alt Hacker NewsCan Someone Please Explain Whether Cloudflare Blackmailed Canonical?
Comments
"Renting attack capacity from [cloudflare]" is inaccurate as I understand things. That group hosts their site behind cloudflare but I have not seen anyone claim that cloudflare's infra is used for the attacks.
This whole article seems conflate hosting an informational site run by the attackers and hosting the attack itself.
Relevant post from last week:
> Why is Cloudflare protecting the DDoS'er (beamed.st) attacking Ubuntu servers?
Completly agree, cloudflare protects scammers on a huge scale and no one cares...
All the faceshops I have reporeted to cloudflare, all these phising pages behind cloudflare I reported, never came down.
None of them.
For a company making billions, protecting people, they should take this stuff serious.
I always assumed ubuntu was brought down to prevent ubuntu servers from patching copy.fail, so that hacking group could exploit as many targets during that time as possible
With this kind of logic we can blame keyboard manufacturers for the illegal things their products wrote.
Yes.
I find a similar pattern to Meta's scammer ads.
Huge publicly traded companies benefitting from the illegal actions of their clients, turning a blind eye, or conveniently delaying their takedowns.
Big companies need to absorb the liability of small companies, otherwise you get this delegated Sybil Good bank/Bad bank attack
That'd be extortion, not blackmail. CF did neither thing.
This is insanely dumb. Cloudflare is providing free hosting services, not materially supporting the attacker. You can argue that cloudflare needs to be better, or adopt different values towards, taking down sites they host, but this organization could absolutely just serve elsewhere (or just advertise their services over telegram or the like).
Maybe there is a point to be made about monopoly power in hosting and ddos protection. I don't really see how this blog post, or labelling it blackmail, help make that point.
It seems disingenuous to assume that CF offering some (unknown) amount of service to a malicious actor amounts to "blackmailing" someone that actor is attacking. CF could, and probably should, be better about not offering services to criminals but making a leap of logic certainly doesn't help anything.
Crimeflare - proudly extorting DDoS victims and protecting criminals while building a global surveillance dragnet since 2009!
The article puts it very succinctly: Cloudflare fronts attackers for free and bills the victims for relief.
Ddos protection services can be cast as a digital protection racket where they have a perverse incentive to keep attackers attacking. “It's a dangerous internet out there; you'd better pay us to protect your website from the attackers using our free tier.” At the least, even if there is no active collusion or profit sharing or anything like that, there is not a clear side that the DDos protector service is on?