[pdeuchler]

I more or less agree with you, but that's kind of a false dichotomy, isn't it? Signing up for cloudflare or using a CDN isn't giving in, it's taking measures to protect yourself (and that's ignoring the other benefits you get). The unfortunate fact is DDOS attacks are becoming a daily occurrence, and if you have something to lose you should probably take measures to counteract any possible threats.

If 37Signals was a bitcoin exchange, aka a known target of DDOS attacks, the mood here would be drastically different... yet we've hit a tipping point where it seems everyone is equally at risk. DDOS attacks have become a sad cost of doing business on the internet, and just because you acknowledge that fact and try to prevent yourself from being a target doesn't mean you're capitulating to the criminal enterprise.

In fact, I don't see a better way of sticking it to the thugs than responding with "Hahaha, do your worst. We'd love to see if the money we're paying X COMPANY is worth it." And then you get to write a totally different blog post, one where you get to brag about your excellent foresight and how you have proven to your customers that the money they pay you buys a top-notch service.

[troels]

That's a bit naive though. People can always find ways to hurt you - it's a very asymmetric fight. With a complex application such as Basecamp, you can't really put everything behind a cdn.

[cft]

That's why I actually think that their thrust on pursuing the legal/FBI route is a good one, especially if they achieve any success there. This extortion/racket is indeed criminal and not tolerable. It would be good to catch the racketeers and make an example of them.