[avian]

> We reported the sites to both CF and Google, and to my knowledge, not a single site were removed before the people behind it took it down.

As someone that tried reporting spam sites because they were using content scrapped from my website, I'm not surprised.

Cloudflare has a policy that they will not stop providing their IP hiding/reverse proxy services to anyone, regardless of complaints. The best they do is forward your complaint to the owner of the website, who is free to ignore it.

They say "we're not a hosting provider" as if that's an excuse that they can't refuse to offer their service. I'm sure many spam websites would go away if they couldn't hide behind Cloudflare.

[yosamino]

> The best they do is forward your complaint to the owner of the website, who is free to ignore it.

Or worse. Since I have no way to know beforehand who I would be dealing with, this is actively dangerous - what if the mobster running this site is having a bad day and choses to retaliate ?

Also what a stupid fucking policy that is. Even if you are not legally compelled to block content, what is the point of actively helping distibute harmful content?

What they are doing is worse than just saying "We are not a hosting provider" - because while what is true, they are actively distributing content that is hosted elsewhere while hiding who is hosting it.

One can easily write an email to abuse@hoster.example.com and usually these people do not want garbage on their networks. CF is making it impossible to do notify them, and they refuse to implement an alternative procedure.

I still do not understand the moral position of profiting off of enabling criminal scum, when it would be so easy not to...

[tlogan]

I do not think that it is up to Google or CloudFlare to police the internet. If a site is doing something illegal then report it to appropriate gov agency. If gov agency does not anything then get involved into political process to fix that.

[hackbinary]

If Google, or CF, or whoever are fronting illegal activity with their services, they are absolutely responsible for damages the party they are proxying.

Platforms must be responsible for the content they are hosting, broadcasting, and publishing.

One to one communications between two people exchanging ideas and having a private discussion is different from mass broadcasting.

[fstrthnscnd]

> Platforms must be responsible for the content they are hosting, broadcasting, and publishing.

> One to one communications between two people exchanging ideas and having a private discussion is different from mass broadcasting.

The highway is used both by those visiting their friends and those doing mass deliveries. Is it the job of the highway maintenance crew to control for what purpose their network is used?

I would like to know if the above analogy stands.

Edit: https://news.ycombinator.com/item?id=27994831

[zizee]

The "owner" of the highway is the government, who regulates commercial traffic differently to personal traffic. The government places strict rules on who is allowed to use the highway, and how it is used.

The highway maintenance crew is akin to the person installing racks for CloudFlare.

[hackbinary]

Highway are a poor analogy for information broadcast systems in general. Highways are closer to a one to one transmission system rathe than a broadcast system of one to many.

[franga2000]

They're already removing things they don't like. I see no reason why they shouldn't remove things that are objectively 100% harmful.

Like seriously, is there a single person on the planet that's going to defend online scams? It's immoral, it's illegal, it benefits no one and harms thousands. And it's not like it's very hard to detect and block either.

[xorcist]

If someone were to tell AT&T that this call center customer of theirs is in the business of extorting people for money, they'd at least look at it and help law enforcement accordingly. Cloudflare has a talk-to-the-hand attitude until actively forced by law enforcement. That's an important difference right there.

[pdimitar]

Gov agencies and political processes take ages to do anything at all.

At this point I'd still like the internet companies doing partial policing of content. At least they'll achieve something.

[a2tech]

Because criminal scum pay their bills. You don't think 8Chan was on a free account do you?

The sooner developers realize that Cloudflare is not saving the Internet the better.

[oblio]

At this point I'm convinced that at least 10% of all legitimate economic activity is actually money laundering for crime organizations, in various forms. I imagine that percentage goes even higher in the financial capitals of the world.

[BeFlatXIII]

That’s the low estimate.

[samstave]

'ey... I'm trafficking Paintings 'ere -- ya know... Art

[cratermoon]

> what if the mobster running this site is having a bad day and choses to retaliate ?

