[bpolverini]

One can only imagine what kind of Faustian bargain Cloudflare had to concoct in order to make this all legal.

Once Baidu and the PSB have managed to extract enough useful intellectual property from Cloudflare, it will only be a matter of time until they find a reason to block Cloudflare and replace it with a domestic service that can be even more tightly controlled.

Cloudflare is phenomenally competent, but Matthew Prince is likely in for a serious surprise that has nothing to do with technological innovation and everything to do with sociology and a different culture.

[joe_the_user]

Yes, it's dishonest for them to describe China's censorship regime as "regulation". Like any dictatorial regime, China's censorship is fundamentally "lawless" in the sense that there's no codified statement of what can and can't be said. Rather China maintains a constant threat that saying anything critical of the regime may result in sanctions, often retroactively.

And if anyone references the US, the NSA's surveillance regime has the same lawless quality despite the fig leaf of (secret) courts. We can at least be happy the US doesn't have all the overt repressive mechanism of China - yet.

[carterehsmith]

Hmmm. Many people have this perception that Cloudflare sells "protection" to DDOS "victims", while providing a comfy hosting place for DDOS "providers". Good business, selling weapons to two opposed groups.

[Dylan16807]

That's such a weird way to look at it. They offer DDOS protection to anyone and everyone, and they don't offer anything that could be used to perform or relay DDOS.

[carterehsmith]

According to some reports, they totally do. E.g. from http://krebsonsecurity.com/2015/08/stress-testing-the-booter...

" Finally, the researchers observed a stubborn fact about these booter services that I’ve noted in several stories: That the booter service front-end Web sites where customers go to pay for service and order attacks were all protected by CloudFlare, a content distribution network that specializes in helping networks stay online in the face of withering online attacks. "

[Dylan16807]

1. They offer DDOS protection to everyone.

2. That's the front-end. It's not performing or relaying DDOS attacks.

CloudFlare is not in the business of deciding who is good or bad, legal or illegal. They make sites faster, and keep sites online.

They're not selling weapons, they're selling medical services to everyone.

And they have a nice free tier.

[carterehsmith]

1. How is that good? Personally, if I learned that one of my customers is selling DDOS-as-a-service, or other illegal stuff, I would drop them right away. Would you not?

2. Splitting hairs here - I never said that CF itself is performing or relaying DDOS attacks. But CF helps DDOSers stay up & in-business. This is kind of important for DDOSers as they tend to try and eliminate competition by DDOSing competitors, plus there are whitehats trying to DDOS DDOSers (lol here). CF helps them stay up. I can't imagine that you approve of that kind of stuff - that is, protecting illegal activities.

[Dylan16807]

Are you a court? Then you don't always know what's illegal. Why not let the legal system decide?

It's not splitting hairs. A medicine dealer is a far cry from an arms dealer, even if they are selling to "both sides".

I totally approve of protecting people from attacks, even bad people. I don't want burglars to have their houses broken into. I don't want kidnappers to get kidnapped.

I'm sorry you can't imagine me.

[MichaelGG]

The bargain is probably something like: "Customers using our China POPs give us money. We like money."

And is it thought that China lacks the resources to infiltrate CloudFlare? The KGB compromised the CIA and FBI over many years for paltry sums (under a million). If China really wanted to extract IP they can certainly do so. While operational security (like HSMs and procedures) might stop people from walking off with key material, I find it really hard to believe companies can stop adversaries from walking off with source code, know-how, technical plans - things that employees need access to.