← Back to context

Comment by mattbee

8 years ago

Cloudflare sells protection from the internet attacks through its network. The same company and network facilitates the organisation of those same attacks, and helps keep them anonymous.

That's a high-tech protection racket.

I get this argument. I have made it in the past.

But CF doesn't want to play Internet cop. Everyone who manages a service gets a constant barrage of "someone using your site did something offensive, I want you to kick them off your service!"

CF has decided they are just not going to play the game, at all. Because once they start, then all the piranha come to feast.

I'm not saying this means they aren't a racket, which is charging people money to solve a problem you made. But they do have some good reasons for simply refusing to censor what they offer.

  • It's not a game, it's policing your own network and keeping your business activities legal. My network has run an abuse desk for 15 years and there are no feasting piranhas (what does that even mean?).

    Cloudflare definitely already runs an abuse desk, and ban accounts, they just choose not to ban network abuse tools. They are making the internet a more dangerous place for hosting, then asking you to buy a solution. They could search Google for "booter" and "ddos tool" and whatever else, and flag sites for banning, it's a project an intern could do. But they don't, and they suck for that.

    • They could ban booters. But then someone else will say "but you allow <some other type of site>! They're clearly bad, you should ban them too". And so they do, and now someone else complains about some other site. Once you start banning sites for the content they hold, where do you draw the line? I don't fault CloudFlare for drawing it at the legal barrier (e.g. no CP).

      4 replies →

  • Call it a conflict of interest then. The worse the internet at large becomes, the more money cloudflare makes.

  • DOS attacks being a bad thing is the whole reason the service exists, so to then group it with "things some people consider offensive" is just double think. If Cloud Flare didn't want to play internet cop in regards to DOS attacks, it would not exist. Since it does, it might as well say the same things with both sides of the mouth.

    • DDoS attack protection is just one of the services CloudFlare offers. Saying it's the whole reason the service exists suggests that you haven't actually looked at what they do.

      3 replies →

Most of those booters are on their free tier, so it's a bit hard to argue it's a racket.

If you want to claim it's unethical... maybe. But if you think about it from their position, it could genuinely get into a slippery slope if you start policing what services you're reverse proxying. Especially considering the rate they're growing now.

Think of it this way: should Google be compelled to remove all search results for all booters and other malware-related services? It's asking a lot.

It's not a racket. Refusing to police their own customers, and having customers that do bad things that CloudFlare incidentally helps protect against, does not make it a racket.

In a protection racket (or more accurately an extortion racket), businesses that don't pay up will get attacked by the racketeers, and so for the most part paying up just means the racketeer won't attack them. That doesn't even remotely describe CloudFlare. Whether or not you pay for CloudFlare doesn't affect whether some other customer of CloudFlare attacks you. And the fact that those other customers are using CloudFlare themselves does not make CloudFlare responsible for their actions.