Kind of like the police protects gangsters from getting shot by other gangsters, but you would really like them not to do that, so that the gangsters can just shoot each other.
In this case, Brian Krebs tried to convince Cloudflare to kick off the booter sites, so they are unprotected, and can DDoS each other. Cloudflare didn't put any effort into that idea, and now he's apparently angry that he didn't get through to them.
Cloudflare is not the police. They're a private organization that makes a profit from offering "protection" for people getting DDoS attacked. They enable the people doing the DDoS attacks by protecting their booter sites (https://www.google.com/search?q=ddos+booter). That's called a racketeering operation (https://en.wikipedia.org/wiki/Racket_(crime)), and that's illegal. There are laws against it. Just because our crappy government is too incompetent to file charges doesn't mean it isn't illegal.
If Cloudflare thinks they can foster criminal activity through their network because they're running a juiced up nginx proxy, they're wrong. The "slippery slope" argument is absolute nonsense. As Krebs himself pointed out, they already remove sites that are hosting phishing attacks and malware.
Cloudflare, it's time to do the right thing here and stop protecting DDoS booters. Your policies are helping to damage the internet and censor people, whether they're illegal (they are) or not.
If only...
Let me quote [0]:
> CloudFlare will forward all abuse reports that appear to be legitimate to the > responsible hosting provider and to the website owner. In response to a legitimate > abuse report CloudFlare will provide the complainant with the contact information for > the responsible hosting provider so they can be contacted directly.
So, if I report a scammer CloudFlare will forward my information to that criminal, putting me at risk. Gee, thanks!
and
> Since CloudFlare is not a hosting provider we do not have > the capability to remove content from a website.
Or to put it in the words that they answer every abuse request with:
> Please be aware CloudFlare is a network provider offering a reverse proxy, > pass-through security service. We are not a hosting provider.
Which basically translates to "We don't care, we want to pretend that we are not responsible for our actions."
They remove them all, except the one whose threat they benefit from (cloudflare has a direct interest in the ddos threat being as big as possible).
Claiming they are protecting their free speech is a load of bollocks.
What happens over CloudFlare's networks in the case of DDoS providers would essentially be the agreement of a business contract.
The attacks are paid for and managed by the customers through the web portals that run behind CloudFlare. How is that not enabling the attacks?
It takes an intense contortion of the concept of freedom of speech to apply it to this malicious and illegal activity. I guess under that logic it's also okay for a personnel security company to host (or hide behind their nginx server) a hitman-for-hire marketplace too, as long as they're not the ones doing the actual killing?
DDoS attacks (and their store fronts) are not about freedom of speech. They are, always and everywhere, about the suppression and censoring of speech through violence. Protecting them means that you are protecting violence.
But if you're adamant on this being free speech, fine. Where's the free speech criticism for Cloudflare shutting down those phishing and malware distribution sites? Why are DDoS attack sites magically different and deserving of freedom of speech protection?
