Rendered at 23:39:38 GMT+0000 (Coordinated Universal Time) with Cloudflare Workers.
karlkloss 2 days ago [-]
Does nobody read the fineprint?
By submitting, posting, or publishing your content, suggestions, enhancement requests, recommendations, feedback, information, data, or comments (“Content”) to any Website or Online Service, you are granting Cloudflare a perpetual, irrevocable, worldwide, non-exclusive, royalty-free right and license (with the right to sublicense) to use, incorporate, exploit, display, perform, reproduce, distribute, and prepare derivative works of your Content.
If you're ok with that, fine.
But I'm not.
thelibrarian 2 days ago [-]
If you don’t give them a license to display the works you give them to display, how can they legally display it?
gpt5 2 days ago [-]
Perhaps the same way that Github works when you host your web page there. I.e. A revocable, limited license, where you retain full ownership, and only grant them permission to host and serve your content + a limited set of other uses, and you dictate external licensing?
iamleppert 1 days ago [-]
Here, drop all your data into this vortex -- we need it for our next web site builder AI model.
lschueller 1 days ago [-]
Yes, but this is the perfect circle of slop: generate an ai landing page, throw it into cloudflare drop, ai adopts it, start all over again. For genuine, professional content, I would assume, almost no one uses cloudflare drop, as they already have something in place to test and quickly host some page. Moreover, I expect that scammers and phishing campaigns will have a use for it to quickly up some landing page without leaving a large footprint.
0x457 1 days ago [-]
It's not like every SaaS wasn't using the same style of landing page before AI.
tritiy 2 days ago [-]
It states more than just display: 'to use, incorporate, exploit, display, perform, reproduce, distribute, and prepare derivative works'
PurpleRamen 2 days ago [-]
Can this be a necessary legal framing for technical purposes, to allow converting of pictures to different resolutions, or adapt the content to mobile views, and such things?
tremon 2 days ago [-]
To me this looks like legal preparation for selling their users' datasets for AI training purposes.
jeffparsons 2 days ago [-]
Basically the same phrasing was widespread before LLMs were invented. So I don't think it's specifically motivated by that.
whilenot-dev 1 days ago [-]
Hoarding massive amounts of data for the success of machine learning algorithms was a thing long before LLMs were a thing too. Remember the neural networks hype that kicked off around 2010? LLMs didn't even challenge the prevalent paradigms of deep learning: "Most of the value of deep learning is where you can get a lot of data" or "Data is the new oil".
dspillett 1 days ago [-]
This is more-or-less standard boilerplate from _long_ before the current AI training even existed. It basically means “we can do anything we like with it, now and at any time in the future, including selling it and passing these rights on to anyone else we chose, but don't take ownership so we can't be held responsible for it”.
Officially it means they can legally do wat you want them to do (present the content to users, perhaps transforming it in various ways for some or all viewers), but of course it covers them being able to do far more than that.
ak39 2 days ago [-]
Unlikely. It goes further by also using the word "exploit".
If they needed permissions for conversion, they'd have made a specific mention of that and thereafter confirmed legal ownership.
dspillett 1 days ago [-]
TBH, I like that the word “exploit” is in there. It feels more honest and if it were not present!
another-dave 2 days ago [-]
I mean, even all else aside - why would they need a "perpetual, irrevocable" licence?
dminik 2 days ago [-]
Perpetual and irrevocable? And with the right to modify, not just display?
You do not need all that.
szszrk 2 days ago [-]
and "(with the right to sublicense)"
If my company presented such user agreement I would be quickly reported by users to local Office of Competition and Consumer Protection, audited, fined, and ordered to change that.
I think this would be even challenged at the level of "Abusive clauses registry" that office maintains, so the agreement would be quickly overruled in court.
If no specific clause would be challenged, this is an example of "grossly violates the consumer's interests" rule.
How is big tech allowed to push this shit anywhere? How is this legal in civilized world?
yread 2 days ago [-]
With the right to sublicense. They can literally sell your stuff
simonjgreen 2 days ago [-]
Perpetual and irrevocable? Derivative works?
dspillett 1 days ago [-]
Derivative works I understand. That would include transforming the content for some/all viewers. Making it mobile-friendly or otherwise reformatting for display, for instance, or adding affordances for accessibility, or for long content adding a generated summary.
Irrevocable and right-to-sublicense are the red flags for me. Nothing a company sells to us is irrevocable, but everything they take from us is expected to be.
flyingshelf 2 days ago [-]
Derivative could just be "let CF append your Google Analytics tag and that funny cursor-follower script.
Perpetual is way harder to justify though.
konnor 1 days ago [-]
Have you read the fine print for other platforms?
This is standard boilerplate for hosting companies so they don't run into issues putting your content on distributed CDNs, or if things are in their logs, etc.
I want to be mad at Cloudflare as much as the next person, but Vercel, Netlify, Fly.io all have the same "legal-ese". I don't agree with it and it feels overly broad, but it seems hosting companies, at least US based ones, all have this same standard boilerplate around your content.
millerm 10 hours ago [-]
Sure, but right now we are talking about Cloudflare Drop. Whataboutism doesn't dismiss this specific issue. What we need then is someone that is good at collecting, digesting, and disseminating this information to the masses so that people can make better and informed decisions. I'm not good at much of anything these days, so unfortunately that isn't me as I have given up on just about everything. I think one of the real key areas is people seeing how their information is used. How much value it holds. Even if it's $0.50, if the companies had to pay this out to others each time they used the data then they couldn't afford it. That's the real issue at hand. People are working for free and making others powerful. They are unconsciously building a system where its main intent is to exploit the minds of the masses by weaponizing their behavior. It's all disgusting.
I hate AI with every fiber of my being. Yes, there are a few areas where it's beneficial, but in total it's a disaster for us. I don't need to get further into that discussion here as it's irrelevant to the initial topic.
Have a good day!
aweb 2 days ago [-]
I'm always really doubtful this is applicable in the end, especially in the EU. You can't give up all your copyright like this
jampekka 2 days ago [-]
Maybe, but you may not afford to find out.
josu 2 days ago [-]
It's a spectrum. I don't think that they will be able to sell t-shirts using a drawing you've uploaded. But it will probably allow them to defend themselves a bit better if they get sued for selling the data for LLM training.
jwr 2 days ago [-]
You can't give up the right to sign your work with your name. But you can definitely share rights to reproduce your work etc — although perhaps not in a clickable EULA.
whilenot-dev 1 days ago [-]
In Austria and Germany, you just cannot transfer the copyright ("Urheberrecht"). You can only transfer - meaning sell - the right of use ("Nutzungsrecht"). The only exception I know of is with employments, where the employer is the rightful copyright holder. The US, Switzerland, and maybe other legislations allow for the transfer of copyright.
jwr 1 days ago [-]
I believe we are talking about the same thing.
tjoff 2 days ago [-]
Regardless, I'm not one to use or otherwise promote such shitty behavior.
Not sure why cloudflare seems to be in such good standing on hn.
psd1 2 days ago [-]
Early on, they had 30 points of presence with 11 employees - cool, but especially cool to John Galt fans.
2 days ago [-]
harrouet 2 days ago [-]
You beat me to it, I was going to post the same.
Clear red flag, only useful for whistleblowers.
blueflow 2 days ago [-]
> your content
Wouldn't it be fun to upload content of a big music label or smth like that?
throawayonthe 1 days ago [-]
> By submitting, posting, and publishing your Content, you represent and warrant that your Content, does not: (i) infringe, violate, or misappropriate any third-party right, including any copyright, trademark, patent, trade secret, moral right, privacy right, right of publicity, or any other intellectual property or proprietary right; or (ii) slander, defame, or libel any third-party.
vinothkumarnaga 2 days ago [-]
Thank you for highlighting this :)
millerm 11 hours ago [-]
Wow, that's awful! Considering how incredibly easy they open anyone up to uploading sensitive content, it's ridiculously unsafe to have open like that. I only saw the home page, and clicked the buttons to see what they asked for. Absolutely not! I won't even attempt a simple hello.txt file. This is some dark pattern stuff. Plus AI, I reject it all.
