Basic idea — sit in between your website and users (including robots and would-be attackers) and massage what the users see (e.g. replace harvestable email addresses with scriptlets) and the way they are able to access your content (e.g. cache static content, insert analytics code, block cross-links and war dialers) while acting as a CDN. And do it for free (at least for now).
Setup is wonderfully handled if not quite completely painless — although it’s close. You need to enter your DNS records one-by-one (at least, you’re supposed to — I’m pretty sure the automatic detection it does would probably be sufficient in most cases) which took me a while for loewald.com since it has a whole lot of bizarre legacy subdomains. (And since a denial of service attack doesn’t care how popular a subdomain is, you shouldn’t ignore them.)
So, I’ll see how it goes, and add any updates here.
Second update: I added riddlemethis.net to Cloudflare. Unlike loewald.com (which has all kinds of whacky DNS records because of all the different prototypes and experiments I’ve set up on it over the years) this took about two minutes and didn’t involve any data entry.
If Cloudflare cost $20/month/site it wouldn’t be worth it for my little personal site. It probably wouldn’t even be worth it for RiddleMeThis. But it’s free. For any kind of serious site, the $20/month seems like a no-brainer.