Comment by viraptor
9 months ago
I can't find a violin small enough for cloudflare here. They're known for ignoring abuse and now they want to retaliate for someone blocking them like they're some kind of required utility provider? Maybe it's time for legal action from all the people randomly blocked by cloudflare without recourse?
There's no violin small enough for LaLiga.
What (other than greed) can possibly justify blocking hundreds of different services, with little to no oversight?
The only saving grace here, is that premium broadcasts kinda succeeded in getting the fans, rather than corrupt politicians and the state, to mostly fund the entire scheme that is the sport.
Other than that, cry me a river with how much we allow football to bend (and break) so many of our laws and regulations (not to mention ethics and decency).
It is CloudFlare that should be shutting down websites to comply with the law. If they did that, LaLiga wouldn't need to resort to a bigger hammer.
Needless to say, companies should comply with the law of the place where they do business in.
Did they serve Cloudflare a court order?
9 replies →
[dead]
> There's no violin small enough for LaLiga.
Both?-both.gif
>What (other than greed) can possibly justify blocking hundreds of different services, with little to no oversight?
It could be that CloudFlare does absolutely nothing to aid any site, big or small, when asked to stop hosting & concealing blatantly malicious origins. I don't even care who it is at this point, at least someone is causing problems for CF who, frankly, behave as if they're untouchable.
Literally every scam site I've checked out in recent years, pretending to a government entity, or parcel delivery service, in order to defraud millions from those not blessed with much technological literacy, has been hidden behind CF. Their responses are excruciatingly slow, if they even do anything at all. Usually they don't.
“Every scam comes from Cloudflare” is an asinine metric.
“Every one of those scams” are also on the internet, use email, DNS, whatever.
The metric that matters is how much of Cloudflare is a scam, and can the rate of scamming on Cloudflare be reduced without significantly impacting legitimate uses of it, and how.
Let's get ISPs to instablock IPs shared by thousands of sites immediately, making the internet an excruciating experience on weekends, because we may be loosing some football euros on our way to charge as much as the market will bear is just indefensible. If for no other reason, because IPs are a scarce resource.
Yes, piracy will take advantage of privacy technology (EDNS in this case). If we're cautious of violating privacy to catch child abusers, again, cry me a river about LaLiga not being able to fund the next hundred million euro transfer.
1 reply →
It's not blocking hundereds of services, it's blocking one, cloudflare. A service that routinely is used to share copyright material.
> What (other than greed) can possibly justify blocking hundreds of different services, with little to no oversight?
In this case? A court order: https://bandaancha.eu/articulos/esta-nueva-sentencia-autoriz... which is a pretty heavyweight oversight mechanism.
Personally I'm broadly pro-piracy and anti-big-sports-organisation. But alas the legal system disagrees.
The court order provides the means of doing it, it isn't itself a justification for wanting to do it.
(Unless your view of ethics/morality is that anything ordered by any court is automatically good, which I'm sure some people believe but I suspect many more do not have such a binary view.)
Depends on the kind of abuse. Acting as if CloudFlare is providing bullet-proof hosting and carrier services would be insincere. I have had CloudFlare suspend accounts within 18 hours of reporting.
> people randomly blocked by cloudflare without recourse?
Cloudflare does not randomly block access to sites that don't deal with Cloudflare.
Cloudflare customers buy blocking service to their sites from Cloudflare. Any randomness there is just customer service issue.
They buy a service which should block a specific type of traffic, for example bots or attacks. I don't believe any of their customers have purchased a "block a random version of a specific browser" plan. The fact this is occasionally treated as a bug and fixed confirms that idea.
If the customer specifically set a header match to block some Firefox variant, people wouldn't complain to cloudflare about it.
Customers can pick several levels of aggressiveness when it comes to blocking bots. Some of the more obscure browsers easily pass the "low" threshold but don't make it past the "high" threshold. Some older browsers like Palemoon seem to crash or break the JS Cloudflare serves but that seems to be a browser issue.
If your favorite website is blocking you, let them know. They can tweak a lot in their WAF settings. I don't think many websites care about obscure browsers, but it's something websites can control.
That's why I wrote
>... just customer service issue.
