Remember that Cloudflare does a MITM on every connection to every website they front.
CF not only protects them... they have real time intelligence on who is getting attacked, who is paying for it, and all the parameters of the attack (type, volume, duration, etc).
What would your sales team give for leads this hot?
This is the dumbest post I’ve read. The attackers have a site seemingly hosted by/orange clouded by Cloudflare. They aren’t providing botnet or DDOS capabilities. Cloudflare tries to act as a third party that follows the law when the law gets involved. They don’t want to actively police the internet in the same way they don’t actively abolish piracy (see Anna’s Archive). There are exceptions to this of course, but on average I don’t find it necessary for Cloudflare to knock down the site of the attackers because they sell illegal services. Isn’t this what HN bitches about anyways, CF being a centralised authority? Now you’re bitching that it’s not using its centralisation powers?
How do they know that behind the scenes Cloudflare has not handed over whatever IP and financial information they have on the attackers to the feds? AFAIK such things would not be disclosed until the attackers are locked up and the case is closed assuming such details are ever disclosed at all.
I recall this post[0] from cloudflare's CEO about when they terminated daily stormer back in 2017, and particularly this quote:
> Like a lot of people, we’ve felt angry at these hateful people for a long time but we have followed the law and remained content neutral as a network.
This is overall a very reasonable take and one I support from a player the size of Cloudflare: They should aim to remain as neutral as possible instead of enforcing arbitrary blocks on sites they disagree with.
Now, this post is from nearly 10 years go and I'm sure there have been many more cases that happened since then, their methodology likely did evolve, but I don't mind them protecting any site, regardless of their opinion towards its content.
Cloudflare isn't an impartial, neutral network. People need to stop perpetuating this fig leaf.
To the outside world, Cloudflare acts as a host. Their servers serve the content fo whatever site is in their "network". It doesn't matter that some of those sites are being partially pulled from other backend servers that are outside their network again. Cloudflare is their service provider and they are their customer (free or not).
This is especially true with all their hosted stuff now like Workers, R2, etc., but don't let that muddy the discussion. Even without that they cache and serve the content.
> A part of the internet considered "Critical infrastructure" is being attacked with impunity, and those who could stop it are doing nothing.
i don't understand how ceasing to proxy their storefront would stop a ddos attack? it's not like CF infrastructure is being used for the DDOS, or is that actually the claim made?
i can get saying something like "they shouldn't be providing this service to them" but this isn't a critical service to their operation?
The root issue here is that your government does not consider translational cyberterrorism against civilians to be worthy of national security protection or retaliation.
(But if you are in the US, your government considers foreign human laborers doing useful work as "invaders".)
19 comments
[ 3.2 ms ] story [ 53.8 ms ] threadCF not only protects them... they have real time intelligence on who is getting attacked, who is paying for it, and all the parameters of the attack (type, volume, duration, etc).
What would your sales team give for leads this hot?
It's policing their own customers attacking their own other customers in a way that opens themselves up to racketeering charges.
> Like a lot of people, we’ve felt angry at these hateful people for a long time but we have followed the law and remained content neutral as a network.
This is overall a very reasonable take and one I support from a player the size of Cloudflare: They should aim to remain as neutral as possible instead of enforcing arbitrary blocks on sites they disagree with.
Now, this post is from nearly 10 years go and I'm sure there have been many more cases that happened since then, their methodology likely did evolve, but I don't mind them protecting any site, regardless of their opinion towards its content.
[0] https://blog.cloudflare.com/why-we-terminated-daily-stormer/
[1] https://news.ycombinator.com/item?id=15031922
To the outside world, Cloudflare acts as a host. Their servers serve the content fo whatever site is in their "network". It doesn't matter that some of those sites are being partially pulled from other backend servers that are outside their network again. Cloudflare is their service provider and they are their customer (free or not).
This is especially true with all their hosted stuff now like Workers, R2, etc., but don't let that muddy the discussion. Even without that they cache and serve the content.
i don't understand how ceasing to proxy their storefront would stop a ddos attack? it's not like CF infrastructure is being used for the DDOS, or is that actually the claim made?
i can get saying something like "they shouldn't be providing this service to them" but this isn't a critical service to their operation?
(But if you are in the US, your government considers foreign human laborers doing useful work as "invaders".)