Hi all,

InternetNZ are working on a well-considered response and I do support them, but I don't think they are the only organisation or group where this should be discussed. Especially where operational decisions are involved which may have downstream effects.

I agree with Peter and Michael; the argument that "it's just content" and that ISPs have no role in layer 8+ policy decisions is a bit disingenuous, because we regularly filter our customers from bad things. We run spam filters, we block malware sites, we choose to stop working with abusive customers; we (try to) make the internet a hostile place for bad people to operate. This isn't censorship--they can still get content online--we just don't make it easy for them.

Cloudflare have taken a commercial position based on a very US-centric "free speech" world view that they, effectively, shouldn't try to do any of this. Personally, I can understand their position, but I don't agree with it. Lacking any US amendment, the seemingly only way to change this commercial position is to apply commercial pressure, which is the point that Peter is making; is anyone considering operational changes to apply commercial pressure?

I know on the consumer side, at $DAYJOB we're looking at edge services. Cloudflare are of course one of the options. Based on my personal experience with my free account I was going to strongly back them, but their continued non-response to these events has made me reconsider that and my personal IT involvement with them.

Thanks,
Jed.

On Fri, 3 May 2019 at 11:06, Peter Lambrechtsen <peter@crypt.nz> wrote:

I have tried tweeting��eastdakota when I was doxed and haven't had a response. If you get a response I would be interested.

But I highly recommend you ask him the pointed question about the AUP of Cloudflare as brevity of it speaks volumes:

https://www.cloudflare.com/terms/

And ask him why *all* the most vile sites on the internet seem to only use his services for WAF/DDoS protection and none of the other providers and why he doesn't do anything about it. It's no mistake that there isn't any validation of the email address you use when signing up to the Cloudflare service.

Cheers, Peter

On Fri, May 3, 2019 at 10:44 AM Mehmet Akcin <mehmet@akcin.net> wrote:
If you have concerns, email the ceo or tweet him @eastdakota. Good guy, reasonable, and he will take time respond. I know people who work there. They are not going to let anyone malicious use their platform knowingly.

��Mehmet

On Thu, May 2, 2019 at 15:14 Michael Fincham <michael@hotplate.co.nz> wrote:
On Fri, 3 May 2019 09:10:50 +1200
Jonathan Brewer <jon.brewer@gmail.com> wrote:

> InternetNZ is the forum to discuss this, not NZNOG.

Engineers have a personal responsibility to ensure that the actions they take, even on behalf of an employer, are ethically right.

I do think therefore this is a discussion for NZNOG, being as it is a community of engineers who do the implementing.

--
Michael
_______________________________________________
NZNOG mailing list
NZNOG@list.waikato.ac.nz
https://list.waikato.ac.nz/mailman/listinfo/nznog

--
Mehmet
+1-424-298-1903
_______________________________________________
NZNOG mailing list
NZNOG@list.waikato.ac.nz
https://list.waikato.ac.nz/mailman/listinfo/nznog

_______________________________________________
NZNOG mailing list
NZNOG@list.waikato.ac.nz
https://list.waikato.ac.nz/mailman/listinfo/nznog