Technology

Yes, it draws from what is published on their own website at https://www.cloudflare.com/our-story/. It is still speculation though as to what is happening. They claim their motivation was to identify and prevent spammers and other malicious actors taking websites, by crowdsourcing and blacklisting bad actors. From that perspective, users will see numerous addresses blocked that are supposedly part of those identified.

So yes, one could say, is that real? Well that's the point, we don't really know either way, and as far as I'm aware there have been no court cases yet against CloudFlare ie. evidence brought forward justifying criminal actions.

Certainly my own website was being hammered every day as I can see for the WP WordFence security plugin. WordFence also blocks masses of IP addresses based on attempted logins as well as crowdsourced data from similar actions elsewhere that they have detected. I can see people, after being blocked, running up their IP address range attempting to get around the block. So there are genuinely bad actors out their running automated tools to do this. That does not make WordFence now a bad thing. So websites are looking at many ways to try to protect themselves from this constant bombardment, that also uses up the hosting network traffic.

I'm not saying either that Cloiudflare does not have the potential to do bad. We can see how they work technically. But have they actually sold users' data, have they exploited the man-in-the-middle or given others access to it? That I've seen no evidence of yet. I just dislike ungrounded speculation, as that leads to conspiracy theories that may be unfounded.