This is a service, not a device sale. Continuing to provide a service to an organization that is using it to support criminal activity is very different and terminating clients for illegal activity is not controversial.
Most companies have TOS that include not damaging or attacking the company itself. The advertised service attacks Cloudflare explicitly. It seems very straightforward that this would violate any reasonable TOS.
As a condition of your use of the Websites and Online Services, you will not use the Websites or Online Services for any purpose that is unlawful or prohibited by these Terms. You may not use the Websites or Online Services in any manner that could damage, disable, overburden, disrupt or impair any Cloudflare servers or APIs, or any networks connected to any Cloudflare server or APIs, or that could interfere with any other party's use and enjoyment of any Websites or Online Services. You may not transmit any viruses, worms, defects, Trojan horses, or any items of a destructive nature through your use of Websites or Online Services. You may not exceed or circumvent, or try to exceed or circumvent, limitations on the Websites or Online Services, including on any API calls, or otherwise use the Websites or Online Services in a manner that violates any Cloudflare documentation or user manuals. You may not attempt to gain unauthorized access to any Websites or Online Services, other accounts, computer systems, or networks connected to any Cloudflare server or to any of the Websites or Online Services through hacking, password mining, or any other means. You may not obtain or attempt to obtain any materials or information through any means not intentionally made available through the Websites or Online Services. You may not to use the Websites or Online Services in any way that violates any applicable federal, state, local, or international law or regulation (including, without limitation, any laws regarding the export of data or software to and from the US or other countries).
Cloudflare retains the right (but not the obligation) to block content from its Distributed Web Gateway that Cloudflare determines (in its sole discretion) to be illegal, harmful, or in violation of these Terms. For these purposes, illegal or harmful content includes but is not limited to: (a) content containing, promoting, or facilitating child sexual exploitation and abuse or human trafficking; (b) content that infringes on another person’s intellectual property rights or is otherwise unlawful; (c) content that discloses sensitive personal information, incites or exploits violence, or is intended to defraud the public; and (d) content that seeks to distribute malware, facilitate phishing, or otherwise constitutes technical abuse."
cloudflare is not hosting the infrastructure doing the actual attacks. the attack is coming from residential proxy servers, not from the webpage being hosted by cloudflare, which is just a marketing page and a login portal. that clause is not really applicable.
in any case, its not a question of whether cloudflare can remove a website. of course they can, for whatever reason they want.
its a question of whether we want to be in a world where cloudflare starts making content-based decisions on website hosting. most people probably dont want that.
> the webpage being hosted by cloudflare, which is just a marketing page and a login portal
thus being used for illegal and harmful activities right?
> Cloudflare retains the right (but not the obligation) to block content from its Distributed Web Gateway that Cloudflare determines (in its sole discretion) to be illegal, harmful
Not that I have any hope for TOS violation claims. I've learned early on in life that people generally don't care in life if you violate rules they invented if they're not impacted themselves. They do care if they violate someone else's rules and there is a chance of repercussions. There are exceptions, quite a few hosting companies in fact, but Cloudflare so far hasn't acted like a party that has the good of the web in its interest (even when strictly speaking of whom they offer services to despite them doing harm). Just wanted to point out that the cited clause, assuming it is correct as stated above, could be applied at Cloudflare's discretion if they so wished
>thus being used for illegal and harmful activities right?
neither the login portal page nor the marketing page are illegal.
>Cloudflare so far hasn't acted like a party that has the good of the web in its interest
for a lot of reasons, i generally agree with this statement. however, for this specific reason (maintaining a content-neutral approach, instead of playing content-police), i could not disagree more. cloudflare making hosting decisions based on the legal content of your site would be a huge disservice to the internet.
What's inside the login portal? I honestly don't know and am genuinely asking but the article didn't seem to go into it, but if the login portal leads to a page with a btc/other crypto address and a text box where the attacker enters ubuntu.com and a submit button labeled DDoS, should that bit be legal?
Wait, the webpage hosted by cloudflare, as you say. So yes, they're not hosting the infrastructure doing the actual attacks, they're "just" hosting the infrastructure for the site advertising the attacks.
