Comment by getlawgdon
8 months ago
Hmm. My take is the casino structured its business to comply, not to evade interest. Further, I don't see how Cloudflare benefits by taking on the risk to charge more to help a customer avoid scrutiny. More like: they know it's a humming business and want a piece.
The way I read the screenshots of the emails from the articles seemed to suggest that something the authors company was doing was causing issues with IP reputation on CloudFlares range.
Them very aggressively highlighting the BYO IP feature and then even suggesting third parties to rent IPs from strikes me as a significant detour from their normal “script” (having dealt with their AU sales team before).
CF calls and says there is a problem with traffic. They want to push an enterprise plan. Customer says no.
CF calls and says there is a problem with domains. They want to push an enterprise plan. Customer wants to solve problem, dropping domains, making changes. CF says, only enterprise plan will remedy the situation.
There is obviously a sales script involved.
“get back to Trust & Safety"
Heard that story several times, it's always another team, e.g. "Licensing" that need to be satisfied, or that if you don't pay up, that team will be off the leash. Also heard the pay-for-a-year-upfront for several large vendors who pull this. The reason is, some sales reps need to make numbers, so they shake the tree and see who falls down:
"Cloudflare has absolutely no information on when they will force you into custom billing, but when they start "urgently" needing to talk to you you're probably not going to get out until you have a juicy custom contract with them."
this is exactly what is happening. Cloudflare uses an anycast network, so IPs are shared by default.
this customer is damaging Cloudflare IP reputation which hurts other customers. Cloudflare can either fire the customer to protect other customers using Cloudflare IPs, or force this customer to use their own IPs and damage/manage their own IP reputation.
unfortunately this is expensive and OP is mad they can't do their legally fraught gambling operation on Cloudflare's addresses for free
They're mad that cloudflare cut them without real warning. And they should be! Anyone can get on a big company's bad side, and if there aren't extremely important messages being withheld by the author this makes it scary for anyone to use cloudflare.
If a custom IP is going to be mandatory, they need to say that and give a deadline, at the very least.
3 replies →
> this is expensive and OP is mad they can't do their legally fraught gambling operation on Cloudflare's addresses for free
This is directly contradicted by the contents of the article, perhaps you should re-read it.
And why did they want to push them to Enterprise service?
>$120k up front for one year of Enterprise
Doesn't sound like a reputation problem.
Cloudflare could've just said so. Cloudflare also chose to make BYOIP expensive.
They could've explained the problem ("your gambling business is a problem for our IP reputation") and offered a solution ("we can switch you over to BYOIP so this won't be a problem"), but instead they sent in an army of sales reps that demanded an upfront payment for a product tier that they only needed one small part of, to the point of sales people pretending to be part of other teams.
It makes business sense to kick out casinos, but OP got fucked over by Cloudflare's shitty practices.
If this is what's happening, the right behavior is to say that and terminate OP's service. Even if OP is in the wrong, Cloudflare did such a bad job communicating with them that they come off as extortionate.
1 reply →
Compliance:
> We do have multiple domains that mostly act as mirrors to our main domain. We have these for a few reasons. One is that since we are a casino, we have different regulatory requirements we need to comply with in many countries.
Evasion:
> Another is that we use them to target different global user groups and affiliates and track conversions long-term. This also means that if a country DNS-blocks our main domain, a secondary domain may still be available.
This is more like one gang hitting up another for "protection" payments. I had to laugh when they called it "Trust & Safety".
> My take is the casino structured its business to comply, not to evade interest
It's impossible to say what's going on since it's an anonymous post with no details.
Maybe it's all 100% true.
Maybe there are some key details being left out. Wouldn't be the first time I've seen one of those outrage posts that seriously misrepresented things.
Whatever the case, obviously the author is not an unbiased party. These posts do well because "zomg Cloudflare bad!", and maybe they are, but I sure as fuck don't trust some casino guy either.
Thing is, this is also not the first time when Cloudflare T&S team has been disrupting their customers out of the blue. The post even has some links to other HN stories.