You are now making me rethink using any of Cloudflare's tech. I need to go and read the fine print for their DNS (1.1.1.1). I also wonder what their Turnstile conditions are being imposed on all of us.
That sort of condition is disgusting.
pjc50 2 days ago [-]
This is true, but: you should see how many other cloud services have these terms. It's very insidious.
small_model 2 days ago [-]
No body is stealing your blog, relax its boiler plate
another-dave 2 days ago [-]
[dead]
zeratax 2 days ago [-]
every website ever (except for github) has this exact same clause and everytime it's posted online, people freak out about it lol
jkman 1 days ago [-]
>"everyone is doing it so stop complaining bro!!!!"
sevenzero 2 days ago [-]
People are losing the ability to read. Lots of high schoolers are incapable of reading properly already. Attention spans shrink. We got some fun times ahead of us.
We need these legal texts as short form TikTok content I am afraid.
gmac 2 days ago [-]
I have plenty of ability to read, but I never read these T&Cs because they’re usually dozens of pages long and life’s too short (or, if you prefer, the cost/benefit doesn’t support it). For consumers in Europe, at least, it’s usually safe to assume that anything too shitty is unenforceable, which helps.
bigfudge 2 days ago [-]
Being “unenforceable” doesn’t stop them making your life a misery in the process, ruining your credit rating etc.
hyperman1 2 days ago [-]
As an EUian,I've never given one care about my credit rating. I don't even know if I have one.
They can cause a long drawn out court battle, and abuse your data. Noyb is the real-world example here. Most companies depend on not being sued, and will fold if a regulater sends them notice.
lenkite 2 days ago [-]
A good idea for a Firefox extension. Something that parses T&C's and pops up a DANGER warning on a page.
What life is too short for is being screwed over by and having to deal with the consequences of some agreement you were too lazy to read. These aren’t half as inscrutable as you think; after you read a couple you get a feel for them and can breeze through, honing on the parts that are important to you. I don’t need to spend more than a couple of minutes on a TOS before understanding if it’s awful or reasonable, and it has stopped me from opening accounts on services with truly awful provisions.
gmac 2 days ago [-]
I mean, that's fair. To an extent it depends how high the stakes are and whether there are realistic alternatives to a service.
9dev 1 days ago [-]
We need the polar opposite of that: Laws that ensure companies can’t put unreasonable clauses in fine print or long EULAs. That’s the way it works in many EU countries, and it’s a blessing.
Nobody except lawyers should have to bother with legalese.
sevenzero 1 days ago [-]
That would require you to consult a lawyer for everything you do... I personally couldn't afford that.
nvme0n1p1 2 days ago [-]
Here's Cloudflare's T&C in comic form, for those with short attention spans.
BitBalloon was the original project from Matt, the founder of Netlify!
gfat 2 days ago [-]
Loved this app. What is old is new again.
brightball 2 days ago [-]
There are numerous products like this out there. Isn’t that where Dropbox got its name in the first place?
hoherd 2 days ago [-]
I thought it was a reference to the Mac OS X `~/Public/Drop Box` directory, which was a write-only place for people to send files to your user, which has been around since the first OS X beta came out in 2000.
jamesfinlayson 2 days ago [-]
I vaguely remember being told to put assignments in a drop box (like a mail box on campus) in the mid 2000s at least, and I'm sure it wasn't a new concept then.
hoherd 2 days ago [-]
Oh dang, you're right. Mac OS X was my first Mac OS, but it looks like the Drop Box concept existed long before OS X. Here's a reference from 1991 titled "AppleShare Drop Box: Access for System 6 and 7 Clients" https://www.savagetaylor.com/TIL/TIL09033.pdf
jmaw 1 days ago [-]
I haven't done that on campus, but I've left my keys in the mechanic's key drop box when dropping of a car overnight!
lelandfe 2 days ago [-]
A term still used on Tahoe. Right click a file in Finder, Get Info. A file permissions option is "Write only (Drop Box)"
forgotusername6 2 days ago [-]
A drop box is a real physical thing, where you drop items for other people to collect.
scubbo 2 days ago [-]
I was always under the impression that that was referencing the notion from spycraft.
latchkey 2 days ago [-]
Don't forget Digital Ocean Droplets.
neom 2 days ago [-]
FWIW, We called them droplets because drop of water in the (Digital)Ocean.
frankdenbow 2 days ago [-]
Or Drop.io which got bought by Meta
hliyan 2 days ago [-]
Isn't this what we used to do with Geocities a quarter century ago? And with most other websites that offered FTP upload? You didn't have to be very technical -- there were windows FTP clients where you could just type in the IP, username, password and see an explorer-like view, onto which you could just drag and drop your HTML and image files.
xnx 1 days ago [-]
Most browsers even had (read only?) FTP clients built in.
giancarlostoro 2 days ago [-]
Its not exactly a very elaborate name.
oasisbob 2 days ago [-]
Elaborate enough?
Funny story: I used to work for a startup which had a trademark on "Airdrop". When Apple announced that feature, it took everyone there by surprise. Ended up reaching out and selling it to them for a buck or two in favor of maintaining goodwill.
inventor7777 2 days ago [-]
Ha, that's funny. When you say "a buck or two" do you really mean it was almost nothing or did Apple compensate you appropriately? I'm also surprised that Apple didn't catch that before if it was trademarked.
inigyou 2 days ago [-]
Why did you value Apple's goodwill more than a couple million dollars?
arm32 2 days ago [-]
My... Aviato?
giancarlostoro 2 days ago [-]
Infatrode, wtf is Infatrode
(I might be butchering it, course it is an Office Space reference)
He was my absolute favorite character in that show.
floydnoel 2 days ago [-]
I think it was Initrode. I used to watch it every day haha
giancarlostoro 2 days ago [-]
They intentionally butchered it I think but it still cracked me up
dmillar 2 days ago [-]
Low barrier services don't care who's first in this epoch.
ares623 2 days ago [-]
But this time it's with ~blockchain~ AI!
wartywhoa23 2 days ago [-]
Oh, how I miss the golden days of blockchain hype so much.
The luxury blockchain resort island is just soaking somewhere in the ocean, collecting dust and guano, while its former inhabitants are all the rage about AI now :'(
r_lee 2 days ago [-]
ouch... I get that it's a simple concept but darn it really does seem like ctrl c ctrl v lmao
jonluca 2 days ago [-]
Wow the people in this thread are a huge bummer. This is much cooler and I doubt this is a real safety issue. You can already sign up for a free cloudflare account and deploy it for free, on your own, on a free workers.dev domain. The friction removal here isn't going to meaningfully change the security / amount of malicious content.
combyn8tor 2 days ago [-]
Well according to the people in this thread it was previously impossible for bad actors to host a website, and CloudFlare has now given them this unique ability.
0xcafefood 2 days ago [-]
Why would Cloudflare do that? They shouldn't help bad actors.
ComplexSystems 2 days ago [-]
Who, exactly, should help people host a website?
simultsop 2 days ago [-]
Best case: themselves. Since we are not there yet, reliable services.
ForHackernews 2 days ago [-]
Same folks who are very concerned AI will give malicious actors the ability to produce text containing falsehoods.
femboyvtuber 2 days ago [-]
[dead]
judge2020 2 days ago [-]
I really hope/imagine this project specifically has a LLM of some kind doing real-time analysis on the uploaded files for malware from the get-go. How good that is could be is anyone's guess (and chances are there would be blind spots / evasion techniques).
arcatech 2 days ago [-]
When you see a group of people being critical, you can either see it as a “bummer”, or you can see it as people critically thinking about a thing.
