Talk:Cloudflare/Archives/2017

CloudFlare Watch
Cryptome recently announced a new website called CloudFlare Watch -- see http://cryptome.org/2012/07/cloudflare-watch.htm Cryptome is often cited in Wikipedia, and this particular Cryptome announcement was also picked up by Google News. But there is no mention of this new website, which is critical of CloudFlare, in this Wikipedia article. 66.87.0.132 (talk) 14:25, 10 July 2012 (UTC)
 * I've added it to the external links section, but I don't believe that's notable enough to be mentioned in the main body of the article. In addition, Daniel Brandt made the announcement; Cryptome simply published the announcement. Cryptome doesn't write the contents; it published letters, documents, and such that other people send to it. WP:PRIMARY applies here, and there aren't any reliable secondary sources that mention CloudFlare Watch. --Michaeldsuarez (talk) 15:27, 10 July 2012 (UTC)


 * Removed. We need at least a modicum of notability for something like this, seeing how any Tom, Dick, or Dann Harry can start up a blog and critique away. Tarc (talk) 23:40, 10 July 2012 (UTC)


 * Lol, I thought CloudFlare Watch was a legitimate website with legitimate complaints until I actually visited it. — Preceding unsigned comment added by 108.185.88.189 (talk) 14:25, 19 May 2014 (UTC)


 * As CloudFlare Watch, aka CrimeFlare, conducts defacement attacks on websites that use CloudFlare, I don't think Wikipedia should include direct links to crimeflare.com. KiloByte (talk) 00:04, 29 October 2014 (UTC)

Semi-protected edit request on 10 April 2014
Yoorshop (talk) 06:52, 10 April 2014 (UTC)
 * Where would the cite fit in? Sam Sailor Sing 11:00, 10 April 2014 (UTC)
 * Red question icon with gradient background.svg Not done: it's not clear what changes you want made. Please mention the specific changes in a "change X to Y" format. (t) Josve05a  (c) 13:34, 10 April 2014 (UTC)

Reputation
It doesn't seem to make sense trying to critique a CDN's reputation especially when it's of face value. Cloudflare is a CDN, not a host in the first place.

http://sitevet.com/db/asn/AS13335 http://www.crimeflare.com/target2.html http://docs.house.gov/meetings/FA/FA18/20150127/102855/HHRG-114-FA18-Wstate-KohlmannE-20150127.pdf — Preceding unsigned comment added by Gph004 (talk • contribs) 18:36, 27 February 2015 (UTC)

"Bad host" references
In the article, "SiteVet Beta" and "Host Exploit" is used as references to claims that CloudFlare is one of the world's worst hosts.

Firstly, the SiteVet "Beta" is still "Beta" and has no other data on its website other than March 2014. That data is taken directly from the "Host Exploit" website.

"Host Exploit" has not published data since March 2014 and seems all but convincing. Neither "SiteVet" nor "Host Exploit" has Wikipedia articles.

I propose to remove these sentences from the article: "As of March 2014, CloudFlare was ranked in the top 10 of the world's worst hosts and networks based on malicious traffic it hosts by SiteVet Beta.[29] It was also ranked in the 7th rank among the top 50 Bad Hosts by Host Exploit.[30]" Palelnan (talk) 10:42, 25 June 2015 (UTC)

Needs "How It Works" Section
The lede is probably technically correct but I don't understand a word of it, yet I think I know what a CDN does and how it works. What I think I know is that a CDN delivers usually static data (like images) to a website visitor's browser when they visit a web page. Say for example Visitor "A" visits website "B". While some, most or all of the data from the website might come from website "B" 's Server, some, or even most of that data might come from the CDN (Content Delivery Network), for example Cloudflare. So, data from both "B" (the website server) and "C" (the CDN) is being downloaded simultaneously to the visitor "A" 's browser. The visitor sees none of this, however they do notice a significant improvement in page load times, as the data is coming from multiple sources (B and C) instead of just one (B). Result: Faster page load times, better browser/User experience.

