CloudFlare CEO blasts Anonymous claims of ISIS terrorist support Matthew Prince, CloudFlare's cofounder and CEO, has hit back at Anonymous, which claimed his firm backs ISIS by keeping terror websites up and running. CloudFlare is a content-distribution network: it acts like a huge sponge, soaking up deluges of internet traffic that would otherwise overwhelm small to medium-sized websites, …
Full disclosure: The Register is a CloudFlare customer.
So.. I'm guessing that according to Anonymous we should not be reading El Reg as you are a front for the Daesh? I have the image of someone running around in their mum's basement, waving their arms and screaming at this bit of news.
Obligatory vid: https://www.youtube.com/watch?v=n_w4oSCJIQk
If there is due process for government agencies to request take downs of sites that are found to be in breach of the law then that is what he should follow. I think his integrity and that of his company is evident in his not taking Anonymous sites down, nor even interfering when a site personally attacked him.
I don't think we necessarily want providers acting as judge and jury.
It would be interesting to know what dodgy sites he's been asked to keep online by the feds.
I personally hope that we in Europe will be able to maintain a healthy balance between security and freedom despite extreme provocation. Part of not letting these fuckers win is surely about maintaining our values and way of life.
Better still to infect IS sites with some sort of subtle, er, meta-malware, which in turn infects the computers which visit the IS sites in ways that will be helpful to law enforcement and intelligence operations. Especially if Anonymous can do it only because they are operating outside the law. (Although I'd hope that our intelligence agencies have been given license to go "deep grey" when it comes to dealing with these barbarians).
CloudFlare is well known for harboring illegal activities. According to Wikipedia two of the ISIS’s top three chat forums are guarded by CloudFlare. CloudFlare is ranked 7th among the top bad hosts. An October report found that CloudFlare provisioned 40% of SSL certificates used by phishing sites.
We estimate that up to 50% of the spam emails in USA might be hiding behind ClloudFlare services. To circumvent local laws regarding spam, phishing and privacy, CloudFlare is using servers located in places such as Panama. As a result, all our websites, clients and partners are blocking traffic to or from IP ranges belonging to CloudFlare such as 104.16.0.0 - 104.31.255.255.
I had a UK site targeted by a credit card fraud forum that was using CloudFlare's DDoS protection service which is a paid for service. When I contacted CloudFlare about a criminal site that was using their service they refused to do anything about it without a court order, directed me to Mathew Prince's blog post about free speech and blocked me on twitter....yada yada yada.
How exactly would I get the US authorities to take down a site hosted in Belgium using CloudFlare's DDoS protection service?
Matthew Prince says, "Even if we were hosting sites for ISIS, it wouldn't be of any use to us," he continued. "I should imagine those kinds of people pay with stolen credit cards and so that's a negative for us."
I realize that you don't "host" but you certainly "protect." By refusing to reveal the original IP address behind the sites you protect, you deprive responsible citizens of the ability to discover the original host. This means that the only way they can complain is to you directly. In my experience, this is a complete waste of their time.
And about those "stolen credit cards," you should add that they were most likely purchased from some of the more than 400 sites you protect that sell stolen credit card information.
Also, please stop hyping your half-baked SSL. You are the Man-in-the-Middle that can read the unencrypted plain text. Either you allow the authorities to tap into your system, or you're serious about Internet security and by now would have publicly challenged any orders from Big Brother. You have a law degree, but that does mean you can have it both ways.
By the way, have you ever heard of the phrase, "the social responsibility of corporations"? Or is there some secret, Masonic-like pact that makes these five words unmentionable in Silicon Valley?
I had been angry with CloudFlare because I had gotten a number of replies from them when complaining about phishing sites that they don't provide hosting services. After explaining that (1) I am not obligated to use their web form to report abuse, and (2) hosting a domain's DNS is, in fact, providing hosting services, they did finally start taking action.
When it comes to blatant phishing sites, like ones trying to pretend to be Bank of America, or which open a window telling you that your computer is infected so you should call this phone number and won't let you close the window, the action is clear - no discussion or investigation needs to happen, since anyone with a reasonable ability to think can see that these sites are clearly intended to defraud.
When it comes to a web site which says, "ISIS is good! We love ISIS!", you can't really do much about that. If it said, "Help support ISIS! Send money to ...", that's a little more cut and dry. Things in between, well, are sticky.
You can't have freedom of speech and at the same time claim to want to subvert it in order to protect it. You can, though, outlaw material support. There's a difference between the two.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
