[elmin]

Cloudflare has a pretty simple policy. They only censor content when they legally have to, or when it's child porn. That actually opens them up to a lot of heat from people who aren't big fans of the KKK, the Westboro Baptist Church, or botnets. BUT they don't specifically allow botnets as a weird method of promoting them, it's a widely applied policy.

I would bet things would be a fair bit easier for them if they agreed to take things down which most people don't like, but from my position they are taking a very principaled stand for free speech. Are people on hn actually arguing we want more censorship on more places on the web?

[kyledrake]

Nobody in here is proposing that Cloudflare censor unpopular speech. We are asking that they stop protecting for-profit DDoS attack sites that are destroying the internet and using violence to censor people's ability to speak. That isn't a freedom of speech debate, it's a debate on the ethics and legality of defending and protecting criminal activity that financially benefits them, a timely topic now that this activity is actively threatening the ability of the internet to function for any kind of speech http://www.webhostingtalk.com/showthread.php?t=1599694 http://webcache.googleusercontent.com/search?q=cache:0uf9RIu...

[tripzilch]

I agree that it's an ethics problem, and a non-trivial one at that.

It seems like another problem caused by the fact that code can be data and data can be code. By which I mean, both are information. 'Free speech' implies the intent to be communicated to people, and can be considered 'data'. However a DDoS is a bunch of information with the intent of affecting the behaviour of computer systems, and can be considered 'code'.

The problem lies in discriminating between the two, given that "bits don't have colour", as explained here: http://ansuz.sooke.bc.ca/entry/23

I'm not at all sure what the right answer is, here. I'm also not 100% convinced that Cloudflare has the right approach, but I'm leaning to "yes", considering the alternative.

(by the way, you'd probably be interested in watching the youtube clip jgrahamc posted elsewhere ITT, with someone from Cloudflare saying some words about their perspective on this dilemma: https://news.ycombinator.com/item?id=12564876)

[pooper]

I mostly agree with you but let's not take it too far.

> We are asking that they stop protecting for-profit DDoS attack sites that are destroying the internet and using violence to censor people's ability to speak.

A DoS is not a violent act. I am mostly ignorant of these things but I think attacks if this kind are a service that test our capabilities. My fear is that there might be calls for legislative actions against "DoS attacks" which would then apply to people sitting at home pressing F5.

[ryanlol]

>would then apply to people sitting at home pressing F5.

How would such a law be different from the current laws? If you sit at home pressing f5 with malicious intent and succeed at bringing a site down, you're committing a crime.

[parennoob]

I don't know about you, but criminalizing the act of pressing F5 with any intent seems firmly on the way to Aaron Swartz-like cases to me.

What if you are just fed up of waiting for a site to reload and press F5 a number of times? And what about the (probably majority of) instances where the "attacker" is simply a person who unknowingly downloaded malware onto their computer to get free smileys or whatever?

[ryanlol]

>I don't know about you, but criminalizing the act of pressing F5 with any intent seems firmly on the way to Aaron Swartz-like cases to me.

What? Why is F5 a special case here and what on earth does any of this have to do with Aaron Swartz.

>What if you are just fed up of waiting for a site to reload and press F5 a number of times?

Did you intend to bring it down? Was it obvious that your activity would bring the site down? If answer to both is "No" then you're fine, this is how most laws work.

>And what about the (probably majority of) instances where the "attacker" is simply a person who unknowingly downloaded malware onto their computer to get free smileys or whatever?

Why are you even asking? If someone else commits a crime you're obviously not at fault...

Also, what was even supposedly wrong with the Swartz case? It was on solid ground both legally and morally, shame he never gave the courts a chance.[1]

[1]: Might as well expand on this a little so I don't get hidden by downvotes. I don't think Swartz deserved to go to prison, but given that he intentionally violated the law it's hard to argue that he shouldn't have been charged.

[parennoob]

F5 is a special case here because it is the exact same action that a law-abiding person does. The reason I'm stressing the F5 case is because saying "Hey you pressed F5 with this motive, so you go to jail" is equivalent to thoughtcrime – you're being punished for your thoughts rather than your actions.

Now if someone is using tools specially built for DoS I don't have a a problem with them being prosecuted.

[kyledrake]

If you figure out how to build a 600Gbps DDoS attack with Firefox, you are correct, that still qualifies as a DDoS and you can go to jail for it already. People have been tried in court for using Low Orbit Ion Cannon before, in a few extremely isolated instances. A DDoS is a DDoS, but intent is obviously important, and you do need to actually cause a problem for there to be a crime. I think clicking reload a couple times would be a stretch here for enforcement, perhaps it's possible but AFAICT it's not yet happened.

But we aren't talking about protest with a reload macro here, these are for-profit criminal botnets. And one if them just took down the largest DDoS mitigation network in the world. Which means there aren't many sites on earth left they can't take down. Much smaller attacks have nuked Github for days. Who's next to get "freedom of speeched"?

[pooper]

I think a better solution is to have ISP s work together to warn and cut off access to botnet infected computers. They have the technical ability because they have strikes for copyright. Perhaps it could be a soft ban like an hour long ban or something.

But if two billion people decide to stay at home and continuously press F5, you should get freedom of speeched. I think that's the equivalent of a picket line. Not talking about automated tools other than "refresh page every second".

[fragmede]

"I will send DDOS for $xxx, send paypal to ###@example.com"

That's the the extremely unpopular speech that you're proposing to censor. The instant you say "oh but that's different" because of the contents of the speech, you're interjecting your own opinion about that speech.

Which, actually, is fine, but don't play that off as not being speech.

At the level where Cloudflare's network isn't actually being used to send the DDOS attack itself, it's also still speech.

Cloudflare will close accounts when asked, backed by court order. The problem is on today's Internet, that's nigh impossible, which realistically means it falls to Cloudflare to interject an opinion on what's good and bad, but so far they've avoided that as effectively as an ostrich burying it's head in the sand, and so are effectively supporting many bad actors.

[tripzilch]

While I understand your position, the particular line you quote is not protected as 'free speech' because it's advertising to sell a criminal act for money ... I could be wrong.

[steve-howard]

Protecting unpopular organizations is taking a principled stand for free speech. Protecting people who profit from breaking people's web services is not.

"We don't take it down unless it's illegal" is a simple policy, but to be a good policy it needs judgment as well.