Cloudflare: Difference between revisions - Consumer_Action

(3 intermediate revisions by 3 users not shown)

Line 4:

|Name=Cloudflare, Inc|Type=Public|Founded=2009|Industry=Web Services|Official Website=https://www.cloudflare.com/|Logo=Cloudflare Logo.svg}}

[https://en.wikipedia.org/wiki/Cloudflare Cloudflare, Inc.] is an American company that offers a wide range of web services. Due to its widespread adoption, Cloudflare's services play a critical role in the modern web infrastructure.

[https://en.wikipedia.org/wiki/Cloudflare '''Cloudflare, Inc.'''] is an American company that offers a wide range of web services. Due to its widespread adoption, Cloudflare's services play a critical role in the modern web infrastructure.

==~~Forced ID theft and face recognition~~==

==Consumer impact summary==

{{Placeholder box|Overview of concerns that arise from the company's conduct regarding (if applicable):

* User Freedom

* User Privacy

* Business Model

* Market Control}}

==Anti-consumer practices==

===Password scanning of website visitors===

From September to November 2024 Cloudflare was scanning the passwords users entered on websites without obtaining the users' consent.<ref>{{Cite web |last=Radwan |first=Radwa |last2=Zejnilovic |first2=Sabina |date=17 Mar 2025 |title=Password reuse is rampant: nearly half of observed user logins are compromised |url=https://blog.cloudflare.com/password-reuse-rampant-half-user-logins-compromised/ |url-status=live |access-date=10 Apr 2025 |website=Cloudflare Blog}}</ref>

=== Upselling behaviours ===

{{Main|Cloudflare forces consumers onto higher tiers with threats of shutdowns}}

The company has taken part in concerning upselling behaviours for its hosting services. For example Cloudflare advertises "low-cost domain names with no extra fees", however you can't change nameservers of your domain without paid business plan. <ref>{{Cite web |date=25 Jul 2024 |title=Cloudflare locks you into their NS if you use them as registrar. I can't believe I didn't notice this before. |url=https://www.reddit.com/r/sysadmin/comments/1ebzxq4/cloudflare_locks_you_into_their_ns_if_you_use/ |url-status=live |access-date=17 Apr 2025 |website=Reddit}}</ref>

===Forced ID theft and face recognition===

A full day after the sale of domain names, Cloudflare sends the customer a demand to present an ID card and their face in an automated video call with the third party Stripe within 24 hours to be analyzed by a face recognition system, threatening to cancel the sale unless the customer fulfills this requirement that the customer was not informed about before the sale, thereby making the domain names available for squatters to grab. The customer can lose their domain names either by simply not checking their email for 24 hours, which is likely as the sale has already completed and the customer has no reason to check their email again, or by the customer not agreeing to the procedure, which the customer should not, as ID cards are not made for use online. The customer's bank already has a procedure for verifying online purchases by popping up the bank app that has already been verified by visiting the bank in person, showing an ID card to a real person and signing a paper by hand. Stripe could have done like everyone else and delegate the procedure to the bank instead of inventing their own.

Line 20:

Line 35:

Image:Cloudflare_email_4.png

</gallery>

==References==

[[Category:Cloudflare]]

@@ Line 4: / Line 4: @@
 |Name=Cloudflare, Inc|Type=Public|Founded=2009|Industry=Web Services|Official Website=https://www.cloudflare.com/|Logo=Cloudflare Logo.svg}}
-[https://en.wikipedia.org/wiki/Cloudflare Cloudflare, Inc.] is an American company that offers a wide range of web services. Due to its widespread adoption, Cloudflare's services play a critical role in the modern web infrastructure.
+[https://en.wikipedia.org/wiki/Cloudflare '''Cloudflare, Inc.'''] is an American company that offers a wide range of web services. Due to its widespread adoption, Cloudflare's services play a critical role in the modern web infrastructure.
-==Forced ID theft and face recognition==
+==Consumer impact summary==
+{{Placeholder box|Overview of concerns that arise from the company's conduct regarding (if applicable):
+* User Freedom
+* User Privacy
+* Business Model
+* Market Control}}
+==Anti-consumer practices==
+===Password scanning of website visitors===
+From September to November 2024 Cloudflare was scanning the passwords users entered on websites without obtaining the users' consent.<ref>{{Cite web |last=Radwan |first=Radwa |last2=Zejnilovic |first2=Sabina |date=17 Mar 2025 |title=Password reuse is rampant: nearly half of observed user logins are compromised |url=https://blog.cloudflare.com/password-reuse-rampant-half-user-logins-compromised/ |url-status=live |access-date=10 Apr 2025 |website=Cloudflare Blog}}</ref>
+=== Upselling behaviours ===
+{{Main|Cloudflare forces consumers onto higher tiers with threats of shutdowns}}
+The company has taken part in concerning upselling behaviours for its hosting services. For example Cloudflare advertises "low-cost domain names with no extra fees", however you can't change nameservers of your domain without paid business plan. <ref>{{Cite web |date=25 Jul 2024 |title=Cloudflare locks you into their NS if you use them as registrar. I can't believe I didn't notice this before.  |url=https://www.reddit.com/r/sysadmin/comments/1ebzxq4/cloudflare_locks_you_into_their_ns_if_you_use/ |url-status=live |access-date=17 Apr 2025 |website=Reddit}}</ref>
+===Forced ID theft and face recognition<!-- NEEDS more refs covering this incident -->===
 A full day after the sale of domain names, Cloudflare sends the customer a demand to present an ID card and their face in an automated video call with the third party Stripe within 24 hours to be analyzed by a face recognition system, threatening to cancel the sale unless the customer fulfills this requirement that the customer was not informed about before the sale, thereby making the domain names available for squatters to grab. The customer can lose their domain names either by simply not checking their email for 24 hours, which is likely as the sale has already completed and the customer has no reason to check their email again, or by the customer not agreeing to the procedure, which the customer should not, as ID cards are not made for use online. The customer's bank already has a procedure for verifying online purchases by popping up the bank app that has already been verified by visiting the bank in person, showing an ID card to a real person and signing a paper by hand. Stripe could have done like everyone else and delegate the procedure to the bank instead of inventing their own.
@@ Line 20: / Line 35: @@
 Image:Cloudflare_email_4.png
 </gallery>
+==References==
+<references />
 [[Category:Cloudflare]]