Is it really more useful to have everyone expressing how much they like something instead of identifying problems?
Is seeing people talking about the things they don’t like something that makes you unhappy? Why?
ddtaylor 2 days ago [-]
I think the HN rule for "curmudgeonly" applies.
> Don't be curmudgeonly. Thoughtful criticism is fine, but please don't be rigidly or generically negative.
I think HN should be a place where I am excited to see what others have to add. When I see a post I am excited to see what takes and spins others have on it. I do want real criticism and a lively debate about important things, but there has to be a balance.
I want to see other comments that seem like they genuinely want to help steer something or build people up. Sometimes I get the impression that's not happening on HN.
afavour 1 days ago [-]
Discussing the privacy implications of a big box that says "drag files to me!" is thoughtful criticism.
I would get the point if this was someone's personal Show HN project but this is Cloudflare. They can withstand a little critique.
stackghost 2 days ago [-]
There needs to be another rule against being a techno-sycophant.
throw10920 1 days ago [-]
I think I might agree, but just so we're clear: what exactly is a "techno-sycophant"?
brookst 2 days ago [-]
To the curmudgeon, its techno-sycophancy to say the wheel is a pretty good thing.
It’s just another take on shill / sheeple / etc. it gets old.
stackghost 2 days ago [-]
And to the sycophant, pointing out real and obvious drawbacks is being a curmudgeon.
overtone1000 2 days ago [-]
In such situations, the golden mean is a useful lens.
tremon 2 days ago [-]
The golden mean is only a useful lens if all sides are equally prepared to take up extremist positions. If some people are taking up considerate or even reasonable positions but others take up the absolute, the golden mean will always skew towards the unreasonable.
Razengan 2 days ago [-]
Mortal combat is the only way to resolve this.
sieabahlpark 2 days ago [-]
[dead]
Nifty3929 2 days ago [-]
The problem is that everything is negative, all the time. Nothing good is allowed to be acknowledged. Everything someone or some company does must not be acknowledged to have any redeeming value- it’s all just negative
Which is sad, because so much amazing stuff is happening on the world right now, and seems to be only accelerating. For everybody.
puchatek 2 days ago [-]
Amazing stuff? You mean technical stuff right? Because politically, demographically and climate wise we're headed for disaster or at least dystopia.
I wished I could find all the science and technology as uplifting as my friends do.
camillomiller 2 days ago [-]
[flagged]
arcatech 2 days ago [-]
> Nothing good is allowed to be acknowledged.
What makes you say this?
xpct 1 days ago [-]
I don't know, I find it very hard to stay positive about our general direction in the last couple of years, and know few people in real life who don't share this opinion, in or outside of tech. And I'm also not entirely sure I understand why others are excited, it perplexes me. I would appreciate any insight into this.
sciencejerk 2 days ago [-]
Maybe AI slop has something to do with it?
sandcat_ 2 days ago [-]
It may not be critical thinking though, but simply being contrarian, which is one of the easiest ways to sound smart without necessarily providing much of value or substance. And strangely, seeing as it’s relatively rare IRL, seemingly the default on the internet. Blindly praising isn’t worth much either, but I doubt that’s what jonluca is encouraging. It’s possible to “yes, and” without resorting to either sycophancy or relentless negatively.
dryarzeg 2 days ago [-]
> Is seeing people talking about the things they don’t like something that makes you unhappy? Why?
Probably (I'm just assuming) because that person observes negative/cautious/"I don't like this because X and Y and also Z"/etc sentiment too much and feels like people are only quick to notice issues while forgetting about good sides.
It's only an assumption, though.
sieabahlpark 2 days ago [-]
[dead]
camillomiller 2 days ago [-]
This is what the influencer propaganda machine on social media has done to people's view of critical thinking.
pegasus 2 days ago [-]
You're encountering the "contrarian dynamic" which dang described in this post (which also explains why your own anti-contrarian comment reached the top) https://news.ycombinator.com/item?id=24215601
rolfus 1 days ago [-]
Thanks for linking that comment! I wasn't familiar with the term, but it perfectly describes the pattern that manifests in every single HN thread about certain topics. The Grok announcement thread that is on the main page today is another perfect example.
superjose 2 days ago [-]
Agreed I think this is pretty solid especially since you get all the Cloudflare benefits like CDN from the get-go.
thenthenthen 2 days ago [-]
After my hoster started asking me for 700€ for a year of hosting a static website of like 100Mb i moved to CF worker and github. I would selfhost but thats not allowed without license
camillomiller 2 days ago [-]
Oh poor you, bummed by people WHO ACTUALLY care about the web.
Agreed. This is the same crowd that is mad about free tiers going away on other dev-friendly hosting services…
goshx 2 days ago [-]
You must be new here :)
swingandamiss 2 days ago [-]
No, I just created a new alt account. I have a year 1 account as my main.
j-bos 2 days ago [-]
that's new :)
r3trohack3r 2 days ago [-]
I think maybe GP means they have an account that was created in the first year of the site, not a 1 year old account
godelski 2 days ago [-]
Even you're relatively new. There definitely was a shift as AI took off
Also, they said "year 1" not "1 year old"
lII1lIlI11ll 2 days ago [-]
Why do you feel like you need to post this from an alt account? Because you know such snarks tend to be downvoted and you want to preserve your precious "karma" points? So who is behaving like this is reddit?
rob 2 days ago [-]
Sure ya do buddy, me too.
phoghed 2 days ago [-]
Brother it’s always been like this. Just check n-gate.com (tragic loss btw, rip)
ddtaylor 2 days ago [-]
Hi! I have been following n-gate.com a small bit over the years, because I found it very interesting and it was a rabbit hole I wanted to go down.
I actually setup "xor-gate" for a while, which was trying to be a similar thing co-authored by a friend, but it was too time consuming and we gave up.
Did the author pass? I'm not trying to be crass, but I don't know the details.
jnaina 2 days ago [-]
wait till anyone remotely mentions apple or apple products. the neckbeards on their thinkpads will come in droves to shit on cupertino's best.
bartvk 2 days ago [-]
It's not Apple in general. If they release a new Mac Mini, it's fine. The thread when the Neo was released, was outright jubilant. It's whenever macOS is mentioned, it devolves in extreme negativity. I always, always avoid those.
adithyassekhar 2 days ago [-]
I think they are all bots or threatened to see their little hobby now being accessible, classic gatekeeping.
esjeon 2 days ago [-]
Corporations acting as if naive is a bit of problem in reality. For one thing, CF is probably the largest entity serving pirated content internationally while hiding the identities of actual perpetrators for privacy.
Same here: CF is basically giving malicious actors an ability to ship contents/data publicly while laundering the legal responsibility of those actors.
Now tell me what is cool
itzjacki 2 days ago [-]
> CF is probably the largest entity serving pirated content internationally while hiding the identities of actual perpetrators for privacy.
I'm already on board, you don't need to sell it to me!
MallocVoidstar 2 days ago [-]
> For one thing, CF is probably the largest entity serving pirated content internationally while hiding the identities of actual perpetrators for privacy.
That's awesome, glad to hear it
x-complexity 2 days ago [-]
> Now tell me what is cool
Not immediately being a copyright bootlicker.
The fact that you went straight to "BuT pIrAtEs" already shows who you actually care: Corpos, not people.
esjeon 2 days ago [-]
A dirty secret is that piracy is being abused by criminal organizations[1]. When people unknowingly access such sites to see contents for free, it generate ad revenue for those organizations, which can fund other crimes.
