[southerntofu]

We need to boycott Cloudflare and others like them. They are pretending to protect websites, but in fact they create a walled garden where they decide who gets in.

People who use privacy tooling are left out, people from poorer countries are left out (due to bad IP range reputation), and legit bots scraping websites are left out.

If you need DDOS protection, use network-level mitigations from your host and basic rate limiting. If you need to protect your admin area from bruteforce and known vulns, restrict it to localhost queries and use SSH tunneling with public-key auth. If you need geo-replication, think again, you probably don't: make your pages lighter (why JS? why custom fonts?) and reduce the number of queries at all costs (the biggest slowing factor on high-latency links).

You don't need Cloudflare, even for a popular international website. Designing your website properly will make it more user-friendly and faster to load. From anywhere in the world, it should be fully rendered before any similar Cloudflare-powered page could load the JS spyware blocking access to the content.