[rtpg]

A simpler example: AWS hosts fakeLVbags.com. This site sells counterfeit luxury handbags, and says so clearly on the site.

Now AWS does not realize this as they are large and have lots of operations.

However, one day a journalist asks Amazon directly about this website, and there is an official press release by Amazon made about it.

AWS has had this illegal activity brought to their attention, as well as the fact that they are facilitating this activity. They openly acknowledge the site existing.

Legally this is very different from not knowing about what is going on! Not only does Amazon in this hypothetical know, they have admitted publicly that they know!

So… now to Cloudflare. Did Cloudflare, experts in this domain, not know about these DDOS vendors? And did not realize they were offering protection to those? Maybe not! But maybe. And knowing makes things a lot worse for them. Especially if Cloudflare connected the dots internally about the usage for illegal activity. But! CF simply might not have known, or had a complete picture. Or anything in between.

[xfer]

A DDoS Protection company doesn't know what the state of the market is? Really? Feigning ignorance on this matter is not very honest.

Your aws story is completely irrelevant since AWS doesn't sell counterfeit luxury handbag insurance. Would you argue amazon webstore doesn't know about fake products in their marketplace?

[rtpg]

to be clear I'm not trying to defend Cloudflare. The sort of generous interpretation is that even if CF understands this at a high level that doesn't necessarily lead to them knowing where these services are and which companies they are hosting that have this (though ... honestly, for B2B services like CF it feels pretty reasonable to at least do the vaguest sanity check)