1 reply →
You covered everything except the most important case: Cloudflare blocks innocent people trying to access websites protected by Cloudflare.
For instance they block me because I'm behind CGNAT and because some of the millions of machines also behind that CGNAT once did something unsavory.
I'm not a customer of Cloudflare, so I have no one to call, I just get blocked from endless websites or have to click a checkbox, solve puzzles and suffer other indignities because I'm using a reputable and popular ISP in my country.
Fuck Cloudflare. They're accelerating the utter shittiness of the web because of their indiscriminate solutions to web malfeasance, which are worse than the disease.
I've experienced similar problems in the past. Cloudflare decides that something about the ISP or software I'm using is not on some secret approved list and we all get a bag of coal for Christmas instead of the content we were asking for until we've jumped through whatever hoops it decided to set up this week. And I've heard way too many anecdotes from way too many people in real life to believe this is some sort of isolated or unusual event.
If Cloudflare is now taking a hit because it's become collateral damage to an over-generalised penalty system despite having done nothing wrong itself then it is difficult to find much sympathy. If this blocking exposes how much of the web we all use every day is now being routed via a single point of failure that has been operating largely as a law unto itself then that also seems like a positive step to me.
If not for cloudflare, the site which you’re trying so hard to visit would probably not survive due to:
1. High genuine traffic
2. High bot traffic
3. Being DDoSed to death
Everyone else other than you get to enjoy a snappy and fast loading site. I think that’s a good trade off.
2 replies →
For what it's worth I think Cloudflare and a few other ultra-large CDNs should be considered an utility provider, given that it is very difficult to exist in the Internet without their protection - no matter if you're just running a damn blog or an online forum, you'll get hounded by hordes of automated scanners looking to exploit you the very second a 0day appears. And if it's an online forum, chances are high someone will be pissed off by some moderation action and just buy a DDoS to shoot you off the 'net.
(In the end I think governments should finally hunt down and eliminate abusive netizens, but waiting for that to happen is pointless)
Impossible to survive on the internet...
Cloudflare profits greatly from you thinking it's impossible to exist on the internet without them.
Did you know they have a workflow for you to sign up start using their protection in the middle of an attack? Costs money, of course. They don't get to EEE the Internet that way so they don't make it free.
AFAIK, when HN gets hit by a DDoS attack, they go and re-route the DNS to Cloudflare's IPs.
> no matter if you're just running a damn blog or an online forum, you'll get hounded by hordes of automated scanners looking to exploit you the very second a 0day appears
This will happen to you if you use Cloudflare as well, _unless_ you enable (at least) the automatic captcha, which then annoys users and disallows privacy-focused people from visiting your site.
To effectively stop committed DDOS you'll need CF enterprise, which filters out private blogs etc by price. The WAF options definitely make it easier to fight simpler DDOS attacks, but even then you'll need to know what you're doing.
Seconding that anything this big should be nationalized. That said, the internet still worked before cloudflare. The threat of a banned troll DDoSing your forum has been a risk for 30 years, yet the flourishing golden age of forums was before anyone had heard of cloudflare.
Add in their centralized panopticon of mass decrypted traffic and it becomes undeniable CF is an enormous net negative to the internet and society at large.
> The threat of a banned troll DDoSing your forum has been a risk for 30 years, yet the flourishing golden age of forums was before anyone had heard of cloudflare.
Private forums in my experience stopped being a thing around 2010-2015-ish. The first deathknell was metasploit which made 0wning a target so much more easy than it was before, the second and final blow were "ddos for hire" services, running on cryptocurrencies that promised (and delivered) true anonymity, and using mass hacked consumer devices as a botnet that was much harder to defeat against than an STRO in some datacenter where you (or your DC) could just block the IP address.
They could argue that they are on the side of the "good guys" (intelligence services and the police), especially if you consider their historical ties of collaborating with the 3-letters agencies like the FBI (c.f. how all started with Project Honey Pot).
Maybe you don't care about Cloudflare, but a lot of small sites use CF, and they're getting blocked. I'd feel bad about those sites.
Anyway, read the rest of the responses here giving context; the issue has more nuance than you seem to realize.