That's such a weird way to look at it. They offer DDOS protection to anyone and everyone, and they don't offer anything that could be used to perform or relay DDOS.
"
Finally, the researchers observed a stubborn fact about these booter services that I’ve noted in several stories: That the booter service front-end Web sites where customers go to pay for service and order attacks were all protected by CloudFlare, a content distribution network that specializes in helping networks stay online in the face of withering online attacks.
"
1. How is that good? Personally, if I learned that one of my customers is selling DDOS-as-a-service, or other illegal stuff, I would drop them right away. Would you not?
2. Splitting hairs here - I never said that CF itself is performing or relaying DDOS attacks. But CF helps DDOSers stay up & in-business. This is kind of important for DDOSers as they tend to try and eliminate competition by DDOSing competitors, plus there are whitehats trying to DDOS DDOSers (lol here). CF helps them stay up. I can't imagine that you approve of that kind of stuff - that is, protecting illegal activities.
Are you a court? Then you don't always know what's illegal. Why not let the legal system decide?
It's not splitting hairs. A medicine dealer is a far cry from an arms dealer, even if they are selling to "both sides".
I totally approve of protecting people from attacks, even bad people. I don't want burglars to have their houses broken into. I don't want kidnappers to get kidnapped.
First, there is a "trading with enemy" act. So, if CF is a US-based company that provides "safe harbor" to ISIS (check the Wikipedia page), it is illegal.
Also, DDOS is illegal pretty much anywhere, last I checked. Do you have any pointers to claim otherwise?
Last, this "medicine" thing is cute, but they don't sell medicine, otherwise they would be regulated by FDA and they would need to answer some tough questions about their "medicine" (like, does it work?), and that would be the end if it, so no, it is not a "medicine". It is software-as-a-service.
A group like that has been officially declared off-limits, which is letting the government do the governing, and completely consistent with not trying to interpret the law. DDOS is pretty clear, but a lot of behaviors are not, and CloudFlare does not want to be judge and jury. They will follow legal rulings but they will not make them.
You're taking the analogy a bit too literally when you bring in the FDA. Their DDOS protection clearly works, and the FDA would not say "oh some people inflict the flu on others, you don't get to give them flu shots".
They are providing something that is entirely defense against illegal activity. If selling safes to burglars keeps them from being burgled, so be it.
" Finally, the researchers observed a stubborn fact about these booter services that I’ve noted in several stories: That the booter service front-end Web sites where customers go to pay for service and order attacks were all protected by CloudFlare, a content distribution network that specializes in helping networks stay online in the face of withering online attacks. "