[dcow]

Sure, but you self-identified as someone responsible for the project and then suggested people go violate the ToS by running their own benchmarks. I think the community here calling out the double standards and asking for an update/response is entirely fair. If you didn't want the flak then leave off the "I'm the tech lead on CF workers" intro. Seems to me like the ball is in your court to at least try and make your advice actionable.

[kentonv]

I do not believe I suggested doing anything against the ToS. I think you're misinterpreting the clause. But not being a lawyer, I don't really want to get into that discussion.

If I didn't state upfront that I was the tech lead of Workers, someone would (rightly) call me out for astroturfing.

[justinpombrio]

> I think you're misinterpreting the clause. But not being a lawyer, I don't really want to get into that discussion.

The clause says "Unless otherwise expressly permitted in writing by Cloudflare, you will not and you have no right to: [...] (f) perform or publish any benchmark tests or analyses relating to the Services without Cloudflare’s written consent;"[1]

IANAL, but this seems to very unambiguously prohibit benchmarking Cloudflare's services unless you have written permission. I know you don't want to get into an argument on HN, but could you like... bring it up to someone inside of CloudFlare who would be capable of changing it? You can point to this thread about how this clause is generating negative publicity.

[1] https://www.cloudflare.com/terms/ section 2.2

[eastdakota]

I am a lawyer and also the CEO of Cloudflare. I have no idea why that clause is in our ToS. It was a surprise to me when it was pointed out recently. Not sure when or why it got included. Best guess is it was when some “stress tester” services decided to “benchmark” us by performing DDoS attacks and we thought we needed another justification to shut them off. Has been a loooong time since we worried about such things. Regardless, we decided weeks ago we’re removing the clause during the next ToS refresh. That’s scheduled for the coming weeks. And, in the meantime, have no issue with anyone benchmarking our performance. And seems we should do a more thorough and unimpeachable set of comparisons ourselves. Stay tuned.

[ldoughty]

I appreciate this reply, and hope the initial engineer gets no flak for his personal opinions attempting to defend your company. It's nice to see a tech company with employees defending it and leadership making such public statements as this.

[eastdakota]

I upvoted Kenton’s post. He’s the reason Workers exists. Surprised anyone worried about him commenting. I’d only be worried if I were a competitor who pissed him off by publishing BS stats. I’d imagine there’ll be an incredibly thorough and totally unimpeachable benchmarking study that comes out of this. And, anywhere we’re not the fastest, we soon will be. Game on.

[robertlagrant]

> I’d only be worried if I were a competitor who pissed him off by publishing BS stats

An unusual and excellent CEO stance. Now I like Cloudflare even more.

[unityByFreedom]

Kenton is a star and they're lucky to have him. But I don't think he was defending the company, rather defending his own work.

[andrewnyr]

They seem to be one in the same.

[pbowyer]

At the same time can you change 2.2(a) and remove the "or sign up on behalf of a third party"? My clients are not technical, and when they do manage to sign up they then email me their login details in plain text...

Without this in your T&Cs I could create the account for them in a couple of minutes. And avoid doing a screenshare to walk those who fail through the sign up process.

[Cthulhu_]

If you're employed by your clients and do it in their name, doesn't that make you the first party? I'm no lawyer but I can imagine it's to legally be able to close off bots and other shady services.

[pbowyer]

> If you're employed by your clients and do it in their name, doesn't that make you the first party?

If you're an employee, yes. If you're a consultant, contractor, freelancer or similar then you are a third party doing as you do it on behalf of your client (the first party). This is for UK law, and the distinction of first/thrid party is important when it comes to tax (see IR35 for the mess created).

[ngz00]

Perhaps you can have them provide an access key instead? I vaguely recall seeing a button on a 3rd party platform that let me configure my DNS in Cloudflare to route to the 3rd party. Not sure how that flow worked to be honest, but I believe there is some programmatic way to delegate.

[unityByFreedom]

Nice. It was a silly jab anyhow, seeing as you need to contact a rep at Fastly to even sign up for their product or get a quote on its cost.

Fastly made it sound like contacting Cloudflare is "impossible", yet here you and one of your top devs are.

[rovr138]

I’m just reading, but I appreciate coming to the comment section of a post here and seeing I’m this interaction, the CEO of a company like CloudFlare posting and, to top it off, posting something like this.

[uyt]

> Regardless, we decided weeks ago we’re removing the clause during the next ToS refresh

I've seen you reply about ToS issues before (specifically over caching of non-html assets): https://news.ycombinator.com/item?id=20791605

You verbally allowed it in that thread but have you considered officially adding that into the next revision of your ToS too?

[wutwutwutwut]

So you haven't read the agreement which you ask all the customers to agree to? Lame.

[Sagaris]

Good move.

As for "stand-up" with Fastly, I believe the whole situation brings only negative consequences on both parties. I always become wary towards any service that posts comparisons with its competitors (or simply with services of similar nature).

Good luck and wise decisions to you.

