Developer adoption is our priority, profits second, Cloudflare tells bankers If Cloudflare CFO Thomas Seifert's take on his company's direction is accurate, expect future strategy to focus on how it can use its slew of newly announced tools to make the biggest dent in existing markets. Profit motivations come a distant second, as least for now. Speaking at the Morgan Stanley Technology, Media and …
> Seifert told analyst Keith Weiss that 2022 will be all about growing Cloudflare's Zero Trust solution
Zero trust is a perfect description of how we should treat Cloudflare.
My only, but repeated, direct experience of their "services" is that they provide them to criminals indiscriminately. And that they totally ignore any reports of abuse.
Hello, Reg, can you please report on this, rather than deleting my post as previouisly?
-A..
FWIW your now-deleted previous post made what looked like a baseless accusation of criminal activity so a moderator removed it.
Also FWIW Cloudflare's pretty open about the position it takes: it doesn't want to decide what's right or wrong on the internet. It doesn't want to be the arbiter of what is allowed to be hosted. Eg:
Cloudflare: We dumped Daily Stormer not because they're Nazis but because they said we love Nazis
Cloudflare speaks out amid allegations it safeguards banned terror gangs' websites
If you report spam or malware-based abuse to Cloudflare, feel free to CC us in (news@theregister.com) and we'll take a look at the same time.
C.
Reg, you'll have to put up with our negative comments. Some of us really are being attacked by their customer base. They provide services to phishing sites that pay for click-through referrals. These referral payments encourage spamming from just about every random hijacked account on Earth, and that's difficult to filter.
Here's a good story for you: Find a phishing site behind Cloudflare and phone up their abuse department. Make sure you find a pure, low grade phishing site so there's no doubt about its purpose. It needs to have tons of fake security badges, fake privacy policy links, fake payment processor badges, and absolutely no legitimate business references. They won't read any e-mail so, yes, phone Cloudflare like it's the dark ages. They'll tell you to e-mail them but insist on escalating because credit card thefts are in progress. The nicest response I've heard is "go file a police report if it's illegal." See if you can actually accomplish anything.
I checked through my (in vain) abuse reports for the past 6 months. All legitimate web sites that were hacked to serve malware have been fixed. About half of the pure phishing sites are no longer using the same domain name. The other half are still up and collecting credit cards.
Negative comments about Cloudfare and El Reg are fine. Accusations of criminal activity by Cloudfare are likely to get taken down before El Reg gets a letter from m'learned friends. (They may be prepared to defend a libel action, but it'll be for an above-the-line story where the editor has had a chance to look at the evidence _before_ publishing.)
Thanks for taking the time to respond.
Not wishing to repeat the apparent offence, I will restate essence of the deleted post in different words.
So far as I know, Cloudflare doesn't dispute that it facilitates the diffusion of illegal online content, but asserts that it's none of their business. And so Cloudflare ignores reporting of such abuse, which is what reputable online service providers would call it. So, unless they are sticking their fingers in their ears and shouting LA LA LA I CAN'T HEAR YOU, they certainly know that it is happening.
I further stated that they profit from this self-evidently criminal activity. At the time I didn't know that there are free offers in their portfolio. Frankly this is no defence. No one forces them to put such obviously tasty offerings in front of crims.
Purely because of Cloudflare, I have now, very much against my better judgment, implemented RBL filtering on my MX, so I no longer get to see the offending spams. My position has always been that spam filtering is a mistake, and that we should agitate to ensure that spam is never sent in the first place by reporting abuse to service providers. This strategy simply doesn't work with Cloudflare, and that's why criminals use them.
-A.
Sent you a couple. m.4mshop.org is a long-term Cloudflare customer at the heart of multiple fake storefronts that are also using Cloudflare.
Cloudflare goes beyond ignoring what might be right or wrong. They sell anonymity to crime gangs just as much as they sell protection against DDoS from crime gangs.
The Register - Independent news and views for the tech community. Part of Situation Publishing
Biting the hand that feeds IT © 1998–2022
