Seems like these announcements were part of Cloudflare's "Birthday Week"[1]
More features that weren't mentioned by OP:
- CF released an email routing feature
- They released their domain name registrar (you could previously only transfer, but now you can also register domain names) using wholesale prices. I'd also classify this as a "disruption" because CF is not taking any profit with this one (but they have a lot to gain in terms of data if you route your domain traffic through them.)
One thing that most folks aren't aware is that Cloudflare registrar requires usage of their nameservers. It's understandable, they are selling domains without a markup and need to make money in other ways. For those that want to use a custom nameserver, Porkbun is a great choice.
What is their business model around having your DNS traffic? Selling your "who looked you up and how many times" data? I am struggling to see what secondary income this enables.
Article doesn't even mention their dip into email with SPF, DKIM and DMARC record builders. After spending a long time in that industry, I've always thought a solution that was fully integrated with the DNS provider was the ideal.
They are just getting started with the record builders but there's a huge potential runway if they want to take this to its natural finish.
IMO Cloudflare poses the biggest danger to a company like Valimail or Redsift that relies on DNS automation for their solution.
Integrated providers like Mimecast probably don't have anything to worry about. Nor would expertise driven companies focused on consulting, deployment or IT education like dmarcian IMO.
The big question I have regarding R2 (for those no in the lops: Cloudflare's alternative to S3 with no egress fees (!)) is if the terms hold if you choose to use it to host video. If yes, then wow, this truly is disruptive.
I honestly think it'll get flooded with bad actors and they'll be forced to set limits (e.g. download rate limits, which probably wouldn't be in their best interest since it'd occupy a connection for longer).
Cf has really mature trust and safety as well as security teams and tools. I've no doubt they've taken bad actors into account considering all of the other offerings they have that have also attracted bad actors.
No question. They've been dealing with that factor at hyper scale for many years now. The only question is how they've already decided to go about it.
They'll certainly want to make a big splash with the product, given the cloud giants they're taking on. That's better done with fewer limitations initially, even if they know ahead of time the various ways they'll restrict abuse over time.
That's a good question, I wonder how that will play along with their Video Streaming service. I guess this wouldn't be hosted streaming, but a downloadable video file, so they'd have different use cases.
>I wonder how that will play along with their Video Streaming service
Yeah, that's my main concern, are they really going to disrupt even themselves?
>wouldn't be hosted streaming, but a downloadable video file
I agree but then if one can just add a <video src=""> and forget about it (plus, it's free) then streaming wouldn't even be considered (for plenty of use cases).
There is another possible pricing loophole: They could price the amount of data loaded from R2, regardless if it's for internal use or egress (similar to S3 infrequent access, but cheaper). If they go that route, they'd probably make it per-request for small request, and by-size for big requests.
You're already gonna be encouraged to move to an Enterprise ($5k+) account if you use too many resources, and/or if too much of your traffic is from non-browser clients, and probably for a bunch of other reasons I don't know about it. The terms under which this may happen are essentially arcane knowledge learned through experience. Think about it: if this weren't the case, every other CDN would already be out of business, rather than rapidly expanding and acquiring and growing.
Plus, you don't get an SLA for any of their "self-serve" plans until the $200/month one.
The article's not entirely accurate. It says the storage bandwidth fees are "totally elimiated" but that's not true:
> R2 will zero-rate infrequent storage operations under a threshold — currently planned to be in the single digit requests per second range. Above this range, R2 will charge significantly less per-operation than the major providers.
R2's final pricing isn't yet announced, but my understanding of the quoted section is that R2 will charge for storage operations (API calls), what S3 calls "Requests & data retrievals" on their pricing page [0]. But _egress_ (bandwidth) fees, which can be the most costly component of an S3 bill, are totally eliminated.
S3 — Charges for amount of data resident on disk, amount of data retrieved, and each API call
R2 — Charges for amount of data resident on disk and some API calls (over a threshold). No charge for data retrieved.
I can't wait to read the small print when it comes to actual egress bandwidth pricing. I can't believe it's going to actually cost zero dollars for all use-cases.