That's what I think I know, and I bet 90% of the internet population do not know this, so they are going to get even less meaning from the lede than I did. There may be other reasons why a website might use a CDN. Those should be described in layman's terms also.Jonny Quick (talk) 04:32, 12 July 2015 (UTC)

Cloudflare and Censorship
https://torrentfreak.com/cloudflare-forced-to-censor-anti-censorship-site-150710/

Recent article about a court ordering Cloudflare to either do or not-do "something" regarding a site "grooveshark". The article does not explain the legal theory of how or why a court could prevent a Content Delivery Network from delivering data to an "infringing" website. I fail to see a reasoned justification for the "censorship" and am concerned about what the court's limits are, or if it has any at all. At this point, it appears to me that the court is ordering Cloudflare to not deliver content to any domain name with the word(s) "Grooveshark" in it. If this is the case, what if I run a site "Groovesharksucks(dot com)", in the tradition of "walmartsucks (dot com)". This is where I (mentally) "go" when I read this torrentfreak article, and I wish Wikipedia would provide more substantive and encyclopedic information with regard to these questions and concerns.Jonny Quick (talk) 17:13, 12 July 2015 (UTC)
 * Wikipedia is not a place for legal questions. If some other sources publish information about that we might be able to update the article. The court did say that cloudflare should watch out for customers that use those terms in the domain name but left it up to the plaintiff to police for infringing content. The content of the domain is what would be used to consider whether the site infringes on trademark or copyright of which there articles that explain that, This incident by itself does not seem to be "encyclopedic. Jadeslair (talk) 17:36, 12 July 2015 (UTC)


 * Wikipedia is not a place for legal questions I just think that's a silly statement to make.  There's no "legal question" here, and if there were a "legal question", there's no reason why wikipedia can't be used to lend some clarity in layman's terms.  You've over-generalized the subject in order to dismiss it; making it sound like it's some kind of exotic and high-level legalistic concept that requires an advanced degree in order to understand well enough to add to wikipedia, and then understand as an average wikipedia reader.  Both of those are wrong, your assertion is stupid and counter-productive.  I shouldn't have to post these remarks because you shouldn't be here making them, so in case you are tempted to try to redefine the situation here, make sure you start out with the idea that you said something really stupid, take responsibility for that stupid remark, make a commitment to stop making stupid remarks in the future and also leave this article alone, as you clearly haven't the ability to do anything here but make a good article bad, instead of making a good article better.


 * The "legal theory" is absolutely relevant to both wikipedia (and this article), as well as cloudflare in general as the judge that issued the court order is holding a Content Delivery Network liable for the "content" that their subscribers are paying them to "deliver". Similar to a trucking company being held legally liable for what the newspapers it delivers have published.  Of COURSE the "legal theory" that the plaintiff (and the judge) used to hold the trucking company responsible for what the newspaper publisher said is ABSOLUTELY relevant to this article.  Duh.  Maybe someday some judge will hold wikipedia responsible for the stupid things that you say online.  Meanwhile, your retarded personality will still be advocating that wikipedia avoid delving into all those scary (to you) "legal issues".  Maybe you should just shut down the computer have have some warm milk and cookies instead.  This internet stuff seems to be WAY too much for you.Jonny Quick (talk) 06:04, 14 July 2015 (UTC)
 * oh, well I was trying to help. I gave you some good information. I think you got hung up on the first sentence. The information is only relevant if there are reliable sources about it. Provide some and I will edit the article or be bold and edit it yourself. In any case there is no need for personal attacks. Jadeslair (talk) 06:42, 14 July 2015 (UTC)

Controversy section and citations
Note: I work for CloudFlare & obviously wouldn't edit the page. I do, however, have concerns over some of the citations/content on the page.

