> If I were hosting illegal malicious actors doing this stuff on my home servers and refused to even say who was doing it I would 100% get my door kicked down by the FBI. But some persons, corporate persons, are more equal than others.
If you refused to tell some random person who asked? No, you wouldn’t. If you refused to respond to a legal authority—a court-issued subpoena, for example—then there would be consequences.
As far as cloudflare is concerned you’re just a random person asking. They have no legal obligation to provide you with information.
They have a legal obligation to provide a working abuse contact address. I guess you're saying that it is working when they say, "go away." and yeah, I can see that point of view.
But it also means that any domain fronted by cloudflare won't actually have contact information for the owner of the domain required by their legal contact with ICANN as a registrar.
If you refused to tell some random person who asked? No, you wouldn’t. If you refused to respond to a legal authority—a court-issued subpoena, for example—then there would be consequences.
As far as cloudflare is concerned you’re just a random person asking. They have no legal obligation to provide you with information.