I wonder if someone with malicious intent could set up a site designed to generate complaints (how exactly would be an exercise for the reader), put it behind Cloudflare, and purposely use the information in the forwarded complaints to harass, abuse, dox, or otherwise harm people.

[FDSGSG]

>One can easily write an email to abuse@hoster.example.com and usually these people do not want garbage on their networks. CF is making it impossible to do notify them, and they refuse to implement an alternative procedure.

But that's exactly what CF does. They forward your abuse complaints to the abuse contact of the IP address hosting the content.

[arthur2e5]

The retaliation is quite real—CF keeps your entire e-mail address and name in there, so you are essentially doxxing yourself. Pretty sure 8chan posted a lot of the reports they got back in the day.

[eru]

They might take that stance, to avoid liability and complication.

At the moment, they have a very clear rule. If they stop providing services to obvious spammers, they will create lots of grey areas, and they will also implicitly make a judgement that the client they still serve are _good_ in some way, and an enterprising lawyer or muckraker might exploit that.

[LudwigNagasena]

Cloudflare dropped the Daily Stormer. The ship of pretense of no judgement has sailed.

[Litost]

To anyone else who's curious links for the above:

https://blog.cloudflare.com/why-we-terminated-daily-stormer/

https://en.wikipedia.org/wiki/The_Daily_Stormer

[sneak]

This may have had something to do with the fact that the daily stormer was claiming prior to that that their lack of suspension was an implicit endorsement by CloudFlare of their site and content.

Misuse of trademarks is a thing.

I agree, however, that CF's policies are applied arbitrarily.

[iratewizard]

And 8chan, the 4chan alternative where anyone can make and moderate their own board.

[hnbad]

Better known for being linked to the Christchurch and El Paso shootings, being the origin of the QAnon movement and having a history of hosting child pornography.

https://en.wikipedia.org/wiki/8chan

[iratewizard]

Facebook, reddit, MySpace and Twitter have all been linked to mass shootings and child pornography. None of these sites condone, enable or remotely desire such content.

[hnbad]

> None of these sites condone, enable or remotely desire such content.

Yeah, and that's the difference, isn't it? 8kun might not condone any of these things, officially, but it very much enables and desires them.

This kind of discourse is seen as the "price of freedom", its presence a demonstration of absolute tolerance and blind faith in freedom of speech. Facebook, reddit, MySpace and Twitter are more strictly moderated and impose actual terms of service on their users' freedom of expression.

But of course this also means the people most motivated to join networks that offer guarantees of free speech absolutism are those whose discourse is not tolerated by these mainstream alternatives. And their presence will almost guarantee an absence of "normies" who don't run into the limits of their freedom of speech on the moderated networks much and feel uncomfortable around the former group.

Heck, the only reason 8chan ever became large enough to be widely known was because 4chan evicted Gamergate. And 4chan isn't exactly known for its strict moderation and suppression of political views.

[avian]

How is that different from a hosting provider that has to address legal complaints regarding spam, copyright infringement, etc. on their servers? Just like a hosting provider, they specifically have a relationship with the website owner to provide the reverse proxy service. It's not like they can say "we don't know who or how our service is being used".

It seems to me that if they want to be in this business they have to deal with these liabilities and complications, not hide behind some vague "our hands are tied" language.

[studentrob]

Presumably if illegal content is not taken down by the customer then the host cancels the service, right? Otherwise the host risks liability. That's different from revealing the IP of a customer which requires a court order.

[eru]

You have a point, but I assume those businesses' lawyers understand this better than our armchair speculation here.

[lelanthran]

> How is that different from a hosting provider

If their argument is "we only retransmit what we get, with caching" then they are in the same place liability-wise as the phone providers ("We only retransmit what we et, with caching").

In other words, a common carrier.

Hosting is different. For exmaple, Youtube is not liable for what their users upload. They comply with takedown notices because they host the content, not the user.