"As of March 2014, CloudFlare was ranked in the top 10 of the world's worst hosts and networks based on malicious traffic it hosts by SiteVet Beta.[31]" This site hasn't been updated with any content since 2014. It also really seems to contradict what Google reports at: http://www.google.com/transparencyreport/safebrowsing/malware/#region=ALL&period=365&size=LARGEST&compromised&attack&asn=46844&aggregation=RATE&page=1


 * It does not matter when a site has been updated but you are right, it is not a reliable third party site. Jadeslair (talk) 01:05, 11 August 2015 (UTC)

And: http://www.google.com/transparencyreport/safebrowsing/malware/#region=ALL&period=365&size=LARGEST&compromised&attack&asn=46844&aggregation=RATE&page=1 (Google shows 1%). CloudFlare also proactively works with a number of providers to combat phishing and malware directly.

CloudFlare, (13335) 786,762	9,631 (1%)	11%

Damoncloudflare (talk) 21:51, 10 August 2015 (UTC)damoncloudflare

"The site protects a great many credit card fraud sites such as Rescator.[33]" Crimeflare.com is hardly a reliable third-party resource (fundamentally no different than pointing to something like Walmartsucks.com or Googlesucks.com). We don't host the content in question & we do follow legal processes for removing sites from our network.Damoncloudflare (talk) 21:51, 10 August 2015 (UTC)damoncloudflare
 * I wrote the wiki page on Rescator and found the page via this route, that's why it's mentioned. Due to your comment I've now added more sources on the Rescator / Cloudflare partnership. It does appear there is a systemic use of Cloudflare by crime forums, and given how relatively regularly they attack one another, it must be a popular service for them. I know there are always ongoing law enforcement operations within the major sites themselves to bring them down, and so there is little gain in disconnecting them. There are also so many that DDOSing one or two wouldn't affect the ecosystem as a whole. Anyhow, I have more work to do on the Carding (fraud) page so expect to see another cloudflare mention there. Deku-shrub (talk) 23:18, 10 August 2015 (UTC)
 * talk

Ok, but the edit to Rescator seems to indicate that we host the site. CloudFlare does not host content and/or websites for any site that happens to use our network. Damoncloudflare (talk) — Preceding unsigned comment added by 2400:CB00:F00D:5CA1:6526:6363:7337:49A2 (talk) 23:20, 13 August 2015 (UTC)
 * Amended Deku-shrub (talk) 00:27, 14 August 2015 (UTC)

You are not using valid sources in some cases, crimeflare is not a valid source. since there is a possible Libel issue I am removing some of the bad sources. Blog posts are not appropriate in many cases, maybe the WSJ one is good. I am not saying you added all these, I have not gone through the diffs. If you try to restore them then I will just bring it to the Reliable sources/Noticeboard
 * . The house doc is not a valid source unless it's information is published in the news, WP:SECONDARYJadeslair (talk) 01:04, 11 August 2015 (UTC)

"Two of ISIS' top three online chat forums are guarded by CloudFlare but U.S. law enforcement has not asked them to discontinue the service." CloudFlare provides website protection to websites, which is fundamentally no different than using something like mod_security or a security plugin on a site, and these topics have been covered at length in a variety of verifiable third-party resources (we will also gladly work with law enforcement that follows due process). We don't monitor content that flows through our network, but we do have processes for dealing with these items that follow the letter of the law.

https://www.techdirt.com/articles/20150411/06282330616/anonymous-targeting-cloudflare-seems-to-go-against-anonymous-history.shtml

Damoncloudflare (talk) 21:51, 10 August 2015 (UTC)damoncloudflare
 * The DDOS protection (and low price point) is a USP, even if the attack signature verification is fundamentally a mod_security implementation. These sites would have less stable uptime if not for the protection offered, though I don't know how distributed jihadist websites are or not. Deku-shrub (talk) 23:18, 10 August 2015 (UTC)
 * The uptime really isn't an issue. If CloudFlare simply removed the sites from our network, then the sites would still resolve online. Simply removing a site from our network wouldn't solve the problem that people think it will (the site would need to come down at the hosting provider & we don't host the websites). And, of course, people do need to consider the fact that law enforcement may actually want certain sites online for investigation.


