Why is Cloudflare Pages' bandwidth unlimited?

Original Article ↗ Hacker News Discussion ↗

Business rationale for generous free / “unlimited” bandwidth

  • Many comments cite Cloudflare’s own explanations:
    • Free users create huge traffic volume, which improves peering deals with ISPs and can drive unit bandwidth costs toward zero.
    • Scale helps convince regional telecoms to peer or host CF equipment, further cutting transit costs.
    • Free tiers seed “top of funnel” adoption; developers use CF personally, then later push it at work.
  • Bandwidth itself is described as extremely cheap at scale; the real revenue is from enterprise DDOS protection, security products, and value‑add services (Workers, R2, Images, Stream, etc.).
  • Free users also provide telemetry and threat intelligence that powers paid security products.

“Unlimited” isn’t truly unlimited / pricing & sales experiences

  • Many argue “unlimited” is marketing: heavy users eventually get contacted by sales and pushed toward expensive enterprise contracts.
  • Several anecdotes describe abrupt “you’re straining our network” or ToS‑style justifications, sometimes with high five‑ or six‑figure quotes and short migration windows.
  • Others report substantial usage (20–60 TB/month) on free tiers without being contacted, suggesting informal, shifting thresholds.
  • Some see this as predatory or “dumping”; others say it’s normal stratified pricing and that extreme users should expect to pay.

Security, surveillance, and privacy concerns

  • A large subthread speculates that CF functions as a de‑facto state‑level MITM and surveillance point, citing PRISM, government interest in earlier spam‑tracking projects, and CF’s position terminating TLS for a large slice of the web.
  • CF’s public denials of PRISM participation are criticized as narrowly worded and unverifiable under secrecy laws.
  • Others counter that all big US infrastructure providers are in similar positions and that some design choices can limit what is exposed.

Abuse handling and “Crimeflare” reputation

  • Multiple comments say CF is heavily used by phishers, malware operators, and “DDOS‑for‑hire” sites.
  • Criticism: CF often forwards abuse reports to origin hosts but rarely terminates abusive customers, acting like “/dev/null for abuse reports.”
  • Some argue CF profits by protecting both DDOS victims and DDOS sellers, worsening the ecosystem; others defend a “common carrier”‑like stance.

Developer experience, vendor lock‑in, and alternatives

  • Many praise Pages/Workers/R2 as easy, fast, and incredibly cheap compared to AWS/GCP/Netlify.
  • Some express fear of future “enshittification,” lock‑in to proprietary features, and account/billing unpredictability, preferring prepaid or simpler hosts like Bunny or NearlyFreeSpeech.
  • There is concern about centralization: a single company becoming critical infrastructure for large chunks of the web.