Cloudflare speaks out amid allegations it safeguards banned terror gangs' websites Cloudflare found itself underfire this month for seemingly allowing officially designated foreign terrorists to use its website protection services. Which, under US law, would be a big no-no. A HuffPo report claimed the US-based biz is being used by the likes of al-Shabab and the Taliban to evade attempts to shutdown their …
There is too much scope creep in banned organisations, as the article implied its far too easy to squash freedom of speech by defining something as terrorist content / gradually extending what is proscribed speech.
Frankly the security services would be better letting cloudflare do its thing, and if there was *genuine evidence* of "proper" terrorist use then work with cloudflare to try and locate the terrorists - letting known terrorist content stay up can be useful in finding the posters / supporters of that content, sending everything underground just makes tracking the terrorists that much harder.
Worse, HuffPo et al decides it doesn't like stuff and tries to pressure third parties into censoring perfectly legal content.
I've long since figured out that HuffPo "journalists" are all the type of SJWs that define hate speech as "anything I don't agree with". I give them the amount of attention that such a status warrants, which is none at all.
The other point is that if Cloudflare are co-operating with law enforcement agencies, do they in fact make it easier to act against these types of sites?
Given the many levels of potential contacts required to take down a site, and the varying levels of responsiveness involved, I would have imagined Cloudflare would simplify the process of getting content removed and beginning the process of tracing those responsible in an appropriate manner.
Who's the upset party here? Law enforcement, the vigilantes that can no longer take direct action or a HuffPost journalist looking to save the world?
Cloudflare's general counsel Doug Kramer admitted to The Register this week that his company's relationship with customers, particularly terror groups that operate behind multiple fronts and aliases, can be difficult to police.
Sure.
What is so difficult to police about a site which openly advocates murdering people including prominent European politicians while operating from a fixed well defined URL using a fixed well defined name. What is so difficult to police about a site which publishes the details of their wives, children including which school they attend to and calls for the metering out punishment to these family members.
This is the site I have in mind: https://myrotvorets.center/
Served proudly by Cloudflare. As it "serves" OUR means and is a part of OUR information campaigns, we pretend that it is an excellent example of free speech. Nothing wrong with advocating murdering the "enemy", their wives and their children you know.
Most recently it put a bounty on Gerhard Shroeder's head and published his full personal details including details of his family whereabouts. Not linking not because I do not know the page in question, but out of principle (same as I would not link to RT).
It's impossible for a service provider such as Cloudflare to investigate every domain that uses its service... Also they offer a very easy to find form for reporting abuse:
https://www.cloudflare.com/abuse/form
likewise they are not the only service provider who a reverse-proxy service, so I find individually picking them out is nothing but somebody holding a grudge.
This post has been deleted by its author
This post has been deleted by its author
Even if Cloudflare were to start to check websites before they were allowed to use its services, it would be trivial for these terrorist groups to upload an innocuous website template while the site was moderated and checked. Then ones the service was activated change it to host terrorism related content.
Cloudflare is not like Facebook or Youtube who host the content so should have some responsibility to take it down, the content is hosted on the clients services and Cloudflare are mealy acting as a proxy to get to it. The servers that the terrorist site is hosted on could even be hosted with US web hosts, as web hosting providers pretty much let you upload whatever you want. Website will often stay up until there is either a report of abuse or the sysadmins spot illegal content while investigating another issue such as excessive resource usage on the server and then suspend the account.
This post has been deleted by its author
I'm an anti-spammer and have been for over 20 years. I send abuse reports to the source ISP and feed/hosts of advertised web sites (and redirects) for every single spam E-mail I get. This averaged (until recently) about 3 a day, so around 1000 reports a year. I'm mentioned in "Spam Kings" and was active in NANAE for years (obscure reference for anti-spammers).
Most ISPs take down obvious spammer sites rapidly but Cloudflare "mirrored" web sites are always a pain because Cloudflare refuses to act on abuse reports (no matter how much evidence they get) and they hide the IP address of the mirrored host which makes it hard to make the real host aware of the problem.
Fortunately Cloudflare's system isn't infallible and occasionally and, if you ping enough, you sometimes get the original web site IP. The last time this happened the real host ISP (xglobe.com in this case) investigated immediately after I contacted them. Their customer's rogue binary trading "affiliate" was kicked off and the customer donated £1000 to Children in Need as compensation for the amount of effort I had put in (67 abuse reports, one for each spam I received). I can prove all of this on request.
