Cloudfare Takes Down The Internet; Here’s an Alternative

Cloudflare just had its worst outage since 2019, lasting about 5 hours on November 18th. It took down all of its customers due to the scope of the outage, and even Cloudfare thought they had been hacked at first. Let’s dig in.

What is Cloudfare?

• Its an edge network and proxy providing different services like DNS, DDOS prevention, and web firewalls.
• Its supposed to make websites faster by service their resources closer to the visitor, through CloudFare’s 330 edge nodes all over the world
• These edge nodes also do many other things like protect websites from DDoS attacks, and active attackers - these are identified and dropped at the edge

For all of these reasons, 18% of sites on the internet choose to use Cloudfare, they have massive visibility on the internet at large - and have visibility to about 25% of the world’s internet traffic, since many big sites use them.

On November 18th, Cloudfare went down, taking down a big chunk of the internet with them.

• Canva
• CharacterAI
• ChatGPT
• ClaudeAI
• Ikea
• Spotify
• Truth Social
• Uber
• X
• Zoom

On their blog, Cloudflare shared that a bug to their Bot Management module was responsible for the outage. Each request incoming through Cloudfare’s core proxy system goes through a number of modules, the Bot Management module gives visitors bot scores. This happens every single request going through Cloudfare - its detecting whether you are a bot.

An underlying change to their distributed database caused the Bot Management module to load extra data and run out of memory.

You can see in this graph, almost all of Cloudflare’s traffic was effected - around 26M requests per seconds as the team tried to figure out what was going on.

Although Cloudflare perceives itself as defenders of the internet, protecting government websites and organizations from DDOS attempts - its important to remind ourselves how much power this one company holds.

It makes the internet less resilient as 20% of the internet can fail at one time.

Cloudflare can also make the decision to cut off websites from the internet - cutting off its services to the image board 8Chan in 2019 for hateful content.

8Chan could have used some other provider to protect itself against DDOS attack but it ended up going offline instead.

The CEO Matthew Prince has also arbitrarily kicked websites off the service for their views such as a Neo Nazi website.

This was his personal arbitrary decision, he wrote that he “woke up this morning in a bad mood and decided to kick them off the Inernet.”

He then said that this amount of centralized power was bad and it shouldn’t be in one person’s hand - I suppose he’d rather hand it off to an oligopoly of big tech companies following government regulations.

To make things more confusing, Cloudlfare reportedly provided services to groups considered terrorists under US Sanction laws, including the Taliban and Hamas - although the U.S makes no moves to punish them for providing services to sanctioned groups.

Why is Cloudflare able to do this without being prosecuted under OFAC?

Lead counsel for Cloudflare said they are trying to be “neutral”, and are “aware of their obligations under sanctions laws” and have a “policy in place to stay in compliance”. I don’t know how that’s possible given that they receive money from these organizations, but hey - they have good lawyers.

Perhaps its because knowing who visits these websites is valuable information for Cloudflare and its partners.

Cloudflare received 700 requests from the U.S government in 2024 for data, and around 60% of these cases, data was provided.

So what should sites do if they need to protect themselves from bots?

In comes Anubis, a Web AI Firewall utility that acts as a proxy to judge requests before they reach your website. It protects the site from automated botnets and potential DDOS attacks by making incoming requests perform proof of work, where people’s browsers solve simple challenges, the same types of challenges miners solve in the Bitocin network.

Cloudflare’s outage is a reminder of just how fragile the modern internet becomes when so much power is concentrated in a single company. One bug shouldn’t be able to take down nearly 20% of the web, and one CEO shouldn’t be able to decide who stays online and who disappears.

But this doesn’t have to be the future.
Tools like Anubis show that we can build defenses that don’t rely on centralized gatekeepers with oversized control and opaque relationships with governments. We can choose infrastructure that is transparent, distributed, and accountable.

The more we adopt alternatives and decentralize our digital foundations, the stronger — and freer — the internet becomes.

🛍️ Above’s Black Friday Sale is Back!
Our best sale of the year is back—with some phones up to $500 off, plus deals on laptops and bundles.

If you’re ready to upgrade your privacy gear, now is the best time.

Don’t wait—supplies of our most popular devices are extremely limited!

Shop now!