Is there a concise summary of why Cloudflare is (apparently) bad?
Am I wrong in believing that Cloudflare appared to be a friendly, user-positive focused company in the past? If it was the case, what changed so drastically?
Because if the only way you can keep a site on the internet against the flood of ddos, et al, is by using Cloudflare, then Cloudflare is the internet, and anyone with $20 billion dollars could effectively control the internet.
Musk tried to buy the wrong company.
You could certainly argue that that's no different than relying on azure, aws, or gcp to issue your cert and technically having the ability to decrypt traffic to your server for whatever reason they want to. And that all of this is just a matter of who to trust. It's just very very centralized for something so crucial.
Cloudflare so far hasn't been successful with its other product offerings, but they could go in a direction where they can blackmail you into being their customer: IF, for example, cloudflare were to succeed in making their 1.1.1.1 service (https://1.1.1.1) as popular as they have been able to with the DOS/DNS service, there is nothing that would stop them from either not serving a page to you as an end-user UNLESS you use (and pay for) 1.1.1.1, or stop them from serving your website as an operator UNLESS you use DOS/DNS service offered by them. As other commenters have pointed out their blanket rules on TOR traffic is both understandable practically, and a preview of this if it were to be used maliciously.
I am in no way insinuating that cloudflare builds their products with this motivation, or that their current team has any of these (In fact I do tend to agree with you that the people who work there mostly just want to build great products.) The issue is that I'd rather not have a company around that can be in a place to do any of that once the good people leave.
It'd just be a lot nicer if some of the fundamental things of the internet could follow some of the more original philosophies of building great concepts, and allowing anyone to implement them. I don't want to get to a place where there's a "cloudflare internet."
None of this is to say that cloudflare is the only or even most concerning actor to whom this criticism applies. But that is who you asked about.
If you are even a little concerned about the power and influence that AWS, Microsoft, and Google have over modern application hosting services (such as cancelling people for disagreeing with the TechLords' pet political stances), you should be cheering Cloudflare on. They are scrappy competitors taking a very different approach, and offering a lot of value. Yes, they're several years behind AWS, but then, so is everyone else, and you can build real apps on the pieces they have available today.
I'll add that Cloudflare has consistently been among the most unbiased and most transparent cloud services providers out there. (For instance, their 1.1.1.1 DNS service is regularly audited by a third party with the reports posted for all to see that Cloudflare is indeed operating the service as they claim. That's a level of accountability I really don't see from other cloud services providers.)
Those who worry about Cloudflare and aren't fighting AWS tooth and nail have no real-world perspective. AWS is far more of a danger than Cloudflare could possibly be for many years to come, especially since they have proven they will pull services with no notice for political infractions. The only reason Cloudflare is controversial is becasue they do NOT do that without it being a very justified and measured response. (Even then, everyone has the right to speak freely on the net, IMO. Let even Nazis have hosting and speak their minds. Then we can ridicule them appropriately.)
Additionally, people were unhappy that they initially refused to deplatform kiwifarms.