Broadly speaking any organisation facilitating piracy is implicitly a criminal one. Piracy is a pretty large field though and the economics of say a streaming site are going to be very different from running a torrent tracker. The fact you can use a torrent tracker without even visiting the site (Radarr/Sonarr etc) tells me that running a tracker site, probably isn't very lucrative.
enoint 1 days ago [-]
Are you talking about:
> The suspects subscribed to 40 Korean cable TV service accounts, re-broadcasting content to Indonesia and offering video-on-demand (VOD) services through customized TV boxes, applications, and web browsers.
esjeon 22 hours ago [-]
Sure, that is a case, but I mainly wanted to quote INTERPOL (the international police):
> Criminals behind pirate sites can be part of organized crime groups. They can use the proceeds to fund other illegal activities, such as illegal online gambling, online sexual exploitation, drug trafficking, arms smuggling, and money laundering.
Another notable example would be Operation KRATOS 2 by EUROPOL[1]. The case was roughly the same — crime organization pirating video content. IPTV piracy is certainly a lucrative business, because videos are relatively more difficult to handle for normal people.
I hate the corporate bootlicking that is so prevalent here.
gonzalohm 2 days ago [-]
What about centralizing the internet like Cloudfare is doing? Once corporate greed starts creeping we will find ourselves on the verge of pay per visit a website
stackghost 2 days ago [-]
You mean centralizing the web? Doesn't bother me. Most of the web is a dumpster fire of AI slop anyway.
There's more to the Internet than the world wide web, though. NNTP and IRC communities remain vibrant, if diminished in size
willtemperley 2 days ago [-]
Are you aware of any projects to replace the current web implementation?
I've noticed the current version is largely accessed by Chrome which appears to be a trojan.
stackghost 2 days ago [-]
Other than gopher/Gemini, not really, no
3997531578 2 days ago [-]
[dead]
dorongrinstein 41 minutes ago [-]
Looks like Cloudflare copied https://boomurl.com which I published a few weeks ago. It is possible they were working on it independently, but the timing is funny. Anyway. https://boomurl.com does a lot more and gives you a permanent URL for free.
There must be some really good protection on this. If I enabled such a thing on any of my servers it would be full of warez, porn, malware, CSAM and who knows what else within minutes. Curious how they manage to keep it clean.
inigyou 2 days ago [-]
The protection is that they're rich enough to handle requests from law enforcement without going to jail themselves. They'll certainly pass your IP address to law enforcement if asked.
mattlondon 2 days ago [-]
Only live for an hour.
But that won't stop people doing bad stuff for an hour I guess. Vibe code up some on-demand thing that you ping...
Y-bar 2 days ago [-]
One hour is great for spearphishing attacks, once the victim has been infected their IT department will have no trace of the source.
hoppp 2 days ago [-]
They already allow hosting static websites so I think the same guardrails are implemented.
Bender 2 days ago [-]
I've never used CF so I could be ignorant in this matter. I assumed perhaps incorrectly that people had to verify their email address and delegate their domain(s) to CF including setting the glue records in the TLD servers meaning there is possibly a financial trail somewhere probably in the DNS registrars and perhaps a mail provider, whereas this is just drag-and-drop with no money trail.
I have no idea what guardrails they have in place in the background that blocks malware, CSAM, warez and such on their free accounts.
hoppp 2 days ago [-]
Just having an account with an email address is enough.
They assign a subdomain automatically for uploads, same as cloudflare workers.
I don't know what they do, but implementing guardrails for this is possible nowadays with AI, but maybe they use a "mechanical turk"
tick_tock_tick 2 days ago [-]
If you want your own domain you need to do a bunch of that but you can also host stuff on your own free subdomain of their workers.dev
DakotaR 2 days ago [-]
Yeah, I was going to start a file drop site like 0x until realizing what it'd be used for
busymom0 2 days ago [-]
At least when it comes to bad types of porn, it's be similar to Imgur allowing anonymous uploads. They already do CSAM scanning on uploads to their R2 storage:
That makes sense. In that case I have to assume that Cloudflare will not permit encrypted archive files as one can hide the image fingerprints all together.
colechristensen 2 days ago [-]
Cloudflare in particular has an enormous fingerprint of your online activities.
Attempting to distribute/acquire illegal things through Cloudflare is an exercise in how to get caught.
Bender 2 days ago [-]
True, though they front-end 4chan which have drawn/AI kiddo material which is a no-no in the US of A which makes it difficult for me to use as my primary news site and for obtaining medical advice.
jjcm 2 days ago [-]
Cloudflare is obviously more trustworthy/robust here, but if name of the url matters to you, my site non.io [1] allows for named uploads, ie https://html.non.io/solara [2]
Somewhat useful if you want a url that isn't a hash / is more self descriptive.
There is a reason I had to lock my better version of this (https://quickish.site) behind Google OAuth to start. Like it or not, this type of stuff is going to be more popular than it was when Netlify / Heroku was doing it a decade ago.
VimEscapeArtist 2 days ago [-]
Cloudflare gives me mixed feelings. The services are good and well priced. What bothers me is that they've become infrastructure nobody opted into - you don't have an account, you just pass through their network on the way to a large share of what you visit. They terminate TLS, so it's plaintext on their side.
mrngld 2 days ago [-]
The people who own the content you decide to visit opted into it though, and they're the ones paying for it, right? No one accidentally sets up a CDN. I'm struggling to imagine workable economics where we have the rich services that we have today on the web but individual users get to dictate to sites they visit what their tech stack needs to be in real time. Imagine visiting your banks website and they're using Cloudflare, and you decide nope, I want the data delivered by CloudFront. Then the next person 20ms after you decides they don't like either of those, they really want the world to burn so they demand Azure.
That at least would bring back local bank branches at least. And movie rentals by mail.
layer8 2 days ago [-]
It’s funny the EU hasn’t designated Cloudflare as a Gatekeeper yet.
alberth 2 days ago [-]
Reminds me of web development in the 1990s.
I honestly miss those days of deployment simplicity.
gesis 2 days ago [-]
FTPing files to `~/public_html` was the best... Miss those days.
hoppp 2 days ago [-]
It still works...
3form 2 days ago [-]
It's not the ability that's missing; it's those days.
bigbuppo 2 days ago [-]
Yeah, these days if you aren't treating even the smallest of small projects that do something like "query database spit out report" as if they are major IT infrstructure projects, complete with designers, UX specialists, and accessbility experts that never talked to a disabled person to find out what they actually need, spin up 375 ec2 instances, use 19 different database systems, and send the logs to a third party, then you're literally the worst person possible, or so I've been told.
It's like, my dude last week this was an excel spreadsheet.
janandonly 2 days ago [-]
Makes sense. It plays nicely with the vibe code kids who don’t know how to do GitHub or don’t know to ask their LLM about it.
navigate8310 2 days ago [-]
From FTP to CI/CD to drag and drop, society is going backwards
smalltorch 2 days ago [-]
Hmm, that's fun and useful. Here is snake game for 60 minutes.
Your code appears to have a bug where if the arrow keys trigger a change of direction twice in a single frame interval, it can mistakenly send the snake back on itself.
Yes, it's expired I think - it only lasts for 1 hour
_pdp_ 2 days ago [-]
It is cool to see not sure why you would use it.
Also it seems to me that this is a good way to exfiltrate data, rubber stamped by cloudflare themselves.
gruez 2 days ago [-]
Isn't there already thousands of ways for exfiltrating data that must be whitelisted by corporate firewalls? office365/gsuite, for instance. Not to mention the classics like dns.
mybbor 2 days ago [-]
I co-founded a page builder for WordPress. Myself and my co-founders would joke about the "friends and family" problem. When friends or family asked us to help build their website, we usually pointed them away from our tool+WordPress for something simpler. It's nice to see more options out there that reduce the friction from someone with an idea to something published and sharable.
Several weeks ago, I got frustrated hitting the free tier limits on Netlify, and was looking for a self-hosted solution for this problem. I built it using a DO VPS and Caddy in the backend. It's free on Github. I was able to get the whole thing set up in an hour or two with the help of an agent. Feel free to give it a spin.
