How does it counter the incentives of all other companies to make it look like they're not the only one???

Cloudflare has the biggest scale and is arguably best positioned to soak up massive attacks. Therefore CF may have a unique incentive to make it sound like attacks are larger and there are more really big ones.

> is arguably best positioned

Lying about the scale of thwarted attacks by others is the counter argument

Still not sure what you're saying:

A) everyone inflates-- in which case, you want to be with the entity with the biggest pipes. Also, of course, we have reasonable estimates about how much traffic everyone can exchange.

B) non-CF players downplay DDoS-- this isn't going to work either.

A) not really, you need an entity with pipes big enough. Have they repeatedly claimed to have frequent attacks bigger than anyone's capacity? (by the way, how are those reasonable estimates immune to everyone lying but not to the lies about the attacks?) B) why?

Capacity isn't a number, like you have 48 units of internets.

You need an entity with peering, pipes, and request rates big enough in the right places.

Capacity is a number, like you can handle 10 tbps attacks (with the peering/pipes/rates infrastructure)

But it's not. How much you can soak up of clients actively trying to handshake and request resources is going to be different from how much of bulk traffic. How much traffic you can soak up in one place (e.g. saturating your peering to where 80% of your customers are). Or how much spoofed traffic you can soak up globally from a botnet.

Cloudflare has a ton of infrastructure, and this just makes them intrinsically more robust to the biggest attacks. It's in their interest, therefore, to make people believe there's a lot of really big attacks.

You're just describing different capacities.

But this complexity likely works against your claim that there are reliable estimates, meaning that it's easier for everyone else to A) inflate their own capacities and argue that B) CF shouldn't be trusted in their assessment as it's inflated.

And I've already addressed your last point, so alternatively: if the biggest attacks are 1 bps of traffic, it doesn't matter that you have a ton of infrastructure because anyone can handle a byte. The lie has to exceed "capacities" of others for it to matter.

> CF shouldn't be trusted in their assessment as it's inflated.

I think since we know CloudFlare has the biggest scale, we know that CloudFlare has the biggest capacity, with a higher baseline request rate and traffic exchanged than anyone else: definitely globally, and almost everywhere locally.

> And I've already addressed your last point, so alternatively: if the biggest attacks are 1 bps of traffic, it doesn't matter that you have a ton of infrastructure because anyone can handle a byte.

Which is why Cloudflare has an incentive to make DDoS attacks sound bigger.

Sure, we always know that everyone has an incentive to make their own capacity sound bigger, and parties with marginal ability to soak DDoS have an incentive to make the DDoS problem sound smaller.

Speaking of incentives, what might be the incentives of those referring to them as Clownflare? I sure have to wonder what their biases are, and how fairly they represent the company.