It probably doesn't make sense because you misunderstand their primary purpose. It's not DDoS protection. Cloudflare has a pretty wide-spanning platform of products and services, but if you had to pick one out as their "primary", it would be their CDN product. The DDoS protection is just more visible because of the nature of the product (a good CDN will never make you aware it even exists), and because mitigating DDoS attacks makes for good news headlines.

Even if DDoS was their main business driver, what you're saying is similar to "doctors don't make any sense to me. what possible incentive do they have for keeping people healthy? they have incentive for promoting bad health."

As someone who works in security, believe me, there are plenty of cyber attackers out there that will easily keep companies like Cloudflare in business, no "promotion" of bad behavior required.

> what you're saying is similar to "doctors don't make any sense to me. what possible incentive do they have for keeping people healthy

People do say this, all the time!

It doesn't make sense to you to do the right thing and protect people at the expense of profit?

It costs money to do the things they do. If there's no profit, the service has to beg for money, or die for lack of resources. CloudFlare is not a charity, and if it was one, it would be ineffectual because their services are too behind-the-scenes and technical to get a donor base wide enough to support them. Profit is not necessarily an anathema to doing the right thing, and if you can align your interests with your cash flow, you can do the right thing without begging for money, which imho is even better than doing the right thing but having to subsist on the money generated by profitable enterprises that aren't as noble (donated either directly, or by their employees). But of course, aligning those interests is a challenge.

Um .. you remember how they spammed random password data and memory all over the Interwebs right?

https://www.pcmag.com/news/351962/cloudflare-leak-exposed-da...