[breakingcups]

But in a way, they actively host the content. The fact that their server periodically retrieves new content from a different backend makes no difference. The page sits on their hard drives and is server by their servers when I visit that domain. It's always been a very, very thin argument and it has gotten even thinner with the likes of Cloudflare Pages and Workers.

Cloudflare is just a huge company actively ignoring abuse complaints and somehow they are getting away with it. It even helps their PR to a certain market segment.

They even still host kiwifarms, a board that is primarily known for its vicous harassment of people and is known to have driven multiple innocent people to suicide.

I consider CloudFlare a bad actor at this point and I wish the other big names around them would too. They are subsidizing crime with VC money.

[IfOnlyYouKnew]

This logic doesn’t make sense. Nobody is under the illusion that CF is somehow incapable of denying service to individual customers.

[mattbee]

This policy even extends to stresser/booster/DoS-for-hire services services - try searching for some and see who fronts them?

20 years ago the transit providers of the internet would have spotted Cloudflare for what it is, and cut it off.

[guest159835]

I've been reporting hundreds of spam sites to Cloudflare, but always get the same lame excuse. Godaddy the same. Meanwhile good content drops in Google rankings and spam moves to the top.

[FeepingCreature]

That seems like the sort of thing that should require a judge's order.

[trangus_1985]

Cloudflare is not a public institution. It troubles me that they get to define, draw, and then maintain that line.

However, I do agree - privacy unveiling like that should require a judge's order.

[stavros]

But they don't, that's explicitly their stance. There is no line. They host everyone equally. To do the opposite would require drawing a line.

[yosamino]

That is not true. They do have a line specified here https://www.cloudflare.com/abuse/

It's just that the procedure is so useless that it might as well not exist.

[fauigerzigerk]

IANAL, but I don't see a Cloudflare specified line anywhere on this page. I think this is just the bare minimum they are legally required to do.

[trangus_1985]

> There is no line

You are missing the point of the complaint, which is that it's a private decision to hold that policy. Maybe it was a bad idea to use the word "line", but the intent still stands unadressed.

[account42]

> They host everyone equally.

Everyone except those that are too right wing.

[stavros]

Are you referring to the one incident where they stopped hosting a racist hate site and then vowed to never take sides again?

[account42]

Yes. Also to the incident where they stopped hosting 8chan after they vowed to never take sides again.

You can agree with Cloudlare not providing services to those sites as much as you want, but you cannot pretend that Cloudflare hosts everyone equally. They cannot use that as an excuse to not deal with spammers.

[LudwigNagasena]

Well, that one incident shows that they don’t host everyone equally. A very simple and obvious conclusion.

[nextlevelwizard]

"He has never murdered anyone" "Are you referring to the one incident where he shot a racist hater and then vowed to never murder again?"

All I'm saying is that we won't know until they come under pressure again

[studentrob]

Yes, it is akin to revealing the IP of a user on a social media site.

[andyjohnson0]

I'm pretty sure they stopped providing services to a neo-nazi site a few years ago. A decision that I am completely happy with btw.

[nine_k]

This is very rational of them. They position themselves as a pipe for "bytes", not "content".

By ignoring the content they serve, they rid themselves of the necessity to analyze and judge what they serve. Not only would this require a brain the size of a planet and the expense of running it, but also would inevitably conflict with someone else's judgments, and bring various PR woes.

They don't analyze the internals of their traffic the way internet backbone providers don't analyze the internals of the traffic they pass around.

I frankly find this position superior: imho it does more good by preventing censorship than harm by serving good-intentioned and bad-intentioned customers alike.

[rowanG077]

In fact I completely agree with that stance. It's not cloudfares job to police the content. They provide a simple service. If something is unlawful law enforcement should go after the owners.

[withinboredom]

And how, might I ask, do you propose to do that?

[rowanG077]

Law enforcement can get a warrant to get information to try and find them for example. They can hire security experts. They can do tons of things.