[jsheard]

That would require Cloudflare to have a KYC policy which exposes the individual/organization behind an account, and they don't do that either.

If DDoS4U gets banned they can just rebrand as DDoS4Less and CF is (willingly?) none the wiser that it's the same people behind it.

[ensignavenger]

Malicious actors could spin up new accounts whether or not CF bans malicious accounts without a court order. Requiring a court order would have no bearing on CF's ability to prevent duplicate accounts.

[thefifthsetpin]

KYC := know your customer

[mozman]

aka get their real id