Re: [nznog] Using Cloudflare after Christchurch

9 Jul 2019

      Hi Stuart

I thought I would respond publicly as I have received a number of emails
offline over the past months.

My expectations are extremely low after attempting to raise awareness of
this situation with various parties (including InternetNZ and others).
Oddly enough the more convincing topic was to talk about the fact that
Cloudflare host the majority if nor all Revenge Porn sites rather than the
fact they host Terrorist or White Supremacist sites. It did surprise me as
Cloudflare have worked hard on the SEO for Terrorism but not so much
Revenge Porn. If they do in the future work on their SEO in that area it
will further speak volumes about their business practices and lack of
ethics.

Roughly the responses fall into three groups:

- Understanding and accepting that the company has no morals or ethics and
refusing to do further business with them. This will be the absolute
minority and if you get more than 10% traction I will be impressed.

- Apathy towards Cloudflare and their business practices when highlighted.
This will be the majority of responses and it is disheartening to say the
least. Typically the apathy will be because the viable DDoS alternatives to
Cloudflare are either cost prohibitive or not hosted within the NZ/AU
regions so moving to alternatives would significantly reduce the sites
performance. Included in this group are folks that say Facebook and Twitter
were the most to blame and focus their attention there rather than the fact
the stream was initially published on sites protected by Cloudflare and
disseminated from there.

- Hostile disagreement towards any limitations on Cloudflare due to their
strong Free Speech approach and lack of interest to be the "Internet
Police". When examples of certain sites protected by Cloudflare reveling in
doxing people that leads to physical harm from other site members or
individuals suicide they tend to not respond further. But again the
minority of people but even more disheartening than the second group.

I've contacted the majority of large ISPs within NZ, and none of them have
any immediate plans to change peering agreements with Cloudflare. The
consistent response is that it should be a unified response from all ISPs
in NZ rather than one ISP taking a unilateral decision. So far nothing has
happened in that area either.

Lastly I was emailed off list by a number of people saying not to have any
expectations on NZNOG to actually do anything. I think it was best summed
up as "Welcome to the dumpster fire that is NZNOG, good luck getting any
traction".

So while an Australian white supremacist was radicalised online and came to
our country on the express purpose to kill a religious minority. Asking
them to actually do something rather than shift blame seems too much to ask
for.

I wish you the best of luck.

Kind regards

Peter

On Tue, Jul 9, 2019 at 7:49 PM stuart pilling 
wrote:
...
Hi All,
A long time lurker, but this one seems to be well worth the wait.  Can
someone online or offline please provide a list of those houses that
use/support cloudflare as their infrastructure partner of choice.  I don’t
really want to wade through the DNC records looking for cloudflare DNS
entries.  Commercial pressure comes from business that buy services as well.
Cheers
Stu
*From:* nznog-bounces(a)list.waikato.ac.nz [mailto:
nznog-bounces(a)list.waikato.ac.nz] *On Behalf Of *Jed Laundry
*Sent:* Friday, 3 May 2019 11:21 a.m.
*To:* Peter Lambrechtsen; nznog
*Subject:* Re: [nznog] Using Cloudflare after Christchurch
Hi all,
InternetNZ are working on a well-considered response and I do support
them, but I don't think they are the only organisation or group where this
should be discussed. Especially where operational decisions are involved
which may have downstream effects.
I agree with Peter and Michael; the argument that "it's just content" and
that ISPs have no role in layer 8+ policy decisions is a bit disingenuous,
because we regularly filter our customers from bad things. We run spam
filters, we block malware sites, we choose to stop working with abusive
customers; we (try to) make the internet a hostile place for bad people to
operate. This isn't censorship--they can still get content online--we just
don't make it easy for them.
Cloudflare have taken a commercial position based on a very US-centric
"free speech" world view that they, effectively, shouldn't try to do any of
this. Personally, I can understand their position, but I don't agree with
it. Lacking any US amendment, the seemingly only way to change this
commercial position is to apply commercial pressure, which is the point
that Peter is making; is anyone considering operational changes to apply
commercial pressure?
I know on the consumer side, at $DAYJOB we're looking at edge services.
Cloudflare are of course one of the options. Based on my personal
experience with my free account I was going to strongly back them, but
their continued non-response to these events has made me reconsider that
and my personal IT involvement with them.
Thanks,
Jed.
On Fri, 3 May 2019 at 11:06, Peter Lambrechtsen  wrote:
I have tried tweeting eastdakota when I was doxed and haven't had a
response. If you get a response I would be interested.
But I highly recommend you ask him the pointed question about the AUP of
Cloudflare as brevity of it speaks volumes:
https://www.cloudflare.com/terms/
And ask him why *all* the most vile sites on the internet seem to only use
his services for WAF/DDoS protection and none of the other providers and
why he doesn't do anything about it. It's no mistake that there isn't any
validation of the email address you use when signing up to the Cloudflare
service.
Cheers, Peter
On Fri, May 3, 2019 at 10:44 AM Mehmet Akcin  wrote:
If you have concerns, email the ceo or tweet him @eastdakota. Good guy,
reasonable, and he will take time respond. I know people who work there.
They are not going to let anyone malicious use their platform knowingly.
‘Mehmet
On Thu, May 2, 2019 at 15:14 Michael Fincham 
wrote:
On Fri, 3 May 2019 09:10:50 +1200
Jonathan Brewer  wrote:
...
InternetNZ is the forum to discuss this, not NZNOG.
Engineers have a personal responsibility to ensure that the actions they
take, even on behalf of an employer, are ethically right.
I do think therefore this is a discussion for NZNOG, being as it is a
community of engineers who do the implementing.
--
Michael
_______________________________________________
NZNOG mailing list
NZNOG(a)list.waikato.ac.nz
https://list.waikato.ac.nz/mailman/listinfo/nznog
--
Mehmet
+1-424-298-1903
_______________________________________________
NZNOG mailing list
NZNOG(a)list.waikato.ac.nz
https://list.waikato.ac.nz/mailman/listinfo/nznog
_______________________________________________
NZNOG mailing list
NZNOG(a)list.waikato.ac.nz
https://list.waikato.ac.nz/mailman/listinfo/nznog