I have been hosting static websites with cloudflare for years and finding how to do it on the UI is getting harder as they add more things and reoranize.
lenkite 2 days ago [-]
Does the T&C differ if you do it the old fashioned way ?
asasidh 2 days ago [-]
exactly this. This is why i ended up moving to other platforms like vercel for random vibe coded projects than wrestle with cloudflare admin portal.
luciana1u 2 days ago [-]
Cloudflare Drop: finally, a domain registrar that understands the real use case is buying 47 domains at 3am and never deploying anything to any of them
system2 2 days ago [-]
It would be nice if we could see some information such as file size limitations, demos, link structure, management, etc. Am I expected to upload a random HTML file and see how it works?
petee 2 days ago [-]
Yeah I'm very lost on what this is supposed to do -- "Summon your site" is quite vague. "see it live", like a demo? or is this actually published somewhere? Is it forever?
Desktop mode doesn't show any more information either
Fergusonb 2 days ago [-]
Yep, I chucked it a file on my desktop:
index.html present
Max individual file size 25MB
Total file count <2000
Total size less than 100MB
socketcluster 2 days ago [-]
This is neat. I've been dreaming of something like this to host frontends connected to my backend platform https://saasufy.com - I can get Claude Code to create a data-driven app entirely inside an index.html file on my computer's file system, then, because it's built with WebSockets, it doesn't have CORS limitations so I can open it directly from the file system by double-clicking it (served via file:// protocol) then, when I'm happy, I can drag that file and drop it on Cloudflare Drop and then it's deployed online. No text editor/IDE, no server needed in the entire process.
rickcarlino 2 days ago [-]
Desktop operating systems should be able to run zipped web apps the way Electron apps run today. It ought to just be part of the OS.
I was going to mention Microsoft Active Desktop in the original comment, but I didn’t want HN to know how old I am.
dghlsakjg 2 days ago [-]
Unzip it.
Double click the html file.
The OS will run the web app using a browser that is just part of the OS.
rickcarlino 2 days ago [-]
You have clearly never actually tried that.
rifty 2 days ago [-]
I don't know about Windows, but on macOS you can. If you wanted to try yourself you could use SingleFile to export a webpage as a .html zip file which you could then just 'open' into the web browser.
For a web app, you might have to unzip it and launch the .html inside. CyberChef for example does offer a downloadable copy of its web app instructing you do just that.
I did it this week. MacOS, but it would have worked on Windows or Linux. Double click any HTML file in any of those and it will open in a browser
Will it work for every bloated react app? no.
Will it work if you intentionally put the slightest amount of thought into the design? yes.
rickcarlino 1 days ago [-]
It will work for documents and the most simple TODO apps. It actually will not work for anything useful. There are a number of security policies in place explicitly to prevent things in file:// from accessing features available over real HTTPS. You will not have access to anything that requires a network connection, local storage, location services, WebRTC, etc. This is why things like Electron exist and why experiments like Active Desktop, HTA, the thing linked to in this article, that other project that had the same name as this one, and Adobe AIR were tried.
2 days ago [-]
AlienRobot 1 days ago [-]
CORS issues due to trying to a .json via file://.
CORS issues on a tainted canvas if you try to render an image from a file:// src.
TZubiri 2 days ago [-]
And if there's a form or something with a backend? Just break?
Cider9986 2 days ago [-]
>Something went wrong
An unexpected error occurred. Please try again or contact support.
I have a few qualms with this app.
mohsen1 2 days ago [-]
This is perfect for my Chrome Extension for recording sessions and capturing screenshots, audio narration and videos. The output is a zip file with everything so if user wants to share they can use this
I built above chrome extension because anything in this area has been trying to monetize the solution. I wanted a free and open source version of this to exist.
It's minesweeper, but the logic uses xstate/store. The link in the bottom is broken; it's supposed to go to `building-minesweeper-with-xstate-store.html`
I have no need for this but I love that my friends could vibe out a website, drop it here, claim it, and host it for pennies. This is great.
"Your site is reachable within ~32ms of 95% of the world’s Internet-connected population" isn't new but it's cool to see that achieved so trivially.
BoppreH 2 days ago [-]
Dropped a folder with a small HTML project, and after 20 seconds got "Something went wrong. An unexpected error occurred. Please try again or contact support.".
Note how the error has zero information.
Looking in the network tab, a POST request to /upload returned 403 and an HTML page starting with "Sorry, you have been blocked", and to "email the site owner to let them know you were blocked".
I'm very tired of this adversarial approach to software coupled with vague errors.
EDIT: it was the file './git/hooks/fsmonitor-watchman.sample' created by default on git init. Maybe because it's Perl. Worse-than-useless "please try again" and "you've been blocked" for committing the sin of uploading a folder that's a git repository. Sigh...
2 days ago [-]
monooso 2 days ago [-]
Really excited about the upcoming Cloudflare FTP.
2 days ago [-]
dirkc 2 days ago [-]
Cloudflare seems to be an example of a company massively upping their output in the last year or so. And a lot of it seems AI driven.
I'm definitely keeping an eye on them to see if it works out for them. And if I will need to start routing around them to sleep easily at night.
1 days ago [-]
throwaway81523 2 days ago [-]
Wait, my first impression was that it points a local browser to your local browser. Now it looks like it uploads your folder to Cloudflare and temporarily serves it over the web. But is that different from what we used to do with FTP? Are there any databases or anything like basic PHP hosts supply? It's just static sites?
Is this a product or what? What's the purpose? Is there an API?
joenot443 2 days ago [-]
A minute ago I had an HTML doc I wanted to share with a PM. It was a Claude prepared demo of a hypothetical feature. Lots of screenshots.
I ended up just embedding them directly in the HTML as base64 and sending him a 15mb file, but hypothetically this would have been a nice solution instead.
qingcharles 2 days ago [-]
Absolutely agree. There's an insane "feature" of Claude Design which means you can only share the link to the design with other users on your account?! You can export the design, though, but then you need somewhere to quickly drop a bunch of HTML + assets. This would be perfect for that.
> Shareable Deliverables → jlnk.us (default)
The jlnk MCP server is configured machine-wide for all team agents. It publishes disposable public links: create_link(content, ttl) returns an unguessable URL anyone can open without logging in; it self-destructs after its TTL (4h/24h/72h, default 4h, max 5 MB). Also list_my_links() and delete_link(id).
> When handing a human (Founder, CEO reviewer) something to look at — QC screenshots, prototypes, reports, before/after comparisons — default to a jlnk.us link instead of a repo file path or local path. Use 72h for Founder review, shorter when the review window is same-day.
> Content must be ONE self-contained HTML file: inline CSS/JS, embed screenshots as base64 data URIs ().
> Downscale images to stay under the 5 MB cap.
> Links are public to anyone holding the URL. NEVER publish secrets, API keys, credentials, or private client data.
> Links expire — they are a viewing convenience, not the system of record. Durable artifacts still go to the repo and issue attachments as usual.
throwaway81523 2 days ago [-]
Sort of like a pastebin for directory structures then, hmm.
deeprack4sure 2 days ago [-]
Wow, that does sound like a serious hardship for someone who lets Claude write all their code for them.
Creating a folder for some files. Dude, maybe you should file for disability for repetetive stress disorder for "double clicking" or even single clicking twice.
This aggression will not STAND man!
We need computers to go back to pencil and paper but STILL be computers!
But not operated by me? Wierd operated by a fake bot me?
Wait! thats malware! Wha?
pantelisk 2 days ago [-]
There are also solutions for sharing your homelab with others (basically tunneling from your machine->server (internet accessible) <-> client. Though, if your machine would go to sleep that whole chain would fall apart. A few good automatic solutions out there that solve the problem (no "just replace dropbox with ftp" type of argument).
