They get shit on a lot here. Why? What do they do and how is that different from other companies that offer similar services?

What I know of them: they offer DDS brute force/spam protection for websites.

  • shellsharks@infosec.pub
    link
    fedilink
    English
    arrow-up
    3
    ·
    10 months ago

    A measured response to be sure. Thanks for writing it up. I’m definitely not the one who’s going to tell you for sure what CloudFlare should or should not do in this case or any other cases. It’s a tricky business to be in in terms of making those decisions. That said, I do think there is a line to be drawn SOMEWHERE, and because of this they would eventually need to deplatform something. If that signals to the regimes of the world that Cloudflare can be influenced than so be it, but to me (and I think a lot of the people who were going after Cloudflare during this time), Nazi’s (and those sites you mentioned, e.g. Kiwi Farms) are easy to draw lines for. Good thing I’m just a dude on Lemmy and not a high powered CF exec hah!

    • hedgehog@ttrpg.network
      link
      fedilink
      arrow-up
      1
      ·
      10 months ago

      You’re welcome, and thanks for the reply!

      I think drawing the line at nazis is a good idea in theory, but a very difficult one to implement in practice. For example:

      • If someone doesn’t self ID as a nazi, how do you determine that they are one?
      • What if the site’s owner self IDs as a nazi but this particular website is just a bunch of cooking recipes?
      • Suppose the site owner probably isn’t a nazi, but the site has a bunch of users and a subset of them are creating content that crosses the line, and the site has a hands off approach to content moderation. If the site is 1% nazi content and 99% fine, do you block them entirely unless they agree to remove nazi content? If not, at what threshold does that change? 10%? 51%?
      • Once you’ve done that and they’ve agreed, do you have to establish minimum response times for them to remove nazi content? If the nazi content isn’t taken down until half the site’s daily visitors have seen it, the content moderation isn’t very effective. But if you require them to act too fast, that could result in many people being refused service because of other bad actors.
      • The bad actors aren’t even necessarily nazis. If it’s known that Cloudflare refuses service to sites that leaves nazi content up for more than X amount of time, then it becomes feasible to take down a site that allows comments by registering a bunch of accounts and filling it with so much nazi content that the site’s moderation team can’t handle it in time. How do you prevent this?
      • Do you require them to ban nazis?
      • If they do, but the nazis just register new accounts, do you require them to detect that somehow? Do you have to build that capability and offer it yourself? Now you’re policing individual users. You’re inevitably going to end up stopping Grannie from registering for an account because of someone else - they jumped on her wifi, compromised a device on her network, or something along those lines.

      This is all pretty complicated, and I’ve barely scratched the surface.

      The revised line they drew with Kiwi Farms (as well as the “we follow US law” line they already had) is a much simpler one that’s still morally defensible:

      “We think there is an imminent danger, and the pace at which law enforcement is able to respond to those threats we don’t think is fast enough to keep up.”

      One word you used stuck out to me: “deplatform.” I wouldn’t call this deplatforming. I’m used to seeing that word used to refer to someone being removed from social media, having their YouTube channel shut down, having their podcast removed from Spotify, etc… I mentioned this in another comment on this post, but those situations are fundamentally different, and it follows that the criteria for doing so should be different. In that other comment I also talked a bit about why I think free speech is infringed if you can’t publish a website, but isn’t infringed if you can’t create a Facebook account.

      You also might find this Wired article interesting - it has quotes from and background about the CEO of Cloudflare related to the TDS’s removal, some insight into the internal company dialogue when that was all ongoing, etc…

      • shellsharks@infosec.pub
        link
        fedilink
        English
        arrow-up
        2
        ·
        10 months ago

        I’m taking a bit more literal interpretation of “de-platform”, which I agree is not the way it has been traditionally used. In my case, if a platform takes you down, you were just de-platformed =). As for the question of “what is a nazi?”, 100% agree in terms of “where is the line”. Yes, there are some very obvious cases that I think 100% of people would identify in the same way, but there is undoubtedly that pesky ol’ gray area (which as your bulleted list makes clear is a non-trivially large area) where things start to get a little more subjective. Sure, it’d be great if companies (like CloudFlare) smell-tested things in the same way I do haha but outside of that, it is no doubt difficult to define.