Comment by ymse
10 years ago
Cloudflare should have an emergency hotline for situations like this. Charge half the ransom to handle the traffic for the duration of the attack. Offer contract afterwards.
10 years ago
Cloudflare should have an emergency hotline for situations like this. Charge half the ransom to handle the traffic for the duration of the attack. Offer contract afterwards.
We (CloudFlare) do. We have done onboardings in real time with people under attacks. We do full length contracts because that works better for customers, though.
We don't proxy smtp. There are solutions to deal with that in a hybrid way, though.
No, profiting in any way off blackmailers looks really bad...
Reminds me of when Uber had that surge pricing scandal during the Sydney hostage crisis.
I think the OP meant it as a discount. (E.g. if cloudflare blocking the attack would cost 10k (for 5 sites) for a month, offer a discount at half the ransom (3k) for however long the attack lasts days).
Still too risky from a PR standpoint. It's the kind of corporate activity that means well (truly) but can be interpreted negatively too easily.
Unfortunately the only safe play is to give away the service for free (for duration of the attack). Which could be a solid marketing strategy, cloudflare's price point is reasonable enough that many would stick with their service even after the attack was over.
Cloudflare's $200/month business plan includes DDoS mitigation. It's self-serve and there's an "I'm Under Attack!" button in every account. There's no extra cost for the bandwidth.
So $6000 would get them over two years of self-service DDoS mitigation. Ouch.
If you are in the privacy business, a man-in-the-middle like CloudFlare, is not the thing you try first.
2 replies →
CloudFlare was the first company ProtonMail called (with in 5 minutes of the DDoS starting). Unfortunately, they couldn't help ProtonMail. But, thanks to @rdl for responding to a txt on his cell phone at an inopportune time and mobilizing CloudFlare's sales and engineering teams to talk with Proton (during the company's retreat no less)!
For all the people getting nasty and arm chair quarter backing this on little to no information or trying to claim credit for things they did not do- understand that once you start working in venture funded startups pretty much everyone knows each other and many people have worked together before.
Cloudflare don't proxy mail though, which is ProtonMail's main business, so that wouldn't have done much for keeping their services up.
Additionally, I don't see ProtonMail as the kind of company that'll let other third parties terminate their SSL connections/proxy all their traffic.
They have BGP origin protection, where they announce your IP space for enterprise plan, probably expensive though.
Wasnt Cloudflare founded by ex fed or something? Hosting isis chat rooms that somehow are not being taken down by US fed is also slightly suspicious.