Doesn't cloudfront generally act like cloudflare? Ie. We don't inspect your content. Law enforcement are the only people who can stop us hosting a site.
If you violate policy (of which there are likely many varied yet incontestable interpretations), AWS pulls the rug out from under you faster than one can say "neutral". That's excluding they do not make newer policies on-the-fly.
It has nothing to do with "neutrality", they have Terms of Service like every single service provider in the world. If you violate them, there goes your infra. Spreading malware is almost certainly a violation of AWS' ToS (Amazon engs, correct me if needed)
It's a little more complicated than that in Cloudflare's case. The debate isn't really relevant to AWS/CloudFront or anyone else, but Cloudflare has famously had a policy of not kicking off any customers as long as they abide by US law. The CEO publicly identifies as a free speech absolutist. (Malware/phishing/etc. is still removed, since it's illegal.)
The CEO publicly broke their policy on this on two occasions: the neo-Nazi website The Daily Stormer, and 8chan. In each case, only after a long saga played out.
For The Daily Stormer: after they mocked the deceased victim of the Charlottesville rally, Cloudflare received public pressure to boot them but refused, and then the owner subsequently tried to troll them/the public by claiming Cloudflare executives secretly supported their ideology, causing them to finally be removed. (https://blog.cloudflare.com/why-we-terminated-daily-stormer/
)
For 8chan: Cloudflare received a lot of heat for not removing them after the first and second incidents of posters becoming mass shooters, eventually removing them after the third mass shooting. (https://blog.cloudflare.com/terminating-service-for-8chan/)
I forget the term/aphorism for this (like "double-bind", sort of), but they put themselves in an awkward position because they're probably one of the most neutral service providers out there - still far more than probably anyone else to this day - but by marketing themselves as 100% neutral, being only 99.99999% neutral created lots of lasting negative PR that people still regularly bring up.
Any other company would've kicked those people off way sooner and there would've been little to no publicity, because they routinely do such things, but now Cloudflare is hated by both the pro-censorship and the anti-censorship crowd. (See: https://en.wikipedia.org/wiki/Cloudflare#Mass_Shootings and everything below. It's quite a rollercoaster.)
It's a gray area. They sometimes reverse proxy frontend portals for those services, but not the services themselves. Sometimes the frontend won't have anything obviously illegal.
Anything that's actively serving malware or phishing pages is removed.
clouflare stopped being like that long ago. they publicly posted that they will take down stuff they makes the ceo worry, and they will inspect what your users are reading/sharing - and notify agencies with powers and guns when they find stuff from now/then on.
- no longer a dumb pipe, no longer neutral, actually active in directing law enforcement to take you down and possibly take people out.
I just have to wonder if people downvote this thinking it's not possibly true, or they just don't like what is said.
Link to relative info is posted on another comment (https://news.ycombinator.com/item?id=27884821) - but for those who have not read it, here is an excerpt from a 2019 cloudflare post/statement:
"...what we have done to try and solve the Internet’s deeper problem is engage with law enforcement and civil society organizations to try and find solutions. Among other things, that resulted in us cooperating around monitoring potential hate sites on our network and notifying law enforcement when there was content that contained..."
So I stand by the statement, I can't see any other way to read it.
reason for "no longer a dumb pipe," - is that I believe that was the 'defense' aka reason being used for a while to push back against different groups that were accusing and then trying to public shame cloudflare;
for protecting alt-right(?) I know there were a few PR pieces pushed in the UK or Euro press about some things - maybe hookers or something..
anyway for a while cloudflare was all like, we are just a really big pipe that pushes data and can absorb ddos.. we don't get into content moderation or opposite-net-neautrality..
there were complaints that some groups 'on the right side of history (or whatever)' - were trying to take down the stormer site I think it was and that their co-ordinated takedown attempts were failing as cloudflare was protecting the send/receive, being a pipe, not a judge..
This is what I believe ATT was using as a defense some time ago; they don't stop drug dealers from making calls they just provide the 'pipe'
There was also some groups complaining about cloudflare making it hard to find servers - to find jurisdiction, again uk /euro I think - I have those articles saved on one of my systems.. and may be linked to a HN comment long ago - where I said chipping away at this pipe thine will lead to a bifurcated internet - where we will have internet place X internet place Y - and companies like cloudflare may have to turn into a dozen different companies to keep up with the changing 'this speech is not okay' rules for various places..
funny how fast things can change.
I believe many of cloudflare's early customers especially felt protected and safe because of the stances - and I bet most don't know about the 180..
I also think most average web people would think if you set 'whatever' for your DNS - that the dns routing is basically a dumb pipe - it's not spying on you and sending copies of your data to gun agencies.
Just as I think most people would not expect their cell phone company or internet provider to spy on data and send snippets of your communications to agents. I would not expect my web server co to deep packet inspect all comms looking for bad things. (not without a warrant and being directed to look at a specific line, now a whole data center / cell co, etc.)
I think it was a terrible choice to make for cloudflare, but I know not an easy one either way.
So 'pipe' is a term that has been used in this way for a while now in similar fashion I thought - and it's not meant literally like a copper water line.
Also in some ways cloudflare has been a pipe - a pipe for flowing data that would be choked by ddos attack if were to try to send/receive across the net in most other ways kinda of.