[EdwardDiego]

I don't really give two hoots about Cloudflare, I just don't like false statements, like when "Cloudflare helped me run a DDoS network" actually means "Cloudflare kept my website from being DDoSed", with the addendum "and I'm bad, therefore, not protecting KiwiFarms is hypocritical."

It's just dumb.

[mike_d]

It is like renting a storefront in a mall and selling goods stolen from other shops in the mall. What the storefront is doing is illegal, and offering them free rent hurts the other legitimate shop owners in the mall.

To extend the analogy, the mall also refuses to tell the other store owners who owns the shop so they can take legal action. (Cloudflare quite famously will just forward your complaints about hosting illegal services to the service themselves)

[Borgz]

You have admitted in your earlier comment that "Cloudflare was helping keep his website up." You are saying that "Cloudflare helped keep his website up" does not logically imply "Cloudflare helped me run a DDoS network".

Even if you genuinely believe that, how are you confident enough that people generally share your interpretation of what constitutes help to call the statement in question "false"?

[xboxnolifes]

Following this, their ISP, their electric company, their server hosting location, and presumably their government (with their monopoly on violence) also helped them run a DDoS network.

What's next, is the landscaper helping run the DDoS network because they cut the grass outside so people can access the building better?

[Borgz]

The most important factor to consider here is knowledge.

If it is the case that Cloudflare provided services to this website with full knowledge that it was a DDoS-for-hire service, which seems likely, this would significantly increase their culpability. This may also apply to the server host, if the server host directly worked with them.

I find it difficult to believe that the ISP, electric company, or government knew of the actions that this DDoS service was taking, and how their own actions benefitted them, since these entities are so far removed from the DDoS service. But if they did have knowledge of what was happening, of course they would be culpable to some extent.

I also disagree with the implication that we have to make a black-and-white judgment of "they helped" or "they didn't help". Depending on the extent of involvement, a third-party can have varying levels of culpability in the DDoS service's actions.

[Beltalowda]

> with the addendum "and I'm bad, therefore, not protecting KiwiFarms is hypocritical."

That is not how I read it at all; I didn't read a strong conclusion in the article one way or the other, but if anything I would say it's "if you kicked off KiwiFarms, then why not all the DDoS services?"

But most of all, I think it's a nice example on how "being neutral" is actually quite tricky around the edges.

[danShumway]

> with the addendum "and I'm bad, therefore, not protecting KiwiFarms is hypocritical."

Is that the takeaway people have from this article? My reading wasn't that the author is advocating that Kiwi Farms should have been left up. They're asking for DDoS sites to be added to the ban list.

The "hypocrisy" that they keep bringing up is Cloudflare's claim that inaction in these instances is a neutral stance, and that in actuality Cloudflare is an active participant in helping these sites stay online.