Poor man's R2 is already here. Up and running in form of Workers KV ($5 per million writes, $0.5 per million reads, $5 per 10GB), which can store blobs upto 25MB. Front it with Workers Bundled ($0.5 per million calls proxied) and it quickly gets real close to what one'd pay for R2.
And no, unlike Amazon with Lightsail, Cloudflare is okay with anyone bypassing bandwidth charges when using the Workers Bundled [1].
Indeed, the specific terms will be really interesting to watch. Even if the per-operation fees are high by comparison after that threshold, it could still result in a huge savings for big file downloads.
"Cloudflare has announced their "Distributed Web Gateways" which should solve these problems. Developers will interact with HTTP calls, which CloudFlare will translate to PFS or Ethereum functions, while adding Cloudflare added-value services on the HTTP side."
CloudFlare is well on its way to becoming the western version of the Great Firewall of China. Centralizing All The Things.
Except instead of censorship, it'll be used to make sweet cash dollars.
It's kinda astonishing to me that were fine with a third party company terminating end to end encryption between the service provider and the user. It just feels...so off to me that we've normalized this.
Hopefully there will be new standards in the future. But for now this is slightly terrifying to me.
Ultimately, if you're running in a virtualized cloud environment, you already trust your hosting company with your website's certificates (because there's no way to stop them from spying on your machine's core memory). So for most users, it's not a major change to expand the trusted set from {Amazon} to {Cloudflare, Amazon}. If you're the only one with root access to your hardware, then more power to you. But for most people I don't think it's a major change of threat model.
CDNs have existed since the 90s so everyone's had time to get used to it. The part which I think you're over-weighting is that this is not a third-party stranger but a third-party with whom you have a legal relationship — the use-cases for a CDN require external termination, otherwise you don't rent one, and the contracts commit to keeping it secure.
For a business, there are tons of trust relationships you handle this way: you trust Microsoft not to ship a trojan in Windows, Cisco/Juniper/etc. not to sniff your internal network traffic, Google not to ship your Chrome session keys back home, etc.
a) it was one of multiple examples
b) do you personally run a business this way and, if so, how's that working out relative to the competition? My point was simply that all businesses have some parties they trust on the theory that they'll sue if a contractual agreement is broken. It's too expensive not to trust someone when you have no reasonable basis for expecting an attack and a solid legal basis for compensation if they did: if you dislike Microsoft, substitute Apple or Samsung, your bank, etc.
Please enlighten me on what that term means.
Because All the telemetry/cortana does is disguise itself as a useful feature , while collecting user data and siphoning it off to its central servers.
that doesn't address my point, since you can say the exact same about wherever the site is hosted unless you strictly self-host everything, which the vast majority of sites doesn't do.
I'd argue the base is caching and load-balancing. And pretty much everything that has a business model of handling web traffic will need to handle HTTPS for its customers nowadays.
I know that Cloudflare is always very liked on HN and the CTO often comments here. I often refer to friends that Cloudflare only exists thanks to HN. But Cloudflare is not (neither HN) the center of the world you could have better than R2 with B2 before for example.
And no they didnt disrupted anything. You dont disrupt anything in one week actually. Has R2 had any impact on S3 business model or customers so far ? Probably not.
Not saying Cloudflare is a bad company, I believe it is one of the few (maybe with Stripe) that is able to still work as a startup even though they have thousands of employees, which is quite impressive. But the article is clickbait
I think calling it clickbait is too harsh. The right headline would be: "Cloudflare announces 3 changes which have the potential to disrupt 3 industries in the near/long future". So it's somewhere in the middle between "totally describing what's inside" vs. clickbait-y.
The R2 disruption is a reduction in cost. The target of the disruption is Amazon, a company that has decades of experience operating services at break-even or loss to acquire market share.
Quite a lot of the coverage seems founded on the idea that the price difference is an unbridgeable moat for Cloudflare. IMO, let’s see. Amazon could lower prices, and/or Cloudflare might need to start charging someone something as volume grows.
