OVER the years, at work and at home (e.g. in social control media), I have expressed strong (but polite) criticism of Cloudflare (or CloudFlare or CF) and its dangers -- to the point where its oversensitive staff decided to block my Twitter account (not due to abuse or because I spoke to them, they just didn't want to see anything I had said). I've rarely come across so thin-skinned a company and recently I have seen people making the very same points. So here's the gist of it all: Cloudflare is a MitM (man in the middle) and this enables Cloudflare to engage in censorship, surveillance and even worse things. Cloudflare has done both things in the past and was at times caught misusing its power. Cloudflare is no ordinary CDN but a private, for-profit company that's upselling. At times they also have technical issues and I've seen not just companies but public institutions forced offline (or into semi-working order) due to Cloudflare.
"In some cases, for particular countries, having all traffic visible to the US (through an American company with legal obligations to its government) can be a matter of life and death."I've been dealing with Cloudflare since it was a young company, however reluctantly, at work. I've seen public institutions coming to rely on this foreign company and relaying all traffic through it. That raises all sorts of legal questions.
The bottom line is, never ever use Cloudflare. When accessing sites that route traffic through Cloudflare one might in fact be denied access (e.g. Tor users or people who rightly reject JavaScript). In that case, it's wise to leave (not enter the site), instead leaving a note to the Webmaster, urging him/her to drop Cloudflare.
Sites that respect their visitors do not resort to Cloudflare. Building one's own CDN may be expensive, but what is the worth of your visitors' rights? In some cases, for particular countries, having all traffic visible to the US (through an American company with legal obligations to its government) can be a matter of life and death. ⬆