Also, interesting comment I found on HackerNews (HN):
This post was definitely demoted by HN. It stayed in the first position for less than 5 minutes and, as it quickly gathered upvotes, it jumped straight into 24th and quickly fell off the first page as it got 200 or so more points in less than an hour.
I’m 80% confident HN tried to hide this link. It’s the fastest downhill I’ve noticed on here, and I’ve been lurking and commenting for longer than 10 years.
I did a quick search through Cloudflare’s TOS and did not find anything about gambling. What was the TOS violation here?
What I’m seeing is Cloudflare communicating very poorly about what actions the customer would need to take to keep their site operating, why, and what the timeline would be. “We’ve determined operating your casino website on Cloudflare IP addresses is an unacceptable risk to our other customers and we require that you upgrade to an Enterprise plan within two weeks or your service will be terminated” is clear, concise, and I believe entirely fair. What they did here makes me think they’re an unreliable and unpredictable service provider.
Gambling is not TOS violation. Exposing CFs IPs to be blocked would affect ALL customers so CF is naturally aggressively protecting those Running any business that puts CFs IPs at risk is the TOS violation here.
I wish I was the fly on the wall during that meeting, but I have very little doubts casino understood the problem very well and were trying to weasel their way out of paying for an enterprise service (to anyone) and having to use their own IPs which are trivial to block. And if you continue buying more and rotating it will likely quickly get you on the black list with anyone still selling them.
I may be simplifying and maybe casino’s CTO and the entire tech team are a bunch of naive newborns, but I really fucking doubt it.
Again, I’m not seeing an unambiguous TOS violation here. They have some catch-all stuff about creating an undue burden and an even broader clause saying, essentially they can drop any customer without cause. I have no doubt Cloudflare is legally in the clear, but when I read about something like this, I think I wouldn’t set anything important up with Cloudflare as a critical part of its infrastructure.
Of course, the author could be leaving out a bunch of context to make himself look good.
If the article was about a non profit or a legit small business with a web presence, I would agree with you. We’re talking about massively risky business with spectacular profit margins.
I just don’t believe that CF suddenly realized these guys are rolling in money and wanted their cut. The risk just wasn’t worth it to CF confirmed by the fact that they did not negotiate at all and happily lost the casino as their client.
We’re easily making enough to pay $120k/yr to CF, but they are not creating that much value for us and we’re not introducing any risk to them so what we pay makes sense for both sides.
Maybe I haven’t been clear enough.
I have no objection to Cloudflare or any other service provider dropping a risky or unprofitable customer. That’s normal and fair in business.
What I don’t like is their apparent poor communication and failure to provide a clear (and reasonably distant) deadline so that the author’s company could find a solution that avoided downtime. Were I on that company’s board, I’d likely be pretty unhappy with the author for not having a contingency plan prepared in advance, but as a third-party observer my main takeaway is that if I rely on Cloudflare and they suddenly decide they don’t like something I’m doing, I’m screwed.