Mastodon Feed
Reblogged by slightlyoff@toot.cafe ("Alex Russell"):
briankrebs@infosec.exchange ("BrianKrebs") wrote:
For what it's worth, I've always been confused by Cloudflare's official position on abuse, which is that they are not a hosting provider, but rather a pass-through, so it's not up to them to be arbiters of what's fine and not so fine.
But if you think about it, by that definition Cloudflare is the world's largest proxy network. Probably they don't use this term to describe their business because proxy providers are -- at least historically -- somewhat strongly associated with abuse.
Either way, if Cloudflare decides to stop proxying traffic for a particular customer, they are not being arbiters of free speech, as the CEO constantly claims. Because that customer's site will still be reachable. It simply won't enjoy the protection from DDoS attacks that Cloudflare offers for free.
Underneath all of these concerns, a lot of people in the security industry seem to believe that if Cloudflare were to somehow start clamping down on the rampant abuse of their services for cybercrime, then those bad actors will just move to someplace else where Western law enforcement and intelligence agencies have less visibility, like Russia's DDoS-Guard. That may be. But I say let's burn that bridge when we come to it.