrity hacking + photos leak, the buffalo shooting, etc:
Surely there are abuse and fair use provisions in their ToS/contract for shared resources like IPs. If they're in the xx percentile of customers causing IP blocks they'd enforce.
Yes, Cloudflare does that but they don't hand out blocks of dedicated IPs to low paying customers. IIRC you need to be on a contract instead of a monthly plan which is typically a big price increase.
I actually recommend AWS because of this. Sure, it’s AWS with all the warts, but at least they bend over backwards to maintain compatibility (at least compared to GCP), and have sustainable billing practices.
Free is free until it’s not. When Cloudflare becomes the new Akamai and needs profits, guess who will get squeezed. If you’ve built your app around their vendor specific stuff like Cloudflare functions, that can be bad news.
> If you’ve built your app around their vendor specific stuff like Cloudflare functions, that can be bad news.
There's nothing that "special" about Cloudflare Workers, its mostly "just" a WinterCG runtime. Where you'd encounter problems is if you used the provided interfaces for other adjacent Cloudflare products, like R2, D1, KV, Queues, ect. So what you do is commit a hour of engineering time to make wrapper functions for these APIs. If you're feeling extra spicy, commit another hour of engineering time to make parallel implementations for another service provider. If you allow your tech stack to become deeply intertwined with a 3rd party service provider, thats on you.
Also at face value, it may seem like “an hour of engineering time,” but I think cloud vendor lock in is real unless you try very hard to only use abstract constructs.
This is a growing pattern in hosting like Netlify and headless CMSs like Sanity. Their free model is "generous" and then if you go production and start to have overages you get billed exorbitantly for bandwidth and API requests. It is essentially a trap. Once you hit those limits you have very little negotiating power when you hit the "call us for pricing" level and you get outrageous quotes. It costs them very little to run these services so if they can net some minnows that become whales, that is almost pure profit.
It's the double-edged sword of both free plans and "transparent pricing". If you just click "buy" and enter your CC info you're subject to their somewhat arbitrary terms of service. Service is cheap and reliable so you don't ask questions. But they can just boot you and there's very little recourse. It's why most big companies want a signed contract that's binding and comes with some kind of mandatory dispute resolution or penalties for non-compliance.
I'm not a fan of Cloudflare's enterprise pricing model. It seems like they'll charge you whatever they'd like to when renewal time comes around, and will play with the numbers to ensure you stay around whatever total they'd like to see. They charge for each protected domain, in addition to sane metrics like bandwidth utilization and number of requests. Charging thousands per protected domain per year is scummy. Maybe I'm just too used to AWS/GCloud/et al. pricing that actually bills me on utilization rather than arbitrary metrics.
Today, I refuse to recommend any client or startup to them because of this extremely unethical practice. All around, I'm not sure they deserve so much positive press/attention, especially after screwing some of their own employees (one even got super famous live streaming the firing).