[ridruejo]

Love these direct founder responses. Makes me trust the service more than any amount of benchmarks

[samhw]

> Unless otherwise expressly permitted in writing by Cloudflare, you will not and you have no right to: [...] (f) perform or publish any benchmark tests or analyses relating to the Services without Cloudflare’s written consent

This - I mean even the conversation prior to this message - surely constitutes "expressly permitted in writing by Cloudflare"?

[saagarjha]

I would not be surprised if the person on the other end of that conversation would take poorly to the existing contributions made to it by people who have publicly identified themselves as Cloudflare employees.

[hn_throwaway_99]

First off, just want to say thanks for your posts, I found they give useful context and I really appreciate them.

I don't want the following to come off as unnecessarily argumentative, but regarding the ToS, I'm not a lawyer either, but my "ability to read English" interpretation of the section on "perform or publish benchmarks..." certainly sounds like it is prohibiting folks from doing their own side-by-side comparisons. Which is, of course, nonsense, because any engineer worth their salt would do their own analysis, even if they didn't publish it.

Just sounds to me like the CloudFlare lawyers got a little too aggressive to the point of absurdity, but I still think it's fair to call out CloudFlare for this.

[ldoughty]

Note that the CEO had replied too this parent thread and said he is removing that language

[unityByFreedom]

Plus it was there to prevent DoS attacks which is understandable.

Even without the ToS language, if you're really going to stress test a service, it's probably a good idea to give them a heads up, lest you get marked a bad actor.

[dmurray]

He still should take some responsibility for it being there in the first place. "Our legal department insists on adding user-hostile clauses everywhere they get the chance" is an OK excuse for a Cloudflare sales rep or engineer, but it's disingenuous coming from the guy who is in a position to tell them to take a friendlier approach by default.

I'm assuming this isn't the only overly restrictive clause in the contract. Maybe it's an anomaly in an otherwise respectful ToS.

[floatingatoll]

He’s the CEO. He acknowledged it and is fixing it. There is no more responsibility left unclaimed.

We aren’t owed a historical explanation, and yet we’ll likely receive one with what I presume will be a TOS update blog post in a few weeks.

I feel like this is that moment where someone lays on the car horn because they want to be sure the other driver understands that they’re a bad person, and should feel bad about themselves. It’s not about making you right by their actions, it’s about making sure they know the depth of your anger at them.

That has little value here. It’s socially valuable in interpersonal interactions, but it’s a tire fire when left uncurbed at Internet scale, and becomes vitriolic and harmful to discourse.

I may have misunderstood your specific intentions and desires from the CEO, and if so, I apologize; but I stand by my point in the general sense for all of us.

[LamaOfRuin]

You suggest performing one's own tests to evaluate performance of the services, which fits the definition of benchmarking.

The ToS explicitly say that performing any benchmark analyses or test relating to the services is not allowed without written permission from CloudFlare.

99% of the people reading and attempting to abide by the CloudFlare ToS are not lawyers, but as a rule contracts mean what they say when they say it clearly and unambiguously as this seems to.

[jefftk]

> If I didn't state upfront that I was the tech lead of Workers, someone would (rightly) call me out for astroturfing.

The way I usually see people handle this, and what I do myself, is to both state your relation to the company and clarify whether you're speaking for the company. Ex: "I'm the tech lead for Cloudflare Workers, but speaking in my personal capacity..." or "I'm the tech lead for Cloudflare Workers (speaking only for myself) ..."

[unityByFreedom]

It's generally understood on HN that when someone says "I work at X" that they are not speaking on behalf of the company.

On top of that, Kenton is a frequent commenter here, and I've never gotten the "air of superiority" vibe from him where such verbosity would be necessary.

[robertlagrant]

This is true, but it's better to just assume people aren't speaking in an official capacity unless they say they are. This would also shave 30% off most Twitter bios.

[dcow]

> If I didn't state upfront that I was the tech lead of Workers, someone would (rightly) call me out for astroturfing.

I think the nuance is that you are presenting yourself as someone with responsibility/authority/control over the subject of these benchmarks. As a comparison, consider wording that skirts taking up that mantle:

Full disclosure, I work for Cloudflare, but ...

Not trying to be argumentative and really don't have any hostile feelings or intent. I understand where you're coming from.. just providing my outside take on how the interaction appears. You're within your right to defend your product. Nobody seems to have a problem with that. But you also decided to throw mud on the pile, metaphorically. You admitted you aren't plugged into the back and forth, that's fine. But this isn't news for Fastly and it's hard to take your side in this discussion when your solution is "go do your own tests" which is exactly what Fastly is would like to do. They clearly call attention to your ToS preventing them from doing that in the piece we're discussing here.

[protomyth]

I think a lot of us have run into this exact clause because of Oracle and then other database vendors. We are well aware of what happens when you violate one of these clauses.

[minusf]

i think it's good there was full disclosure about your employer, but it also set the post up for me as "i am wearing my cloudflare tech lead hat", as nowhere in your post you state you are speaking for yourself and not as an employee... very confusing.

[nickysielicki]

> you self-identified as someone responsible for the project and then suggested people go violate the ToS by running their own benchmarks.

He did not. Profiling how your particular app and use case runs on a given serverless provider is not benchmarking.