 * While I wouldn't consider this for actual citation or publication on Wikipedia, we do cover a lot of the issues with controversial sites at: https://blog.cloudflare.com/cloudflare-and-free-speech/
 * Damoncloudflare (talk — Preceding unsigned comment added by 2400:CB00:F00D:5CA1:55B8:45CF:C9CD:8608 (talk) 22:59, 13 August 2015 (UTC)
 * It's like you didn't read my comment at all. By providing sites DDOS and hacking protection against their rivals, Cloudflare plays a part in stabilizing their ecosystem and improving their uptime Deku-shrub (talk) 00:31, 14 August 2015 (UTC)

Actually, I did read your comments.

Two things: 1. We don't host the website(s). Removing the site(s) would not impact their availability online (they just might be a little slower). They would still be there without CloudFlare. And, as I also mentioned, there is a process for working these issues for removal from our network that requires due process. If you read the article on our position on the internet, then it brings a little more clarity on where we sit in the internet ecosystem. If you want a private company deciding what content on the internet is good or not, then there are far larger issues to discuss.

2. Law enforcement may actually want sites online so they can do their investigation(s).

Damoncloudflare (talk

Damoncloudflare, I suggest you talk to whoever is in charge. You have a crisis management issue. If some more news sources pop up you will likely only have a criticism section. Credit card fraud is not free speach. I am not helping you, I am just trying to keep the article neutral and use valid sources. Jadeslair (talk) 02:57, 14 August 2015 (UTC)

We are not against having a criticism section and/or having a rational discussion about the issues at play. Given the size of the CloudFlare network & the number of sites on our network, there will be issues where some people don't like what is on the network. Having worked at PayPal, I am also not unfamiliar with issues related to credit card fraud and/or how law enforcement looks at carding sites. We will also gladly work with law enforcement requests that follows a particular process through our abuse and compliance teams.


 * Damoncloudflare (talk

Damon says, "1. We don't host the website(s). Removing the site(s) would not impact their availability online (they just might be a little slower). They would still be there without CloudFlare."

This is disinformation. The exact same line is frequently used by CloudFlare employees when contacted by the press; it must be a CEO-required mantra. The truth is that the site would be unreachable within minutes, because the default TTL (time-to-live) for CloudFlare's nameservers is a mere five minutes. Until the site owner arranges for a new DNS provider, that site is gone. And other DNS providers do not normally hide the original IP address where the site is located, which presents a huge problem for the criminals and misfits who love CloudFlare. See: http://www.crimeflare.com/damon.html for more info. Silivalley (talk) 14:07, 14 August 2015 (UTC)

NOTE: I work at Cloudflare and don't want to change the controversy section, but can someone clean up the first sentence in the section, while also clarifying that Cloudflare is not a host? It's notable that despite not actually being a host it made the list.

Proposed: Though not a web host, Cloudflare was ranked 7th on the list of top 50 Bad Hosts by HostExploit in 2014.

— Preceding unsigned comment added by Ryanknight24 (talk • contribs) 22:23, 5 April 2017 (UTC)

unreliable source
I have posted one link used on here in the Reliable sources Noticeboard.Jadeslair (talk) 02:49, 14 August 2015 (UTC)
 * What source are you referring to and can you link the discussion? Let's see if we can replace it. Meatsgains (talk) 19:51, 28 February 2016 (UTC)
 * This was the short discussion bout crimeflare, now archived: Reliable_sources/Noticeboard/Archive_194 — Preceding unsigned comment added by 72.185.223.102 (talk) 01:12, 29 February 2016 (UTC)
 * I see. Seems far from reliable to me. Looks like an outdated site with no credibility. Meatsgains (talk) 02:38, 29 February 2016 (UTC)

Tor
It's worth mentioning that CloudFlare censors Tor users : - https://people.torproject.org/~lunar/20160331-CloudFlare_Fact_Sheet.pdf - https://blog.torproject.org/blog/trouble-cloudflare - https://trac.torproject.org/projects/tor/ticket/18361 — Preceding unsigned comment added by 131.254.145.74 (talk) 09:18, 20 May 2016 (UTC)

