Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
deadbabe 2 hours ago

They didn’t.

amatecha an hour ago | parent | next [-]

Yeah, probably not - because they don't explicitly have to, as outlined in the post. The very architecture of CF's services essentially enables "blackmail as a service" in the sense that, CF protects the attacker and essentially creates a coercive environment in which the victim "has" to pay CF to protect them from... the very attacker that CF protects.

superkuh an hour ago | parent | prev [-]

Right. It's more abstract than that. They protect (from legal consequence or even discovery) the attackers and host them on their infrastructure so they're untouchable. Then they sell the same "protection" to the victims. It's the classic mafia protection scam.

gruez an hour ago | parent | next [-]

>They protect (from legal consequence or even discovery) the attackers and host them on their infrastructure so they're untouchable

Victims can't file a subpoena to get account details?

superkuh an hour ago | parent [-]

I've never tried a subpoena. I've tried reporting them to ICANN for whois abuse contact violations and never received a response (after I recieved a response from cloudflare saying, "Go away, we don't care, sign up for our services and pay us to care."). Perhaps I should set up a gofundme or something for the thousands of dollars needed to get justice via subpoena.

If I were hosting illegal malicious actors doing this stuff on my home servers and refused to even say who was doing it I would 100% get my door kicked down by the FBI. But some persons, corporate persons, are more equal than others.

CrazyStat an hour ago | parent | next [-]

> If I were hosting illegal malicious actors doing this stuff on my home servers and refused to even say who was doing it I would 100% get my door kicked down by the FBI. But some persons, corporate persons, are more equal than others.

If you refused to tell some random person who asked? No, you wouldn’t. If you refused to respond to a legal authority—a court-issued subpoena, for example—then there would be consequences.

As far as cloudflare is concerned you’re just a random person asking. They have no legal obligation to provide you with information.

sophacles an hour ago | parent | prev | next [-]

No you wouldn't. Unless you failed to comply with subpoenas/warrants/etc for it.

That assumes of course that like Cloudflare you were hosting a web page and not the actual illegal activity, and were following the laws around hosting things.

gruez an hour ago | parent | prev [-]

>I've tried reporting them to ICANN and never received a response.

So ICANN is complicit too? After all, if we adopt your interpretation, in some way ICANN is also turning an blind eye, both to what cloudflare is supposedly doing and also to what the domain registrars are doing.

Xirdus an hour ago | parent [-]

ICANN doesn't get any kickbacks from Canonical needing to protect itself as far as I can tell. Cloudflare literally sells the protection.

joemi an hour ago | parent [-]

So ICANN is alright because they're protecting them for free, but Cloudflare is bad because they're protecting them for money?

Xirdus 31 minutes ago | parent [-]

In a way, yes, that makes it more okay. You can't have a conflict of interest if you have no interest. Cloudflare has clear interest in hosting the malicious actors and it's in clear conflict with providing services to their other users.

an hour ago | parent | prev [-]
[deleted]