back to article Cloudflare speaks out amid allegations it safeguards banned terror gangs' websites

Cloudflare found itself underfire this month for seemingly allowing officially designated foreign terrorists to use its website protection services. Which, under US law, would be a big no-no. A HuffPo report claimed the US-based biz is being used by the likes of al-Shabab and the Taliban to evade attempts to shutdown their …

  1. Anonymous Coward
    Anonymous Coward

    If we allow a world where everything we see or hear is controlled then we no longer deserve a world with free will.

  2. tiggity Silver badge

    Good article

    There is too much scope creep in banned organisations, as the article implied its far too easy to squash freedom of speech by defining something as terrorist content / gradually extending what is proscribed speech.

    Frankly the security services would be better letting cloudflare do its thing, and if there was *genuine evidence* of "proper" terrorist use then work with cloudflare to try and locate the terrorists - letting known terrorist content stay up can be useful in finding the posters / supporters of that content, sending everything underground just makes tracking the terrorists that much harder.

    1. P. Lee Silver badge

      Re: Good article

      Worse, HuffPo et al decides it doesn't like stuff and tries to pressure third parties into censoring perfectly legal content.

      The correct response is, "come back with a warrant and we'll talk."

      1. sisk Silver badge

        Re: Good article

        Worse, HuffPo et al decides it doesn't like stuff and tries to pressure third parties into censoring perfectly legal content.

        I've long since figured out that HuffPo "journalists" are all the type of SJWs that define hate speech as "anything I don't agree with". I give them the amount of attention that such a status warrants, which is none at all.

    2. Anonymous Coward
      Anonymous Coward

      Re: Good article

      The other point is that if Cloudflare are co-operating with law enforcement agencies, do they in fact make it easier to act against these types of sites?

      Given the many levels of potential contacts required to take down a site, and the varying levels of responsiveness involved, I would have imagined Cloudflare would simplify the process of getting content removed and beginning the process of tracing those responsible in an appropriate manner.

      Who's the upset party here? Law enforcement, the vigilantes that can no longer take direct action or a HuffPost journalist looking to save the world?

      1. baud

        Re: Good article

        a HuffPost journalist looking to save the world

        I think the HuffPost was just looking for some clicks/share/user engagement by looking like it wants to save the world by protecting people from dangerous words

    3. Voland's right hand Silver badge

      Re: Good article

      Cloudflare's general counsel Doug Kramer admitted to The Register this week that his company's relationship with customers, particularly terror groups that operate behind multiple fronts and aliases, can be difficult to police.

      Sure.

      What is so difficult to police about a site which openly advocates murdering people including prominent European politicians while operating from a fixed well defined URL using a fixed well defined name. What is so difficult to police about a site which publishes the details of their wives, children including which school they attend to and calls for the metering out punishment to these family members.

      This is the site I have in mind: https://myrotvorets.center/

      Served proudly by Cloudflare. As it "serves" OUR means and is a part of OUR information campaigns, we pretend that it is an excellent example of free speech. Nothing wrong with advocating murdering the "enemy", their wives and their children you know.

      Most recently it put a bounty on Gerhard Shroeder's head and published his full personal details including details of his family whereabouts. Not linking not because I do not know the page in question, but out of principle (same as I would not link to RT).

  3. K Silver badge

    It's impossible for a service provider such as Cloudflare to investigate every domain that uses its service... Also they offer a very easy to find form for reporting abuse:

    https://www.cloudflare.com/abuse/form

    likewise they are not the only service provider who a reverse-proxy service, so I find individually picking them out is nothing but somebody holding a grudge.

    1. Sapient Fridge

      Notice that their is no "spam" option on their abuse form. And that is the most common use I see of their services (spamvertised web pages).

      By providing bulletproof services to spammers, and ignoring all abuse reports, they become a spam support company.

      1. This post has been deleted by its author

        1. This post has been deleted by its author

  4. mark l 2 Silver badge

    Even if Cloudflare were to start to check websites before they were allowed to use its services, it would be trivial for these terrorist groups to upload an innocuous website template while the site was moderated and checked. Then ones the service was activated change it to host terrorism related content.

    Cloudflare is not like Facebook or Youtube who host the content so should have some responsibility to take it down, the content is hosted on the clients services and Cloudflare are mealy acting as a proxy to get to it. The servers that the terrorist site is hosted on could even be hosted with US web hosts, as web hosting providers pretty much let you upload whatever you want. Website will often stay up until there is either a report of abuse or the sysadmins spot illegal content while investigating another issue such as excessive resource usage on the server and then suspend the account.

    1. This post has been deleted by its author

  5. Anonymous Coward
    Anonymous Coward

    The bad guys probably use Google as well

    Quick, ban it.

    You're either with us or against us. You are with us right? You're not one of those civil libertarian types that believes in free speech and democracy?

    Roll on the dictatorship.

    /sarcasm off.

  6. Jack of Shadows Silver badge

    7 out of 7 Million?

    Does any other service give that level of compliance with US Law? I thought not. I'd like to know how well Huffington Post does on policing their content and comments.

  7. Sapient Fridge

    Cloudflare are also a spam support company

    I'm an anti-spammer and have been for over 20 years. I send abuse reports to the source ISP and feed/hosts of advertised web sites (and redirects) for every single spam E-mail I get. This averaged (until recently) about 3 a day, so around 1000 reports a year. I'm mentioned in "Spam Kings" and was active in NANAE for years (obscure reference for anti-spammers).

