Load of bull.
Every article linked in this is either wrong or mischaracterized.
Cloudflare does not facilitate phising - it just made proxying and tunneling easier.
The breaches and bypasses mentioned are anything but - they are linking to a successful mitigation of an attack as if the attacker got away with something of value.
This entire article reeks of trying to fit the evidence to an agenda.
Considering they couldn't find actual evidence of problems and had to resort to mischaracterization this is actually a great reason to use Cloudflare.
I've reported blatant phishing attacks targeting seniors dozens of times to cloudflare (and so far it's always been cloudflare) and never once have they replied with anything except "we could not determine this was phishi g". They absolutely facilitate phishing through inaction.
Not my experience at all. We've reported hundreds if not thousands of sites and with few exceptions they have taken them down swiftly. Definitely one of the best cloud operators when it comes to this.
As recently as August 8th, I reported a phishing site targeting seniors into installing a pre-configured Atera client (who _also_ failed to respond in a reasonable time) by pretending to be an event invite. It was blatant and obvious phishing. This was the response:
---
Hello,
Cloudflare received your Phishing report regarding: ----
We are unable to process your report for the following reason(s):
We were unable to confirm phishing at the URL(s) provided.
Please be aware Cloudflare offers network service solutions including pass-through security services, a content distribution network (CDN) and registrar services. Due to the pass-through nature of our services, our IP addresses appear in WHOIS and DNS records for websites using Cloudflare. Cloudflare cannot remove material from the Internet that is hosted by others.
Please reply to this message, keeping the report identification number in the subject line intact, with the required information.
To respond to this issue, please reply to abusereply@cloudflare.com.
Thanks,
The Cloudflare Team.
---
This is the typical response for me from Cloudflare - it took 2 more weeks before it was finally taken down. If I had to hazard a guess, your high volume of reports gets you into a very different support bucket than the occasional reporter.
My most recent experience was terrible for two reasons:
1. They didn't take down an obvious banking scam site that was hiding behind their service
2. They forwarded my "report phishing content" submission, including contact information, to the scammer, resulting in a roughly 100x increase in the amount of spam I receive and ensuring that I won't ever use their reporting function again
Cloudflare does not facilitate phising - it just made proxying and tunneling easier.
The breaches and bypasses mentioned are anything but - they are linking to a successful mitigation of an attack as if the attacker got away with something of value.
This entire article reeks of trying to fit the evidence to an agenda.
Considering they couldn't find actual evidence of problems and had to resort to mischaracterization this is actually a great reason to use Cloudflare.