[luckylion]

... which are unknown because CloudFlare's service includes "hide your backend".

If CloudFlare provided a way to find out the host of a website they run, and gave said host a way to find out what servers specifically are hosting it, they'd have a much better argument, because they'd make it easy for anyone to use the legal system to go after offenders.

I don't know how easy it is for US citizens or law enforcement to get that information from CF, but from what I've heard, it's very, very hard to do so from Europe, and will basically only be used for major crimes, but not for a common "scam a granny" operation. CF is essentially providing cover for these.

[amq]

CloudFlare forwards all abuse claims to the providers, so filling an abuse with CloudFlare is practically equal to filling it with the providers. The only difference is that you don't know who the providers are.

[luckylion]

It's not. They do forward it, but the provider can simply chose to ignore it, since it's not addressed to them and there's no legal implication - it's purely informational for them, letting them know that CF has received a complaint.

[MichaelCollins]

> If CloudFlare provided a way to find out the host of a website they run

Surely they respond to subpoenas and warrants.

[luckylion]

If you're in the US, probably. If you're outside the US, from what I understand, they require you to file in the US (or have US law enforcement work on your behalf).

For all intents and purposes, that means they don't for anyone outside the US, except for very high profile cases. For everything else, they're providing a legal shield.