"You may not use the services to attack our infrastructure. You may use the services to advertise and charge for attacking our infrastructure".
correct, you should be able to host any lawful website you want.
if a police investigation turns up that X DDoS is linked to Y advertising site, the police should then submit a lawful takedown request, which cloudflare will oblige.
They have been suing and winning. Yet Cloudflare continues.
I'm not a fan of overzealous companies, like La Liga, cutting out massive portions of the internet in Spain during football matches, but Cloudflare isn't the good guy here either.
La Liga sued Cloudflare in Spanish court and won. Cloudflare now starts taking down content that directly violates La Ligas copyright, but mainly only in Spain. It looks like Cloudflare will happily still serve the exact same content outside of Spain.
In response to these court rulings, the got the US government involved and now there is talk of this being a digital trade barrier.
I think you may have missed the forest for the trees; the concern is about the slippery slope that may lead to a for-profit company (also the risk in case it's non-profit; see OpenAI shenanigans) controlling what content you can read, what operating systems you can download, etc... and the fear is about protection rackets leading us to being stuck with a monopoly or an oligopoly at best that enforce that censorship.
He hasn’t missed it, he (and the others agitating for this) want to be able to pressure certain websites off the internet, whether or not they face action in an actual court.
>We already live a world where your service is terminated for illegal activity. Of course we want it, how is this even a question?
you are misunderstanding me, but im not sure if you are doing it on purpose.
if they receive a lawful order of course they should oblige. and without a lawful order they should not make content-based decisions on what to host.
>The mental loops people in these comments are using to support criminals is truly mind blowing.
this is a complete mischaracterization of what i am saying. and implying that i am... astroturfing for ddos? plain offensive.
i just dont want cloudflare ai-scanning my blog, seeing the word "DDoS" because i am in networking, and proactively removing my site from the internet.
Your account can get terminated for any other random nonsense though. Happens all the time, with cloudflare, google, github, everywhere. Everyone just pretends that "this can't happen to me". You want cyberspace free from any "evil" state jurisdiction, nor "coddling" so this is what you get.
no it was reply to "i just dont want cloudflare ai-scanning my blog, seeing the word "DDoS" because i am in networking, and proactively removing my site from the internet."
> if they receive a lawful order of course they should oblige. and without a lawful order they should not make content-based decisions on what to host.
You are ignorant of the law. You cannot host user content without being required to police it for at a minimum things like child porn.
But this is also not a remotely ambiguous case. Any normal service would instantly terminate a client account if the client is blatantly and openly advertising their service to disrupt the business. This is not some "slippery slope grey area" where maybe they are breaking the law but who knows. They have a website that says "Here is our service to disrupt cloudflare." It's as black and white as you can get and any normal service would instantly terminate them as soon as they became aware.
>You cannot host user content without being required to police it for at a minimum things like child porn.
yes, child sexual abuse material is covered by law, i.e. they already have a lawful obligation for that thus do not require a separate lawful order.
the issue is around arbitrary content-policing, where the decision is made by cloudflare rather than the legal apparatus.
having a website that says you do ddos for hire is not illegal. (doing the ddos is the illegal part. but that was not done with cloudflare infrastructure = cloudflare should not be involved unless they receive a lawful order).
i am going to choose to ignore your additional mischaracterizations and insults. it would super cool of you to stop calling me ignorant, an astroturfer for ddos, etc. over a simple disagreement.
That 18 USC 2 and 371 apply to the CFAA, too. What are those? Accomplice liability, which has been considered to include aiding and abetting. Hosting (and protecting, by virtue of your product) computer crime organizations could quite plausibly be rolled into accomplice liability.
cloudflare has no knowledge that <random site> is linked to <random attack on a completely different company, originating from random places on the internet> and they have no way of gaining that knowledge unless presented with a lawful order stating such.
if what you were saying was at all a plausible legal interpretation, it would have been brought to light over the last 16 years of lawsuits cloudflare has been involved in. or it would have been brought up by their literal room full of (actual) on-staff lawyers.
aiding and abetting requires knowledge of the crime and intent to facilitate it. cloudflare has neither.
Azure Artifact Signing and Apple's Developer program come out to similar costs. Apple's is probably still cheaper in that you can sign any number of things with it.