If Amazon has to remove egress fees to compete, wouldn't that be a pretty significant disruption to the industry as well? The author's argument isn't that Cloudflare is going to take S3 out of business, it's that removing egress fees makes a whole new class of applications viable. I don't see how the S3 removing egress fees as well would change that argument—it would still be Cloudflare that pushed the storage industry to this new place. In fact, S3 having to remove egress fees to compete would be probably be greater evidence for Cloudflare's disruptive effect :P
But even in the casual sense I don't think it's disruptive. They've introduced a competing service at a modestly lower cost. This won't put AWS out of business. Customers won't switch away en masse. It even won't make a noticeable dent in AWS's quarterly revenues.
So this isn't disruption. it's bog-standard business competition. Which I very much welcome.
Who do you see as current AWS customers paying bills like that? My guess is that's very niche. People who expect to use petabytes of bandwidth rarely just throw things on AWS and eat the bills. And if they do, then it sounds like they wouldn't be moved to switch anyhow.
Not current aws customers, but a friend's company basically built out their own cdn to avoid these charges. They're something like twitch -- lots of videos, lots of viewers.
Paying a fraction (there will obviously be charges beyond the $.09) but still a fraction of aws charges would have been revolutionary for them.
I think most people in that bucket knows not to serve in bulk from AWS and so just use existing CDNs. (Or, as you say, builds their own.) A good fraction of Cloudflare's business has to be fronting things that are in AWS.
For this to be disruptive, there has to be a significant amount of business that will move from AWS to Cloudflare because of this change.
If they ever get a complete cloud offering, that might be disruptive. But I don't think this is disruptive now. If you do, please be specific about the customer segments you think will be switching over the next 6 months and what your estimated impact is to AWS's $15 billion in quarterly revenue.
No more vendor lock-in because of removal of egress fees. Means they can actually obtain the first-mover advantage and they don't really need a complete offering.
I can't say that i know the impact on AWS in only 6 months. No one can, so they question seems somewhat ridiculous, since it's too little time.
That you can't see any short-term impact is exactly my point. Nothing significant will change, so this is not a disruptive innovation. It's a minor incremental change in the market. Might it enable something disruptive down the road? Possibly. But that's possible, not actual. If you want to more about what disruptive means in this context, I'd suggest reading one of Clay Christensen's books or the article I linked up above.
I'm mostly talking about significant impact on AWS ( revenue) within 6 months. Which is not realistic in that time frame.
I see a way for cloudflare to innovate based on dropping egress fees. But I'm not sure if i can drop my hunch this early. I think i can wrap it up with " empowering open-source".
I'll see if the future unravels in that direction. There are additional products required for that path to fulfill and I think a 6 month timeline is kinda short for that.
I agree it's not realistic. Or even within a year. Which means this is not a disruptive change on it's own. Could there be other changes made by Cloudflare that are disruptive? Sure. Could they make use of this? Also yes. But this on its own will not cause significant customer movement.
> I think calling it clickbait is too harsh. The right headline would be: "Cloudflare announces 3 changes which have the potential to disrupt 3 industries in the near/long future".
That's still quite the stretch. A pricing update to not charge egress fees for object storage and some types of streaming is hardly "disruptive", as is catering to the web3 buzzword.
I like Cloudflare, but these marketing blurbs start to eat away the goodwill that Cloudflare's technical progresses earn with their hard and quality work.
Doubt there's an affiliation. The whole article is written from a perspective of how founders can use these features to build their MVPs faster (curious how nobody in the comments mentioned this).
> A pricing update to not charge egress fees for object storage and some types of streaming is hardly "disruptive"
Hum. Do you think the largest cloud providers can outcompete that without completely changing their business plans?
Egress costs are always described as the ultimate cloud moat, and the main way those companies lock their clients. I do think there is enough space to disagree here (personally, I have no idea), but the mainstream view is that it fits the (econ-)dictionary definition of disruptive.
Agree obviously but I think the message is conveyed about what is interesting.
They are competing everywhere CDN, Zero Trust / EdgeSec, Edge Computing, Hosting, etc...