    Most ISPs take down obvious spammer sites rapidly but Cloudflare "mirrored" web sites are always a pain because Cloudflare refuses to act on abuse reports (no matter how much evidence they get) and they hide the IP address of the mirrored host which makes it hard to make the real host aware of the problem.

    Fortunately Cloudflare's system isn't infallible and occasionally and, if you ping enough, you sometimes get the original web site IP. The last time this happened the real host ISP (xglobe.com in this case) investigated immediately after I contacted them. Their customer's rogue binary trading "affiliate" was kicked off and the customer donated £1000 to Children in Need as compensation for the amount of effort I had put in (67 abuse reports, one for each spam I received). I can prove all of this on request.

    I have no problem with free speech, but I do have a problem with Cloudflare providing bulletproof services to spammers. Spam is illegal and is *not* free speech. I note that Cloudflare rules are not blanket rules as, for example, they (absolutely correctly) ban mirroring child porn, so they obviously have control over what they allow.

    You will also note that Cloudflare's abuse report page has no "abuse type" category for spam, even though that is the most use I see of their services:

    https://www.cloudflare.com/abuse/form

    In my opinion they are a spam support company.

    1. cd

      Re: Cloudflare are also a spam support company

      It would help if they'd embed the original IP somehow, so that techy people could access it and report if needed. Or perhaps have a lookup page for same.

      1. Anonymous Coward
        Anonymous Coward

        Re: Cloudflare are also a spam support company

        If they embedded the original IP somehow or had a lookup page for same, they would be offering a rather pointless service. Their DDoS protection hides the actual ip of the server so that miscreants can't flood the server with bogus traffic taking it off the internet.

      2. Sapient Fridge

        Re: Cloudflare are also a spam support company

        Most ISPs have AUP (Acceptible Use Policy) agreements with their customers which includes no hate speech, no terrorist glorification, no spamvertised pages, no child porn etc. When abuse reports come in they investigate to see if the complaint is likely to be true, and act if it is.

        Yes this is more work, but almost every ISP on the planet manages it so why can't Cloudflare? Instead they do nothing about abuse reports and make it impossible to send reports to the real host.

    2. ItsMeDammit

      Not just me then...

      I am pleased to see that I am not the only one who generates spam complaints to Cloudlfare only to have them be ignored. I went through a spell where I was reporting the same half dozen sites over and over as a perverse hobby but gave up in favour of using those same sites as an extraordinarily easy and reliable spam filter rule. I had more luck getting the host of the actual spam email to do something about the problem, but that doesn't even scratch the surface if the target site is still up.

      My issue with an overwhelming percentage of said spam it was that it was clearly fraudulent - pyramid schemes and bogus health plans aimed at the elderly, war verterans and so on. After that, almost every single spamvertised site had a malicious payload attached. I appreciate the sort of spam I get is trivial (thankfully I have never been spammed by a terrorist group), there is no way any decent person can claim such scams as being "free speech" yet taking down such sites should be chicken feed for a support guy somewhere. It is my opinion that Cloudflare simply don't care.

  8. Spazturtle Silver badge

    Words do not magically make somebody blow themselves up, if they did then all our intelligence analysts who read these sites as part of their job would get up and join the jihad. These terrorists didn't suddenly because threats when they read these sites, they were threats before. You have to already have a significant level of disregard for human life to be susceptible to radicalisation.

    1. Anonymous Coward
      Anonymous Coward

      For some of them, they could argue that Tony Blair made them do it.

      Yet he still walks free...

  9. sisk Silver badge

    Should there be limits on free speech? Absolutely not. If you're limiting it then you can't very well call it "free speech". And let's be perfectly honest here: it is only unpopular speech that needs that protection, so the situations where people mostly want to apply limits are the exact situations where it's so important that we don't. No matter how repulsive the thing being said is as long as it is just speech it should be protected.

    Caveat, though. Recruiting terrorists is an action, not speech. As is instructing people to commit violence. That stuff can and should be axed without free speech even coming into it. But having and voicing an unpopular, even repulsive, opinion? That's a slippery slope we'd best just avoid.

  10. Anonymous Coward
    Anonymous Coward

    Under the latest, ever expanding definition of terrorism

    Non-violent but disruptive protests are now included, see the Stansted 15.

    How long before all "enemies of the government" are also classified as terrorists based on the "subverting the will of the people" argument?

    Zero tolerance policing, the Holy Grail of all authoritarian democracies the world over. Thanks to the laws brought in by MPs, senators etc that you voted for. Even voting for the "least worst option" becomes less appealing each passing day and more people realise that "they don't work for you".

  11. Anonymous Coward
    Anonymous Coward

    It seems pointless to assume how much regard for life someone who becomes radicalised might or might not have.

    All sense and judgement in a potential recruit of what is good versus what is bad is bypassed by praising the absolute worst of depravity as righteous.

    To both the psycopath and the simple fool, radicalisation offers a justification for sadism and murder by dressing them both in a fantastic coat of deranged fantasy, offering membership of a supposed elite and life eternal.

    Yet for some reason, crazed philosophies for which there is no evidence whatsoever continue to be excused, aided, abetted and further promulgated.

    There isn't much going in the way of easy answers to this.......

  12. Anonymous Coward
    Anonymous Coward

    Cloudflare don't care

    Cloudflare only care about money and have no interest in dealing with the vile sites they protect.

    As was the cast with the Terrorist attack in New Zealand where numerous sites protected by Cloudflare actively promoted the videos and celebrated their distribution.

    When this was brought up with Cloudflare their response was "meh we don't care we just provide a safe harbour for terrorist supporting sites so go talk with these people instead"

    They are scumbags of the highest order and the sooner people stop paying them money for their services the better.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019