Hi Stuart

I thought I would respond publicly as I have received a number of emails offline over the past months.

My expectations are extremely low after attempting to raise awareness of this situation with various parties (including InternetNZ and others). Oddly��enough the more convincing topic was to talk about the fact that Cloudflare host the majority if nor all Revenge Porn sites rather than the fact they host Terrorist or White Supremacist sites. It did surprise me as Cloudflare have worked hard on the SEO for Terrorism but not so much Revenge Porn. If they do in the future work on their SEO in that area it will further speak volumes about their business practices and lack of ethics.

Roughly the responses fall into three groups:

- Understanding and accepting that the company has no morals or ethics and refusing to do further business with them. This will be the absolute minority and if you get more than 10% traction I will be impressed.

- Apathy towards Cloudflare and their business practices when highlighted. This will be the majority of responses and it is disheartening to say the least. Typically the apathy will be because the viable DDoS alternatives to Cloudflare are either cost prohibitive or not hosted within the NZ/AU regions so moving to alternatives would significantly reduce the sites performance. Included in this group are folks that say Facebook and Twitter were the most to blame and focus their attention there rather than the fact the stream was initially published on sites protected by Cloudflare and disseminated from there.

- Hostile disagreement towards any limitations on Cloudflare due to their strong Free Speech approach and lack of interest to be the "Internet Police". When examples of certain sites protected by Cloudflare reveling in doxing people that leads to physical harm from other site members or individuals suicide they tend to not respond further. But again the minority of people but even more disheartening than the second group.

I've contacted the majority of large ISPs within NZ, and none of them have any immediate plans to change peering agreements with Cloudflare. The consistent response is that it should be a unified response from all ISPs in NZ rather than one ISP taking a unilateral decision. So far nothing has happened in that area either.

Lastly I was emailed off list by a number of people saying not to have any expectations on NZNOG to actually do anything. I think it was best summed up as "Welcome to the dumpster fire that is NZNOG, good luck getting any traction".

So while an Australian white supremacist was radicalised online and came to our country on the express purpose to kill a religious minority. Asking them to actually do something rather than shift blame seems too much to ask for.

I wish you the best of luck.

Kind regards

Peter

On Tue, Jul 9, 2019 at 7:49 PM stuart pilling <stuart.pilling@gmail.com> wrote:

Hi All,

��

A long time lurker, but this one seems to be well worth the wait.�� Can someone online or offline please provide a list of those houses that use/support cloudflare as their infrastructure partner of choice.�� I don���t really want to wade through the DNC records looking for cloudflare DNS entries.�� Commercial pressure comes from business that buy services as well.

��

Cheers

��

Stu

��

From: nznog-bounces@list.waikato.ac.nz [mailto:nznog-bounces@list.waikato.ac.nz] On Behalf Of Jed Laundry
Sent: Friday, 3 May 2019 11:21 a.m.
To: Peter Lambrechtsen; nznog
Subject: Re: [nznog] Using Cloudflare after Christchurch

��

Hi all,

��

InternetNZ are working on a well-considered response and I do support them, but I don't think they are the only organisation or group where this should be discussed. Especially where operational decisions are involved which may have downstream effects.


I agree with Peter and Michael; the argument that "it's just content" and that ISPs have no role in layer 8+ policy decisions is a bit disingenuous, because we regularly filter our customers from bad things. We run spam filters, we block malware sites, we choose to stop working with abusive customers; we (try to) make the internet a hostile place for bad people to operate. This isn't censorship--they can still get content online--we just don't make it easy for them.


Cloudflare have taken a commercial position based on a very US-centric "free speech" world view that they, effectively, shouldn't try to do any of this. Personally, I can understand their position, but I don't agree with it. Lacking any US amendment, the seemingly only way to change this commercial position is to apply commercial pressure, which is the point that Peter is making; is anyone considering operational changes to apply commercial pressure?

I know on the consumer side, at $DAYJOB we're looking at edge services. Cloudflare are of course one of the options. Based on my personal experience with my free account I was going to strongly back them, but their continued non-response to these events has made me reconsider that and my personal IT involvement with them.

Thanks,
Jed.

��

On Fri, 3 May 2019 at 11:06, Peter Lambrechtsen <peter@crypt.nz> wrote:

I have tried tweeting��eastdakota when I was doxed and haven't had a response. If you get a response I would be interested.

��

But I highly recommend you ask him the pointed question about the AUP of Cloudflare as brevity of it speaks volumes:

��

��

And ask him why *all* the most vile sites on the internet seem to only use his services for WAF/DDoS protection and none of the other providers and why he doesn't do anything about it. It's no mistake that there isn't any validation of the email address you use when signing up to the Cloudflare service.

��

Cheers, Peter

��

On Fri, May 3, 2019 at 10:44 AM Mehmet Akcin <mehmet@akcin.net> wrote:

If you have concerns, email the ceo or tweet him @eastdakota. Good guy, reasonable, and he will take time respond. I know people who work there. They are not going to let anyone malicious use their platform knowingly.

��

���Mehmet

��

On Thu, May 2, 2019 at 15:14 Michael Fincham <michael@hotplate.co.nz> wrote:

On Fri, 3 May 2019 09:10:50 +1200
Jonathan Brewer <jon.brewer@gmail.com> wrote:

> InternetNZ is the forum to discuss this, not NZNOG.

Engineers have a personal responsibility to ensure that the actions they take, even on behalf of an employer, are ethically right.

I do think therefore this is a discussion for NZNOG, being as it is a community of engineers who do the implementing.

--
Michael
_______________________________________________
NZNOG mailing list
NZNOG@list.waikato.ac.nz
https://list.waikato.ac.nz/mailman/listinfo/nznog

--

Mehmet
+1-424-298-1903

_______________________________________________
NZNOG mailing list
NZNOG@list.waikato.ac.nz
https://list.waikato.ac.nz/mailman/listinfo/nznog

_______________________________________________
NZNOG mailing list
NZNOG@list.waikato.ac.nz
https://list.waikato.ac.nz/mailman/listinfo/nznog