Largest ever DDoS attack
The History section makes multiple mentiones to “largest-ever recorded” DDoS attacks. It should be noted that these were only new records at the time, and do not currently hold. (As of last month's 1 Tbps attacks on OVH) 87.165.24.224 (talk) 19:53, 21 October 2016 (UTC)

Proposed merge with Michelle Zatlyn
notability is from Cloudflare, and not independent of it. (The other founders also have no BLP.) Widefox ; talk 09:25, 27 February 2017 (UTC)
 * Weak oppose - Even though no other co-founders have BLPs, Zatlyn is detailed in several RS: Forbes, Silicon Republic, Huff Po, and another Huff Po article. Meatsgains (talk) 19:43, 1 March 2017 (UTC)
 * Merge only notable for one company. Is there a second company or other notable activity/event? Jtbobwaysf (talk) 21:47, 26 March 2017 (UTC)
 * Update: Given that the Michelle Zatlyn article has apparently been deleted, this seems somewhat of a moot point. The template at the top of the article indicating the proposed merge-in of a redlink makes no useful sense and I am removing it. -- HarJIT (talk) 14:50, 8 June 2017 (UTC)

Should We add "crimeflare.org"
crimeflare.org is a website "anti" cloudflare for their Effort to help cybercriminals hide their host-ip. — Preceding unsigned comment added by Hieu pham The son (talk • contribs) 15:26, 15 June 2017 (UTC)
 * Absolutely not. Meatsgains (talk) 16:04, 15 June 2017 (UTC)

Daily Stormer controversy
I have a feeling this is going to end up on the article. So here we go, digging for some sources and choice bits.


 * https://www.theverge.com/2017/8/16/16157710/cloudflare-daily-stormer-drop-russia-hate-white-nationalism
 * Journo contacted with Prince.
 * “This was my decision, I don’t think it’s CloudFlare’s policy and I think it’s an extremely dangerous decision in a lot of ways,” Prince said. “I think that we as the internet need to have a conversation about where the right place for content restriction is...but there was no way we could have that conversation until we resolved this particular issue.”
 * According to Prince, the last straw wasn’t an official post, but a comment by one of the site’s readers. “The thing that ultimately upset me was that on their forums, they were saying ‘Hey CloudFlare is one of us,’ which we aren’t,” Prince said. “So I got tired of it and pulled the plug.” Prince elaborated more on the reasoning in a blog post on CloudFlare’s site.
 * http://www.businessinsider.com/the-daily-stormer-got-pushed-offline-by-hackers-2017-8 http://archive.is/hXzEE
 * Until today, Cloudflare had never dropped a customer due to political pressure.
 * attackers took down the neo-Nazi site as soon as Cloudflare stopped protecting it
 * https://www.reuters.com/article/us-virginia-protests-tech-idUSKCN1AW2L5
 * "I woke up this morning in a bad mood and decided to kick them off the internet," Cloudflare founder and Chief Executive Matthew Prince said in an email to employees.
 * https://blog.cloudflare.com/why-we-terminated-daily-stormer/
 * The tipping point for us making this decision was that the team behind Daily Stormer made the claim that we were secretly supporters of their ideology.
 * https://www.wired.com/story/cloudflare-daily-stormer/
 * To top it off, here is an archived copy of a response from Anglin, on the new deep web Daily Stormer (Remove the spaces:   https:// web.archive.org/web/20170818081957/https:// dstormer6em3i4km.onion.link/matthew-prince-of-cloudflare-admits-he-killed-the-internet-because-he-thinks-andrew-anglin-is-an-asshole/ ):
 * In response to  “The tipping point for us making this decision,” Prince wrote in the blog, “was that the team behind Daily Stormer made the claim that we were secretly supporters of their ideology.” , Anglin writes:
 * And that, is absolute fucking bullshit.
 * It is simply a lie.
 * Which is why he didn’t provide a source for the claim. I have never said that, weev has never said that, no one on my team has ever said that.

--Nanite (talk) 06:15, 17 August 2017 (UTC)


 * I agree with the addition of this, it was a big deal for them to kick off a supremacist website. ValarianB (talk) 14:59, 22 August 2017 (UTC)