But yes, it would be nice to have some free signing options for open source developers.
These sorts of laws have repeatedly failed to pass in Europe due to people protesting. The government just keeps coming back and trying again it seems.
I do think they care but you hit on a point. Governments just keep trying to force this and eventually wear down the resistance to it. They can try repeatedly as it only has to work once.
Yeah, this feels like an exploit used by many governments these days. You see the same thing in the US where the Republicans just keep filing appeals or lawsuits until they eventually get what they want. Over and over and over and over.
Governments should probably adopt some sort of "retry" limit for these things. Good luck getting that passed though I suppose.
That would just be abused by people who want to permanently enshrine a bad status quo. They'll file X really shitty, bad faith challenges, and when they all fail, everyone will be permanently stuck with a bad thing.
Imagine if women's suffrage failed 5 times, and hey, guess we'll never get it, 5 times is the limit.
It is true that "far-right politicians" had the most chance to be elected in the EU parliament but this is in fact insignificant.
How individual country influence the EU is there is an invisible battle on putting their people anywhere under the commissioners. There are a lot of career people you will never hear about yielding immense power there and from what I know they do not have a political affiliation how we understand it (left, right, etc.)
If you are a corporation or foreign actor and you need something from the EU you cannot care less about the people elected in the fake parliament. If your chance of influencing or blocking something is in the parliament, you already lost.
Most people have a hard time wrapping their head around this because we actually have a better understanding how the US political system works, individual EU countries or even the CCP.
Which are also known as right and left, respectively.
What, did you think right and left were arbitrary? The words are arbitrary, but the meanings are not. They correlate quite strongly with the material interests of the up and down.
... okay? I thought they were dead. What about the entire rest of the world that is left or right. We're not stuck between a choice of Staln (left), and Htler (right) - there are more reasonable people in the world, even more reasonable politicians.
That makes little sense if you know some basic political science, the EU is comprised of different political interest groups just like your country is.
Unless you literally belive everyone in the EU belive the exact same thing and there's zero disagreements what do ever.
Kind of, at least in France? Our privacy-nefarious laws have been passed by both left- and right-leaning governments. It seems that if there is something the elite agrees upon, it is that the plebeians should be kept in check.
That depends entirely on where you are. In Ontario electricity is mostly hydro, nuclear, and renewables. But also, compared to burning gas directly, EVs are still more efficient and require less gas if you burn the gas to charge the EV.
I mean, that just isn't true. There are amazon tribes today where they just send them down the river to die... your ideas are a disney-fied version of a false past that never existed.
Unspecified Amazon tribes don't represent the lion's share of historical treatment of aging populations. One negative example doesn't undermine the point.
Yes, humanity is full of various societies that do things differently. These ideas aren't disney-fied - they're just accurate representations of the fact that people care for each other, most of the time.
I appreciate your anecdote, but here's a few counter-examples:
Do you have anything more interesting to say on the topic than "No U wrong"? The OP had a lot of thoughtful comments about the issues with having things to do after retiring.
You hit the nail squarely on the head. In days past when people retired they'd still help raise kids or look after households. When we moved past requiring that sort of thing, we left the elderly without engagement.
I'm not sure what the solution is, but perhaps as a society we could be more intentional about creating roles where the elderly can still help and feel useful, but also have flexibility and a more relaxed lifestyle.
There's not necessarily money in it, but in the current era, parents still find the grandparents' availability for minding children incredibly useful. If they also cleaned my house free or cheap, I'd be thrilled!
I mean, we're about to enter a demographic reversal and to hear economists talk of it, corporations are going to really struggle to find the workers they need.
I guess we're about to find out if they're desperate enough to offer genuine flexibility or not.
If I could work 2d/wk remote as a software developer, I'd probably do it the rest of my life. Something tells me that most CEOs are still gonna insist on 50+hrs/wk RTO though...
Of course, though I still think remembering that people need to feel useful is important. E.g. you don't want to force someone into a job that may be useful but the person is feeling "why am I doing this, it's not needed." The goal is also not to fill time or a money quota. It's to do something helpful such that the person actually feels helpful.
reply