Anyone can think of any good historical good case studies on companies doing this in the past? Like becoming oversaturated, not focusing on one thing enough, or just growing like wild fire across spaces?
They seem to be massively diving into anything that can be computed/stored on the edge, and/or can benefit from a high performance network behind that edge. Which makes sense.
Also, they make quite smart choices. An example of one very smart choice is that they don't do Docker for cloud computation, only Javascript/WebASM, and that means they can spin up code in Isolates in V8 that's much more lightweight than having all the infra needed to do Docker.
> And no they didnt disrupted anything. You dont disrupt anything in one week actually. Has R2 had any impact on S3 business model or customers so far ? Probably not.
Cloud egress costs are the primary lock-in mechanism for cloud providers and that's been recognized as such for many years. This isn't the kind of thing which changes an industry in less than a week but I doubt you will want to defend this claim a year from now — Cloudflare is an established, rather popular company which many large organizations already trust and this gave them either significant savings or a big negotiating crowbar.
Cloudflare has always had free bandwidth and you can point the origin to whatever you want, including Backblaze which has free interconnect and cheaper pricing.
> Cloudflare has always had free bandwidth and you can point the origin to whatever you want.
Not completely: if you used a ton of bandwidth (especially non-HTML/JSON) they'd want you to switch to a paid plan.
Using an arbitrary origin server is similarly different, too: that means a lot more traffic coming back to your origin server unless all of your clients are located right next to each other hitting the same edge node. The mechanism they built to do an on-demand copy from S3 to R2 once and serve all subsequent requests from the replicated R2 copy should use substantially less bandwidth and will be faster for all of the requests received from clients which are closer to one of the R2 replicas than your origin server.
> I believe it is one of the few (maybe with Stripe) that is able to still work as a startup even though they have thousands of employees, which is quite impressive.
You wouldn't call it impressive if you had to wait >24h for a support response as a user with an enterprise package. I'd call it quite the opposite from my experience with them at my previous job.
There are special risks involved when relying on novel, market breaking features: Your offering will be dependent on that feature remaining available AND cost effective.
If the company ups the price or removes the feature altogether then you will be left without an edge.
They claim R2 is only free for infrequent access, and the storage price is still really expensive compared to the cost of hard disks, so the potential for disruption seems quite limited.
There seems to be potential for big disruption only if downloads aren't counted as operation in "Above this range, R2 will charge significantly less per-operation than the major providers".
Based on the release it seems the thing that would be most disrupted is storage and distribution of huge files (one download operation, huge egress bandwidth), which would result in it mainly being used for Mega clones for paid piracy.
Cloudflare really is impressive. Who can forget when they disrupted the retro emulation scene, by protecting the website that drove a prominent emulation developer to suicide? Or when they disrupted Isla Vista by serving the sites where Elliot Rodger was radicalized?
Those situations aren't analogous: if the water utility cuts me off, my options are things like drilling a well, trucking in water, or moving. If Cloudflare declines not to do business with me, there are many competitors around the world who I can switch to at varying levels of service depending on how much control I want.
It’s not a higher standard, just recognizing that the situations are different. People need water in a way that they don’t need a CDN, and the options for getting it are local rather than global.
I worked for one of the "bad actors" that was terminated by Cloudflare. To this day they have not provided anyone with a reason for the termination. To my knowledge, the site in question was not breaking any terms of service and when I asked customer support why the account had been terminated they pointed me to the clause that said something to the effect of "Cloudflare may terminate an account for any reason or no reason at all."
They also refused to provide a refund. I will never use Cloudflare again nor recommend them to any of my clients.
This is a convenient ethical construction for Cloudflare: "Sure, our customers did terrible things, but really, the real lapse would be if we didn't accept money from them!" But it doesn't hold up. While everyone needs food and water, nobody needs a CDN.
any announcement that conflates a decentralized web with cloudflare is premature at best and likely downright misleading. Distributed Gateways explicitly have CF as the central clearinghouse for all communication.
I see Cloudflare as part of the system of control of the internet. They can prevent sites from being seen or users from accessing the internet.
