Cloudflare also has an added appeal to sites such as The Daily Stormer. It turns over to the hate sites the personal information of people who criticize their content. For instance, when a reader figures out that Cloudflare is the internet company serving sites like The Daily Stormer, they sometimes write to the company to protest. Cloudflare, per its policy, then relays the name and email address of the person complaining to the hate site, often to the surprise and regret of those complaining.
This has led to campaigns of harassment against those writing in to protest the offensive material. People have been threatened and harassed.
Really, Cloudflare? It's one thing to provide a CDN service for these these sites; turning over this information is completely different.
Are you mind bendingly high? Where did the DMCA thing come from?
The comment is about people sending complaints to cloudflare and cloudflare sending their information to the site being complained about...
This has absolutely ZERO to do with copyright.
To be fair, forwarding abuse reports to the client is standard practice in the hosting industry.
There's been some debate about this in the past (efnet getting upset with Hetzner for example), but I think the general consensus is that it's not really the job of the hosting company to go out of their way to protect abuse reporters.
It's also important to understand that most abuse mail that isn't DMCA spam will be automated mail informing you of compromised machines on your network, it very much makes sense to automatically forward all this mail to the client.
What? AWS and GoDaddy are not terribly expensive. GoDaddy is incredibly common. I don't know about Rackspace. Together they make up a large chunk of the Internet as we know it.
AWS and Rackspace are terribly expensive, GoDaddy is huge in the domain space but not particularly big in hosting, besides shared-.
Why not look at the likes of OVH, Hetzner, Voxility, Colocrossing and so on. Or maybe try Level3, their business may be a bit different but they're HUGE and certainly forward abuse reports.
It's got everything to do with having a bunch of humans handling your abuse reports. It's also one of the reasons why IP reputation is so important to these hosts.
Ok, so I went to the Cloudfare abuse form [0] to see the specifics.
It asks for a whole lot of information (including full name and email address) and at the bottom states:
"By submitting this report, you consent to the above information potentially being released by CloudFlare to third parties such as the website owner, the responsible hosting provider, law enforcement, and/or entities like Chilling Effects."
It's pretty clear therefore that they mean all of information provided and not just the reason for the complaint.
Good point, I only looked at the text in the grey box at the right, not at the bottom, where it is clearer. (Box e.g. for "Violent Threats" or "General" says
CloudFlare will notify the site owner and, where appropriate, the web hosting provider for the site in question.
By submitting a report, you agree to submitted data potentially being released by CloudFlare to third parties, such as Chilling Effects.
Cloudflare is one of the worst companies there is. They weaken the security of the web. They block Tor users from using many popular websites. They host websites that offer the same DDOS services they will charge you for protection from. The day Cloudflare dies, which should have been the day Cloudbleed was discovered, will become an annual holiday for the Internet.
That seems like quite a bit of an exaggeration. CloudFlare is great for a lot of reasons, and they have their faults just like every other company out there.
I'm the last person to defend Cloudflare. They do a fair bit of crappy things (treat TOR poorly amongst them).
But, we do have freedom of speech in the US. And while that doesn't mean everyone has to give you a platform for that speech, it does mean a content provider needs to decide between being a judge or allowing everything.
Sure, Neo-Nazis seem like an easy case - nobody likes Nazis. But, what about people calling for a boycott of Israel? Or what about critical political speech? Should Cloudflare (or anyone) be in the business of making judgements about those kinds of content and if they're allowed or not?
You sure "nobody" likes Nazis?
They sure seem to be enjoying a nationalist resurgence lately for nobody liking them.
Even the President wont expressly disavow them anymore. :(
I think the more important issue in here is that Cloudflare forward the personal information of anyone who complains about the site to the site owner. Other major providers don't do this, and it's not clear that people filing complaints know what they're getting into.
> CloudFlare will notify the site owner and, where appropriate, the web hosting provider for the site in question.
That being said, it's in body sized font, in a huge block of text, and if I wasn't looking for it, I wouldn't see it.
So, it's "stated" but probably not very clear that abuse reports may be forwarded. As a webmaster/previous ISP, I expect (again, prior knowledge here) that abuse complaints will be forwarded. But, does the average person? Probably not.