However, I see the appeal of this. Kind of surprised it hasn't happened yet to be honest.
inigyou 2 days ago [-]
SSH remote port forwarding. ssh -R 0.0.0.0:80:127.0.0.1:80
Requires the server's sshd config to have GatewayPorts yes, or the server will bind to 127.0.0.1 instead
amaldavid 2 days ago [-]
Been through the exact same issues and built a publishing workflow over cloudflare a few weeks back and did decent reception from HN as well
I built a tool _just the other day_ for this exact purpose. Now my agents proactively make disposable links for me: https://jlnk.us
dmillar 2 days ago [-]
Replit is used a lot in this context. Their agent is good, but their circumvent-policies-to-get-something-in-front-of-execs-quickly is an amazing and mis-priced feature.
throwaway81523 2 days ago [-]
You could just upload to a personal or other website? I sometimes do that. Is there any security or privacy (e.g. password protection) for this Cloudflare Drop site?
2 days ago [-]
vulture916 2 days ago [-]
Check out Tailscale - they have TUNS + share the source files with someone else in tailnet.
I found https://surge.sh to be a nice version of this kind of thing. Just go into a folder and type `surge` and there you go.
stanleychink 14 hours ago [-]
[dead]
2 days ago [-]
sgt 2 days ago [-]
Tried uploading a ZIP and got:
"Something went wrong
An unexpected error occurred. Please try again or contact support."
TZubiri 2 days ago [-]
When contacting support:
"Please upload a screenshot of the error by dragging a zip of the png file."
grg0 2 days ago [-]
Please zip the contact by dragging a support of the screenshot.
altairprime 2 days ago [-]
Hah! This is exactly how I’m serving the vestigial remnant of my blogging in the early 2000s from a ZIP-backed Cloudflare Worker today. Should I rebuild my site with Drop+Claim or is it fine as-is? I kind of feel like ‘if what I have works, don’t change it’ is the best path.
R_Spaghetti 2 days ago [-]
I dropped a static html page and all I got was Cloudflares well known 'Performing security verification' (and so did a Google pagespeed check).
nalekberov 2 days ago [-]
The internet will soon be flooded with even more scam landing pages.
cute_boi 2 days ago [-]
And you should be using cloudflare to protect yourself...
worldthruword 2 days ago [-]
Is cloudflare a religion now? Identify/Provide/Tell people that normal life is a problem to be solved and then sell the solution.
rjnz199 2 days ago [-]
Wonder if it has CLI so coding agents can forward path straight to their API and it would give the CLI site's address. Now that would be cool!
amaldavid 2 days ago [-]
I had built something similar over cloudflare and primarily agent first
It could be fun to use a temporary Mediafire/Rapidshare/Megaupload service. Especially if you need to transfer something between an Android and an iPhone.
fragmede 2 days ago [-]
KDEconnect will do that locally.
grepsedawk 2 days ago [-]
This is pretty cool, thanks for sharing.
It really enables less tech savvy users. It would really enable frontpage/dreamworks-like flows for some people
dmd 2 days ago [-]
All I ever get is "Something went wrong
An unexpected error occurred. Please try again or contact support."
inigyou 2 days ago [-]
I think that means you're a bot.
dmd 2 days ago [-]
beep boop
ricardobeat 2 days ago [-]
I remember doing this in 2006. FTP. Good times.
barnacs 2 days ago [-]
I remember making a Qt app for a friend that would upload dropped files via ftp and copy the link to the clipboard. Good old days!
bart3r 2 days ago [-]
So, if I need a company website, can i do the following:
- drop my html into Cloudflare drop
- setup a CNAME DNS for my domain to point at cloudflare URL
- profit
?
teddyh 2 days ago [-]
No, a CNAME can only point to a host name, not a URL. So Cloudflare’s servers would need to know about, and be configured to serve the correct web page for, the “real” name from your side.
dowonseo 2 days ago [-]
I thought cf dns was down again
djfobbz 2 days ago [-]
Yet I can't drag and drop a plain old HTML file without putting it in a folder or a ZIP file first.
spartanatreyu 2 days ago [-]
You can, the file just has to be named "index.html".
deeprack4sure 2 days ago [-]
Look. Guys (?)
If cloudflare wants to be the next "Megaupload" what business is it of yours?
There is a guy named kim DOT com. That is actually fucking cool. Whether or not he himself is actually cool. Or in prison.
millsau 2 days ago [-]
What about the databases?
jcode1 2 days ago [-]
you cant drag and drop them not now
AlienRobot 1 days ago [-]
Not even Sqlite?
forgot_old_user 2 days ago [-]
what about them?
jatins 2 days ago [-]
oh wow, a blast from the past. I remember a site called staticdrop or statichost like a decade ago, before vercel and everything that did the same thing
Good to see great ideas making a comeback
toomuchtodo 2 days ago [-]
Cloudflare folks: Please consider supporting WARC archives for deployment.
hoppp 2 days ago [-]
Is that something you use often?
toomuchtodo 2 days ago [-]
When I want to serve an archived website in read only mode, yes.
Sort of, but not quite, like cherry-picking files out of an archive blob in S3.
(I’ll see if Claude and I can come up with a WARC archive->zip file converter too)
jeffgreco 2 days ago [-]
What is this for?
neom 2 days ago [-]
I have hosted my personal site on Netlify for many many years because it's just basic js/html/css, I picked Netlify because I can just updated the index.html in the "website" folder on my desktop and literally drag it to Netlify to update it, saves a lot of time/thinking if you need something simple online quickly to show someone etc. I presume this is a similar idea.
AlienRobot 1 days ago [-]
Serverlessless web apps.
2 days ago [-]
anshumankmr 2 days ago [-]
JAMstack for the rest of us I suppose.
rldjbpin 2 days ago [-]
good tool for adding as a skill for someone making their own lovable clone!
asasidh 2 days ago [-]
I think this is great. As usual the reaction from HN folks is on brand.
ed_mercer 2 days ago [-]
Cool, just 20 years too late.
nickgray 2 days ago [-]
This is cool and I like it.
heipei 2 days ago [-]
Cloudflare is really good at launching features that facility low-friction deployment of malicious content (such as phishing) on the Internet, piggybacking on their hosting reputation and the fact that you can't easily block their ASN or domains.
simultsop 2 days ago [-]
I don't know your experience. Once I was toying around and doing a basic auth with registration and so. The weekend was over and couldn't get back to that couple of months. The worker was quarantined and marked as phishing automatically. So I believe they have something in place to prevent those you complain.
jszymborski 2 days ago [-]
Your anecdote just illustrates that their system detects legit uses as abuses, not that they have a system that effectively detects abuses.
simultsop 2 days ago [-]
But it is not that they have nothing. It was my laziness that I could not setup dev prod env's. When you develop on preview, I don't think they will do much.
cute_boi 2 days ago [-]
Cloudflare is also like a Chinese copycat machine. They mostly copy some successful project and sell it at cheap price.
Waterluvian 2 days ago [-]
Be the change you want to see to make the world of your dreams.
And then sell its denizens malice protection services.
iLoveOncall 2 days ago [-]
Some new slopware from CloudFlare. They've really lost the plot since they've gone all-in on AI development.
jsabess24 2 days ago [-]
Interesting
anonymousiam 2 days ago [-]
Odds are that this new feature will not suffer the same outcome as Megaupload, because of Cloudflare's close relationship with the USG.
amelius 1 days ago [-]
I don't want to "drop".
I want to push. And then edit. Commit. And push again.
xyst 2 days ago [-]
geocities/angelfire but for Gen Z and A
Jerrylee_maker 1 days ago [-]
[flagged]
AndrianV 2 days ago [-]
[dead]
arm32 2 days ago [-]
This definitely won't get used to host unlimited phishing sites. /s
jaideepjagyasi 2 days ago [-]
shitty app, doesnt even exclude hidden folders
sleepynoodle 2 days ago [-]
This is so cool.
