[carterehsmith]

First, there is a "trading with enemy" act. So, if CF is a US-based company that provides "safe harbor" to ISIS (check the Wikipedia page), it is illegal.

Also, DDOS is illegal pretty much anywhere, last I checked. Do you have any pointers to claim otherwise?

Last, this "medicine" thing is cute, but they don't sell medicine, otherwise they would be regulated by FDA and they would need to answer some tough questions about their "medicine" (like, does it work?), and that would be the end if it, so no, it is not a "medicine". It is software-as-a-service.

[Dylan16807]

A group like that has been officially declared off-limits, which is letting the government do the governing, and completely consistent with not trying to interpret the law. DDOS is pretty clear, but a lot of behaviors are not, and CloudFlare does not want to be judge and jury. They will follow legal rulings but they will not make them.

You're taking the analogy a bit too literally when you bring in the FDA. Their DDOS protection clearly works, and the FDA would not say "oh some people inflict the flu on others, you don't get to give them flu shots".

They are providing something that is entirely defense against illegal activity. If selling safes to burglars keeps them from being burgled, so be it.