[judge2020]

> they are actively lighting these fires and making money by putting them out!

A bit of an odd take - it's like the fire department putting out the fire at the known arsonist-for-hire's house, and the police chief happens to run the fire department while doing nothing about the suspiciously wealthy arsonist.

The difference is that Cloudflare isn't an actual public service and has no obligation to DDOS protect anyone.

[rtpg]

A simpler example: AWS hosts fakeLVbags.com. This site sells counterfeit luxury handbags, and says so clearly on the site.

Now AWS does not realize this as they are large and have lots of operations.

However, one day a journalist asks Amazon directly about this website, and there is an official press release by Amazon made about it.

AWS has had this illegal activity brought to their attention, as well as the fact that they are facilitating this activity. They openly acknowledge the site existing.

Legally this is very different from not knowing about what is going on! Not only does Amazon in this hypothetical know, they have admitted publicly that they know!

So… now to Cloudflare. Did Cloudflare, experts in this domain, not know about these DDOS vendors? And did not realize they were offering protection to those? Maybe not! But maybe. And knowing makes things a lot worse for them. Especially if Cloudflare connected the dots internally about the usage for illegal activity. But! CF simply might not have known, or had a complete picture. Or anything in between.

[xfer]

A DDoS Protection company doesn't know what the state of the market is? Really? Feigning ignorance on this matter is not very honest.

Your aws story is completely irrelevant since AWS doesn't sell counterfeit luxury handbag insurance. Would you argue amazon webstore doesn't know about fake products in their marketplace?

[rtpg]

to be clear I'm not trying to defend Cloudflare. The sort of generous interpretation is that even if CF understands this at a high level that doesn't necessarily lead to them knowing where these services are and which companies they are hosting that have this (though ... honestly, for B2B services like CF it feels pretty reasonable to at least do the vaguest sanity check)

[sourthyme]

The issue (I believe according to the author) is that Cloudflare is now choosing to withhold protection for Kiwi Farms, taking a moral stance and should be more responsible for other moral obligations or none at all. IE. Should they stop providing protection for more sites? When is the next Kiwi Farms?

I don't agree with the author because it is still early (and the author might be putting Cloudflare under pressure for some personal gain in some rhetoric), but these questions are interesting and is part of the cancel culture we are seeing more of.

[Cyberdog]

As they mentioned in their article on Wednesday, cutting service to site A means that they're going to get a lot of angry people and/or governments wondering why they could dare to provide service for the equally vile (in their eyes) sites B, C, and D. They've just exacerbated this situation.

[worldofmatthew]

The problem is that demand for Cloudflare services is furthered by allowing illegal booters. If thoes sites were not protected by Cloudflare, they would attack each other offline. That would be the death-nail for most DDOS-for-Hire operations and the few remaining would raise prices, making it nearly impossible for a single person to boot other offline.

By allowing the attackers to use their services, while deciding other websites are not allowed to. Cloudflare is removing others freedom of speech.