My $0.02 - Cloudflare states it, but they need to make it much more clear if they intend to keep the policy, or possibly revise the policy. However, bad UI seems a weak reason to vilify them.
----
Edit: Actually, they state it twice - including right before the submit button in larger font size. It's pretty hard to miss.
The use of improper SSL termination and re-captchas that take sometimes up to 20 minutes to complete (for one CAPTCHA, fuck you Google!) are much more atrocious abuses than the existence of some hate speech on sites they host. I'd much rather see them address those actual problems than read about some bitchiness that they won't censor their content. I actually agree with Cloudflare on this. Yes, the Daily Stormer might be an easy site to assess and block (I don't know, I've never visited), but once you're in the business of censorship, the censorship wing of the organization will eat up tons of resources and is guaranteed to turn away customers. See any major Internet company for plenty of examples of this. It seems to me that by not engaging with this stupidity, they are making a wise business decision.
32 comments
[ 0.22 ms ] story [ 1329 ms ] threadThis has led to campaigns of harassment against those writing in to protest the offensive material. People have been threatened and harassed.
Really, Cloudflare? It's one thing to provide a CDN service for these these sites; turning over this information is completely different.
To be fair, forwarding abuse reports to the client is standard practice in the hosting industry.
There's been some debate about this in the past (efnet getting upset with Hetzner for example), but I think the general consensus is that it's not really the job of the hosting company to go out of their way to protect abuse reporters.
It's also important to understand that most abuse mail that isn't DMCA spam will be automated mail informing you of compromised machines on your network, it very much makes sense to automatically forward all this mail to the client.
Side note: I wrote this.
Why not look at the likes of OVH, Hetzner, Voxility, Colocrossing and so on. Or maybe try Level3, their business may be a bit different but they're HUGE and certainly forward abuse reports.
These insane margins help pay for a big abuse department.
Most dedicated hosting providers don't have as big margins because they can't stuff 1000+ customers on one server.
Most dedicated hosting providers don't have very big abuse departments, or any abuse department at all.
Cloudflare does state on the reporting form that they “will notify the site owner.”
It doesn't mean including personal details of the reporter.
It asks for a whole lot of information (including full name and email address) and at the bottom states:
"By submitting this report, you consent to the above information potentially being released by CloudFlare to third parties such as the website owner, the responsible hosting provider, law enforcement, and/or entities like Chilling Effects."
It's pretty clear therefore that they mean all of information provided and not just the reason for the complaint.
0: https://www.cloudflare.com/abuse/form
CloudFlare will notify the site owner and, where appropriate, the web hosting provider for the site in question.
By submitting a report, you agree to submitted data potentially being released by CloudFlare to third parties, such as Chilling Effects.
But, we do have freedom of speech in the US. And while that doesn't mean everyone has to give you a platform for that speech, it does mean a content provider needs to decide between being a judge or allowing everything.
Sure, Neo-Nazis seem like an easy case - nobody likes Nazis. But, what about people calling for a boycott of Israel? Or what about critical political speech? Should Cloudflare (or anyone) be in the business of making judgements about those kinds of content and if they're allowed or not?
You also mention Cloudflare hosting onion addresses, which is possibly the worst-case-scenario. Can you imagine Cloudbleed on Tor?
> CloudFlare will notify the site owner and, where appropriate, the web hosting provider for the site in question.
That being said, it's in body sized font, in a huge block of text, and if I wasn't looking for it, I wouldn't see it.
So, it's "stated" but probably not very clear that abuse reports may be forwarded. As a webmaster/previous ISP, I expect (again, prior knowledge here) that abuse complaints will be forwarded. But, does the average person? Probably not.
My $0.02 - Cloudflare states it, but they need to make it much more clear if they intend to keep the policy, or possibly revise the policy. However, bad UI seems a weak reason to vilify them.
----
Edit: Actually, they state it twice - including right before the submit button in larger font size. It's pretty hard to miss.
If you complain about a business or person, you ought to expect that they'll be allowed to defend themselves against you.
Especially if you complain to some 3rd party who already has an existing relationship with them... why would one expect preferential treatment?
Ever since Cloudbleed effected so many sites and exposed TLS protected data to everyone incl search engine spiders, we should have moved on.
https://news.ycombinator.com/item?id=13721452