Surely best practice for abuse reports that you want to pass on would be to anonymize the complaints and act as conduit if appropriate. If the complainants wanted to complain to the site directly (rather than the proxy/CDN) they could have done so.
Strangely it is already stated on their abuse report page,
---
By submitting this report, you consent to the above information potentially being released by CloudFlare to third parties such as the website owner, the responsible hosting provider, law enforcement, and/or entities like Chilling Effects.
---
Thanks, not exactly encouraging for genuine reports though. It also doesn't say tht they will pass the report to all those groups just that you consent that they can. I would still hope for judgement to be applied.
Even with that I would expect different treatment for people reporting harassment and CP especially if it isn't in the form of a legal threat. Surely an abuse report (unlike a DMCA takedown request) is a favour to the service provider.
Now publishing legal threats ands companies' requests is a different mater in my view.
In this case some of the reports were likely to be related to doxing, SWATing and other harassment which makes this especially egregious I would expect better from a grown up company. I also wonder what legal liabilities there may be if their disclosure leads to a SWATing of one the reporters.
While I (partially) understand the current context of harassment and SWATing, the mandatory parts that could help provide private informations are the emails and full name.
I also considered that the statement is also an blanket statement in case the reporting has to go further and contact needed to be made in case the issue would go to legal.
Not that I am defending cloudflare in any form, but the liabilities where probably waived when the person clicked on the submit button (which is way better than most website saying that you accept their TOS when you browse on it, or even hide the TOS and acceptance far away, because well nobody is interested in reading it)
4 comments
[ 3.5 ms ] story [ 22.1 ms ] threadEven with that I would expect different treatment for people reporting harassment and CP especially if it isn't in the form of a legal threat. Surely an abuse report (unlike a DMCA takedown request) is a favour to the service provider.
Now publishing legal threats ands companies' requests is a different mater in my view.
In this case some of the reports were likely to be related to doxing, SWATing and other harassment which makes this especially egregious I would expect better from a grown up company. I also wonder what legal liabilities there may be if their disclosure leads to a SWATing of one the reporters.
While I (partially) understand the current context of harassment and SWATing, the mandatory parts that could help provide private informations are the emails and full name.
I also considered that the statement is also an blanket statement in case the reporting has to go further and contact needed to be made in case the issue would go to legal.
Not that I am defending cloudflare in any form, but the liabilities where probably waived when the person clicked on the submit button (which is way better than most website saying that you accept their TOS when you browse on it, or even hide the TOS and acceptance far away, because well nobody is interested in reading it)