I have no problem with free speech, but I do have a problem with Cloudflare providing bulletproof services to spammers. Spam is illegal and is *not* free speech. I note that Cloudflare rules are not blanket rules as, for example, they (absolutely correctly) ban mirroring child porn, so they obviously have control over what they allow.
You will also note that Cloudflare's abuse report page has no "abuse type" category for spam, even though that is the most use I see of their services:
https://www.cloudflare.com/abuse/form
In my opinion they are a spam support company.
If they embedded the original IP somehow or had a lookup page for same, they would be offering a rather pointless service. Their DDoS protection hides the actual ip of the server so that miscreants can't flood the server with bogus traffic taking it off the internet.
Most ISPs have AUP (Acceptible Use Policy) agreements with their customers which includes no hate speech, no terrorist glorification, no spamvertised pages, no child porn etc. When abuse reports come in they investigate to see if the complaint is likely to be true, and act if it is.
Yes this is more work, but almost every ISP on the planet manages it so why can't Cloudflare? Instead they do nothing about abuse reports and make it impossible to send reports to the real host.
I am pleased to see that I am not the only one who generates spam complaints to Cloudlfare only to have them be ignored. I went through a spell where I was reporting the same half dozen sites over and over as a perverse hobby but gave up in favour of using those same sites as an extraordinarily easy and reliable spam filter rule. I had more luck getting the host of the actual spam email to do something about the problem, but that doesn't even scratch the surface if the target site is still up.
My issue with an overwhelming percentage of said spam it was that it was clearly fraudulent - pyramid schemes and bogus health plans aimed at the elderly, war verterans and so on. After that, almost every single spamvertised site had a malicious payload attached. I appreciate the sort of spam I get is trivial (thankfully I have never been spammed by a terrorist group), there is no way any decent person can claim such scams as being "free speech" yet taking down such sites should be chicken feed for a support guy somewhere. It is my opinion that Cloudflare simply don't care.
Words do not magically make somebody blow themselves up, if they did then all our intelligence analysts who read these sites as part of their job would get up and join the jihad. These terrorists didn't suddenly because threats when they read these sites, they were threats before. You have to already have a significant level of disregard for human life to be susceptible to radicalisation.
Should there be limits on free speech? Absolutely not. If you're limiting it then you can't very well call it "free speech". And let's be perfectly honest here: it is only unpopular speech that needs that protection, so the situations where people mostly want to apply limits are the exact situations where it's so important that we don't. No matter how repulsive the thing being said is as long as it is just speech it should be protected.
Caveat, though. Recruiting terrorists is an action, not speech. As is instructing people to commit violence. That stuff can and should be axed without free speech even coming into it. But having and voicing an unpopular, even repulsive, opinion? That's a slippery slope we'd best just avoid.
Non-violent but disruptive protests are now included, see the Stansted 15.
How long before all "enemies of the government" are also classified as terrorists based on the "subverting the will of the people" argument?
Zero tolerance policing, the Holy Grail of all authoritarian democracies the world over. Thanks to the laws brought in by MPs, senators etc that you voted for. Even voting for the "least worst option" becomes less appealing each passing day and more people realise that "they don't work for you".
It seems pointless to assume how much regard for life someone who becomes radicalised might or might not have.
All sense and judgement in a potential recruit of what is good versus what is bad is bypassed by praising the absolute worst of depravity as righteous.
To both the psycopath and the simple fool, radicalisation offers a justification for sadism and murder by dressing them both in a fantastic coat of deranged fantasy, offering membership of a supposed elite and life eternal.
Yet for some reason, crazed philosophies for which there is no evidence whatsoever continue to be excused, aided, abetted and further promulgated.
There isn't much going in the way of easy answers to this.......
Cloudflare only care about money and have no interest in dealing with the vile sites they protect.
As was the cast with the Terrorist attack in New Zealand where numerous sites protected by Cloudflare actively promoted the videos and celebrated their distribution.
When this was brought up with Cloudflare their response was "meh we don't care we just provide a safe harbour for terrorist supporting sites so go talk with these people instead"
They are scumbags of the highest order and the sooner people stop paying them money for their services the better.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