I also suspect that their business model is the mafia protection racket - that they may run some of the bots that commit DDOS attacks - it would be in their business interests.
I know of a Anti-DDoS company that did this but I won't mention their name. It does happen, but I have not seen it from Cloudflare. If you want a tell-tale sign of who is doing this, look for your quarterly DNS DDoS and a company sending out a trophy sales person quarterly to meet your team. It was incredibly insulting.
The past I remember of CF was prior to their forming a business a group of network geeks (not yet cloudflare) had a volunteer network of honeypot proxies. I volunteered some of my physical rented servers for them and a handful of VM's. I am curious how many current members of CF remember those days prior to them forming CF. Their CTO contributes on here, maybe he remembers. Either way I have not seen anything shady from CF yet and I know engineers and leaders at some of their biggest customers.
Why is this downvoted? I understand the second paragraph might be slightly aggressive/inflammatory but the first paragraph alone is a legitimate critique.
I would really appreciate if those who disagree would provide counter arguments, as both sides here offer the potential for an interesting (and important) dialogue about CF and their role in global Internet/WWW infrastructure.
"What may be asserted without evidence, may be dismissed without evidence". If someone is going to make the claim that Cloudflare is running an illegal protection racket and funds DDOS attacks against their customer's websites, then the burden of proof is on them to substantiate that claim. Otherwise, it's just pointless bad-faith remarks. And we can't just take the first paragraph in isolation—it depends on the second paragraph for logical support. How could Cloudflare prevent any non-Cloudflare site from being seen, or prevent any non-Cloudflare users from accessing the internet? There is no requirement that anyone use Cloudflare—they just happen to be the best game in town. If you believe otherwise, you have to assert arguments that support your position, you can't just state your thesis and expect people to guess what your reasoning is.
1. Never claimed this is actually happening - just that it’s a possibility he’s considered. I don’t think that these kinds of ruminations are so odious and dangerous as to necessitate them being hidden or removed from view.
2. Never claimed it was illegal. In fact, I’m certain the operation as described by OP would be legal (in many jurisdictions) unless there was another component involved, such as identifiable price gouging.
But, as I said elsewhere, I think it is pretty understandable corporate behaviour that has been done previously by anti-virus companies.
Why would you not take an opportunity like this in order to create a drama where you are the corporate hero, and have people knocking down your door for your product?
The second paragraph is more than "slightly aggressive" in my mind and it ruins the post. It is a wild theory based in no information at all. Cloudflare has a pretty coherent business model already.
Thank you. I appreciate you saying that the second paragraph is aggressive, but I think it would be naive to think that it isn't possible, or even probable - if there's money in play.
A lot of anti-virus protection companies did do exactly this - create the viruses that made their products sell. Its really not without precedent.
>it would be naive to think that it isn't [...] probable
It's probable that Cloudflare is a sophisticated criminal enterprise maliciously DDoSing prospective and existing customers so that they sign up for their (typically free) DDoS mitigation service?
It's possible, but this weird logic of "if there's an incentive to do something bad, then someone's probably doing something bad" - with absolutely no evidence to support it whatsoever - is the logic of conspiracy theories (e.g. 9/11 = inside job, Sandy Hook shooting = hoax, COVID-19 = fake virus to control the public).
Why pretend you don't see the false equivalency you're drawing here? A limited amount of free storage/transfer or a consumer cloud product is not equivalent to what Cloudflare are offering here, or what S3 is. If you need S3, Office 365 or Google Drive are simply not alternatives. Google and Microsoft offer viable alternatives, and hey, they cost money: [0], [1]. If there is a completely free alternative to S3, I would love for you to send a link, because Googling doesn't show any reasonable alternative.
More features that weren't mentioned by OP:
- CF released an email routing feature
- They released their domain name registrar (you could previously only transfer, but now you can also register domain names) using wholesale prices. I'd also classify this as a "disruption" because CF is not taking any profit with this one (but they have a lot to gain in terms of data if you route your domain traffic through them.)
[1] https://www.cloudflare.com/birthday-week/