are there technical details on exactly what x.com did?
cloudflare offers a lot of self-service tools, which can and do allow customers that cloudflare doesn't want to service to use it until someone finds out (my favorite example is that, briefly, the foreign ministry of Iran briefly managed to register and activate properties on the service)
registering while only directing brazilian clients to cloudflare would be difficult using the standard method (setting your domain's nameservers to the cloudflare servers), but cloudflare's CNAME setup option only requires a TXT record. it's possible x.com did that by just paying for a business plan and never interacting with cloudflare staff
cloudflare offers a lot of self-service tools, which can and do allow customers that cloudflare doesn't want to service to use it until someone finds out (my favorite example is that, briefly, the foreign ministry of Iran briefly managed to register and activate properties on the service)
registering while only directing brazilian clients to cloudflare would be difficult using the standard method (setting your domain's nameservers to the cloudflare servers), but cloudflare's CNAME setup option only requires a TXT record. it's possible x.com did that by just paying for a business plan and never interacting with cloudflare staff
doing so for the _root_ record is a bit dicier, but as x.com operates its own nameservers they're probably able to handle the not-quite compliant fuckery necessary to CNAME the root: https://developers.cloudflare.com/dns/zone-setups/partial-se...