S0y 2 days ago [-]
Cloudflare has the astonishing ability to make me hate them more as a company every new feature they launch.
vevoe 2 days ago [-]
why?
S0y 2 days ago [-]
Every new feature they've launched recently can be used to make the web more dangerous for everyone except those who use Cloudflare.
denismenace 2 days ago [-]
How would this make the web more dangerous? Its just static file hosting. Already wildly available!
TZubiri 2 days ago [-]
The argument would be that they sell the kevlar and the guns
To be fair, CF mainly develops defensive cybersecurity products, the extent to which their tools might be used maliciously is pretty on par with other regular tools.
But, it just has bad optics and potential COI/Racketeering when CF is at both sides of the counter.
To be explicit, in case it isn't obvious,Cloudflare emerged as a DDoS protection company, detecting attacks from distributed sources is part of the raison d'etre, and domains and IP addresses are a key part of that infrastructure.
By subletting their own IP addresses for navigation with warp, and their own domains for hosting of webcontent with subdomain hosting, they are providing pooled anonimity for their customers, which is precisely what makes it very hard for defenders on the other side to implement foundational security measures like IP bans, or IP block bans, or domain bans, or Whois/RDAP domain analysis.
latchkey 2 days ago [-]
phishing
collabs 2 days ago [-]
Congratulations on launching!
I tried uploading a git repository that I have previously successfully published on Github pages. This is a "no build" website I have built with the help of Claude. It should just work but I keep getting an error. Who can I reach out to give them steps to reproduce? The website repository is public and I feel like anyone at Cloudflare who wants to reproduce my problem can quite literally clone my repo and upload it to cloudflare drop.
Please drop your cloudflare email address and I will reach out to you with my repository information.
turtlebits 2 days ago [-]
Or you could do some of your own troubleshooting? Uploading a git repo is different than uploading a zipped/folder, especially if your index.htm/l isn't at the root.
collabs 2 days ago [-]
Thank you for the reply. Index dot html is already at the root of the folder and it deploys just fine on GitHub pages.
aetherspawn 2 days ago [-]
Hey stranger, welcome to 2026. It’s somewhat different to what you’re used to in 2035. We do things differently here.
collabs 1 days ago [-]
I copied the folder to a new folder without the `.git` folder and that deployed just fine. Thank you to everyone who helped me.
By submitting, posting, or publishing your content, suggestions, enhancement requests, recommendations, feedback, information, data, or comments (“Content”) to any Website or Online Service, you are granting Cloudflare a perpetual, irrevocable, worldwide, non-exclusive, royalty-free right and license (with the right to sublicense) to use, incorporate, exploit, display, perform, reproduce, distribute, and prepare derivative works of your Content.
If you're ok with that, fine. But I'm not.
Officially it means they can legally do wat you want them to do (present the content to users, perhaps transforming it in various ways for some or all viewers), but of course it covers them being able to do far more than that.
If they needed permissions for conversion, they'd have made a specific mention of that and thereafter confirmed legal ownership.
You do not need all that.
If my company presented such user agreement I would be quickly reported by users to local Office of Competition and Consumer Protection, audited, fined, and ordered to change that.
I think this would be even challenged at the level of "Abusive clauses registry" that office maintains, so the agreement would be quickly overruled in court.
If no specific clause would be challenged, this is an example of "grossly violates the consumer's interests" rule.
How is big tech allowed to push this shit anywhere? How is this legal in civilized world?
Irrevocable and right-to-sublicense are the red flags for me. Nothing a company sells to us is irrevocable, but everything they take from us is expected to be.
Perpetual is way harder to justify though.
This is standard boilerplate for hosting companies so they don't run into issues putting your content on distributed CDNs, or if things are in their logs, etc.
https://vercel.com/legal/terms#feedback
https://fly.io/legal/terms-of-service/#2-ownership
https://www.netlify.com/legal/terms-of-use/#3-your-content
I want to be mad at Cloudflare as much as the next person, but Vercel, Netlify, Fly.io all have the same "legal-ese". I don't agree with it and it feels overly broad, but it seems hosting companies, at least US based ones, all have this same standard boilerplate around your content.
I hate AI with every fiber of my being. Yes, there are a few areas where it's beneficial, but in total it's a disaster for us. I don't need to get further into that discussion here as it's irrelevant to the initial topic.
Have a good day!
Not sure why cloudflare seems to be in such good standing on hn.
Clear red flag, only useful for whistleblowers.
Wouldn't it be fun to upload content of a big music label or smth like that?
You are now making me rethink using any of Cloudflare's tech. I need to go and read the fine print for their DNS (1.1.1.1). I also wonder what their Turnstile conditions are being imposed on all of us.
That sort of condition is disgusting.
We need these legal texts as short form TikTok content I am afraid.
They can cause a long drawn out court battle, and abuse your data. Noyb is the real-world example here. Most companies depend on not being sued, and will fold if a regulater sends them notice.
Nobody except lawyers should have to bother with legalese.
https://nedroidcomics.tumblr.com/post/41879001445/the-intern...
Funny story: I used to work for a startup which had a trademark on "Airdrop". When Apple announced that feature, it took everyone there by surprise. Ended up reaching out and selling it to them for a buck or two in favor of maintaining goodwill.
(I might be butchering it, course it is an Office Space reference)
He was my absolute favorite character in that show.
The luxury blockchain resort island is just soaking somewhere in the ocean, collecting dust and guano, while its former inhabitants are all the rage about AI now :'(
Is it really more useful to have everyone expressing how much they like something instead of identifying problems?
Is seeing people talking about the things they don’t like something that makes you unhappy? Why?
> Don't be curmudgeonly. Thoughtful criticism is fine, but please don't be rigidly or generically negative.
https://news.ycombinator.com/newsguidelines.html
I think HN should be a place where I am excited to see what others have to add. When I see a post I am excited to see what takes and spins others have on it. I do want real criticism and a lively debate about important things, but there has to be a balance.
I want to see other comments that seem like they genuinely want to help steer something or build people up. Sometimes I get the impression that's not happening on HN.
I would get the point if this was someone's personal Show HN project but this is Cloudflare. They can withstand a little critique.
It’s just another take on shill / sheeple / etc. it gets old.
Which is sad, because so much amazing stuff is happening on the world right now, and seems to be only accelerating. For everybody.
I wished I could find all the science and technology as uplifting as my friends do.
What makes you say this?
Probably (I'm just assuming) because that person observes negative/cautious/"I don't like this because X and Y and also Z"/etc sentiment too much and feels like people are only quick to notice issues while forgetting about good sides.
It's only an assumption, though.
https://news.ycombinator.com/item?id=48841559
Also, they said "year 1" not "1 year old"
I actually setup "xor-gate" for a while, which was trying to be a similar thing co-authored by a friend, but it was too time consuming and we gave up.
Did the author pass? I'm not trying to be crass, but I don't know the details.
Same here: CF is basically giving malicious actors an ability to ship contents/data publicly while laundering the legal responsibility of those actors.
Now tell me what is cool
I'm already on board, you don't need to sell it to me!
That's awesome, glad to hear it
Not immediately being a copyright bootlicker.
The fact that you went straight to "BuT pIrAtEs" already shows who you actually care: Corpos, not people.
[1]: https://www.interpol.int/en/Crimes/Illicit-goods/Projects/Pr...
> The suspects subscribed to 40 Korean cable TV service accounts, re-broadcasting content to Indonesia and offering video-on-demand (VOD) services through customized TV boxes, applications, and web browsers.
> Criminals behind pirate sites can be part of organized crime groups. They can use the proceeds to fund other illegal activities, such as illegal online gambling, online sexual exploitation, drug trafficking, arms smuggling, and money laundering.
