← Back to context

Comment by Bender

6 hours ago

There must be some really good protection on this. If I enabled such a thing on any of my servers it would be full of warez, porn, malware, CSAM and who knows what else within minutes. Curious how they manage to keep it clean.

The protection is that they're rich enough to handle requests from law enforcement without going to jail themselves. They'll certainly pass your IP address to law enforcement if asked.

Only live for an hour.

But that won't stop people doing bad stuff for an hour I guess. Vibe code up some on-demand thing that you ping...

  • One hour is great for spearphishing attacks, once the victim has been infected their IT department will have no trace of the source.

They already allow hosting static websites so I think the same guardrails are implemented.

  • I've never used CF so I could be ignorant in this matter. I assumed perhaps incorrectly that people had to verify their email address and delegate their domain(s) to CF including setting the glue records in the TLD servers meaning there is possibly a financial trail somewhere probably in the DNS registrars and perhaps a mail provider, whereas this is just drag-and-drop with no money trail.

    I have no idea what guardrails they have in place in the background that blocks malware, CSAM, warez and such on their free accounts.

    • Just having an account with an email address is enough.

      They assign a subdomain automatically for uploads, same as cloudflare workers.

      I don't know what they do, but implementing guardrails for this is possible nowadays with AI, but maybe they use a "mechanical turk"

Yeah, I was going to start a file drop site like 0x until realizing what it'd be used for