Another notable example would be Operation KRATOS 2 by EUROPOL[1]. The case was roughly the same — crime organization pirating video content. IPTV piracy is certainly a lucrative business, because videos are relatively more difficult to handle for normal people.
[1]: https://www.europol.europa.eu/media-press/newsroom/news/29-a...
Piracy is cool. Information wants to be free.
I hate the corporate bootlicking that is so prevalent here.
There's more to the Internet than the world wide web, though. NNTP and IRC communities remain vibrant, if diminished in size
I've noticed the current version is largely accessed by Chrome which appears to be a trojan.
https://developers.cloudflare.com/changelog/post/2026-07-08-...
But that won't stop people doing bad stuff for an hour I guess. Vibe code up some on-demand thing that you ping...
I have no idea what guardrails they have in place in the background that blocks malware, CSAM, warez and such on their free accounts.
They assign a subdomain automatically for uploads, same as cloudflare workers.
I don't know what they do, but implementing guardrails for this is possible nowadays with AI, but maybe they use a "mechanical turk"
https://blog.cloudflare.com/a-simpler-path-to-a-safer-intern...
Attempting to distribute/acquire illegal things through Cloudflare is an exercise in how to get caught.
Somewhat useful if you want a url that isn't a hash / is more self descriptive.
[1] Launch discussion: https://news.ycombinator.com/item?id=36296695
[2] This was a demo of the output of a design tool I'm working on, only the home/accommodations/about pages work.
(https://x.com/BraydenWilmoth/status/2074894829616509358)
That at least would bring back local bank branches at least. And movie rentals by mail.
I honestly miss those days of deployment simplicity.
It's like, my dude last week this was an excel spreadsheet.
https://drop-e7e6d363-601.important-seat.workers.dev
Tried from two hosts, different countries.
Also it seems to me that this is a good way to exfiltrate data, rubber stamped by cloudflare themselves.
Several weeks ago, I got frustrated hitting the free tier limits on Netlify, and was looking for a self-hosted solution for this problem. I built it using a DO VPS and Caddy in the backend. It's free on Github. I was able to get the whole thing set up in an hour or two with the help of an agent. Feel free to give it a spin.
https://github.com/RobbyMcCullough/honeydrop
I have been hosting static websites with cloudflare for years and finding how to do it on the UI is getting harder as they add more things and reoranize.
Desktop mode doesn't show any more information either
Double click the html file.
The OS will run the web app using a browser that is just part of the OS.
For a web app, you might have to unzip it and launch the .html inside. CyberChef for example does offer a downloadable copy of its web app instructing you do just that.
[1]: https://gchq.github.io/CyberChef/
Will it work for every bloated react app? no.
Will it work if you intentionally put the slightest amount of thought into the design? yes.
CORS issues on a tainted canvas if you try to render an image from a file:// src.
I have a few qualms with this app.
https://github.com/mohsen1/session-recorder-chrome-extension
I built above chrome extension because anything in this area has been trying to monetize the solution. I wanted a free and open source version of this to exist.
https://drop-1e1a536f-10d.honeysuckle-gull.workers.dev/
It's minesweeper, but the logic uses xstate/store. The link in the bottom is broken; it's supposed to go to `building-minesweeper-with-xstate-store.html`
I have no need for this but I love that my friends could vibe out a website, drop it here, claim it, and host it for pennies. This is great.
"Your site is reachable within ~32ms of 95% of the world’s Internet-connected population" isn't new but it's cool to see that achieved so trivially.
Note how the error has zero information.
Looking in the network tab, a POST request to /upload returned 403 and an HTML page starting with "Sorry, you have been blocked", and to "email the site owner to let them know you were blocked".
I'm very tired of this adversarial approach to software coupled with vague errors.
EDIT: it was the file './git/hooks/fsmonitor-watchman.sample' created by default on git init. Maybe because it's Perl. Worse-than-useless "please try again" and "you've been blocked" for committing the sin of uploading a folder that's a git repository. Sigh...
I'm definitely keeping an eye on them to see if it works out for them. And if I will need to start routing around them to sleep easily at night.
Is this a product or what? What's the purpose? Is there an API?
I ended up just embedding them directly in the HTML as base64 and sending him a 15mb file, but hypothetically this would have been a nice solution instead.
Here's the instructions my agents have:
> Shareable Deliverables → jlnk.us (default) The jlnk MCP server is configured machine-wide for all team agents. It publishes disposable public links: create_link(content, ttl) returns an unguessable URL anyone can open without logging in; it self-destructs after its TTL (4h/24h/72h, default 4h, max 5 MB). Also list_my_links() and delete_link(id).
> When handing a human (Founder, CEO reviewer) something to look at — QC screenshots, prototypes, reports, before/after comparisons — default to a jlnk.us link instead of a repo file path or local path. Use 72h for Founder review, shorter when the review window is same-day.
> Content must be ONE self-contained HTML file: inline CSS/JS, embed screenshots as base64 data URIs ().
> Downscale images to stay under the 5 MB cap.
> Links are public to anyone holding the URL. NEVER publish secrets, API keys, credentials, or private client data.
> Links expire — they are a viewing convenience, not the system of record. Durable artifacts still go to the repo and issue attachments as usual.
Creating a folder for some files. Dude, maybe you should file for disability for repetetive stress disorder for "double clicking" or even single clicking twice.
This aggression will not STAND man!
We need computers to go back to pencil and paper but STILL be computers! But not operated by me? Wierd operated by a fake bot me? Wait! thats malware! Wha?
However, I see the appeal of this. Kind of surprised it hasn't happened yet to be honest.
Requires the server's sshd config to have GatewayPorts yes, or the server will bind to 127.0.0.1 instead
you can check it out here: https://github.com/Amal-David/pagecast
"Something went wrong An unexpected error occurred. Please try again or contact support."
"Please upload a screenshot of the error by dragging a zip of the png file."
you can check it out here: https://github.com/Amal-David/pagecast
- drop my html into Cloudflare drop
- setup a CNAME DNS for my domain to point at cloudflare URL
- profit
?
If cloudflare wants to be the next "Megaupload" what business is it of yours?
There is a guy named kim DOT com. That is actually fucking cool. Whether or not he himself is actually cool. Or in prison.
Good to see great ideas making a comeback
https://news.ycombinator.com/item?id=48808481
https://github.com/SpeedcubeDE/speedcube.de-forum-archive is an example use case.
Sort of, but not quite, like cherry-picking files out of an archive blob in S3.
(I’ll see if Claude and I can come up with a WARC archive->zip file converter too)
And then sell its denizens malice protection services.
I want to push. And then edit. Commit. And push again.
Kevlar:
https://developers.cloudflare.com/bots/ https://www.cloudflare.com/products/turnstile/
Guns:
https://support.cloudflarewarp.com/
To be fair, CF mainly develops defensive cybersecurity products, the extent to which their tools might be used maliciously is pretty on par with other regular tools.
But, it just has bad optics and potential COI/Racketeering when CF is at both sides of the counter.
To be explicit, in case it isn't obvious,Cloudflare emerged as a DDoS protection company, detecting attacks from distributed sources is part of the raison d'etre, and domains and IP addresses are a key part of that infrastructure.
By subletting their own IP addresses for navigation with warp, and their own domains for hosting of webcontent with subdomain hosting, they are providing pooled anonimity for their customers, which is precisely what makes it very hard for defenders on the other side to implement foundational security measures like IP bans, or IP block bans, or domain bans, or Whois/RDAP domain analysis.
I tried uploading a git repository that I have previously successfully published on Github pages. This is a "no build" website I have built with the help of Claude. It should just work but I keep getting an error. Who can I reach out to give them steps to reproduce? The website repository is public and I feel like anyone at Cloudflare who wants to reproduce my problem can quite literally clone my repo and upload it to cloudflare drop.
Please drop your cloudflare email address and I will reach out to you with my repository information.