(The Focal Project/Flickr)
I am not just a CloudFlare user. I am one of the very first CloudFlare users. I am so early that I actually have a private beta invite from Matthew Prince himself, from his time running Project Honey Pot.
I want to quote a passage from his email, verbatim:
I’m one of the co-founders of Project Honey Pot. Six years ago, a small engineering team and I set out to track online fraud and abuse. Over that time we’ve learned a ton about the threats websites face. Just over a year ago, that same team set out toward a new goal: give every website access to the performance and security resources previously reserved only for the Internet giants.
To accomplish that we created a new, free service called CloudFlare. Over the last few months we’ve been selectively inviting members of the Project Honey Pot community to participate in a private beta. They’ve been quietly kicking the tires before CloudFlare’s public launch the end of this month. As of today, we protect more than 1,000 websites, have served nearly 100 million page views through the system, stopped more than 3 million attacks, and on average increase page load performance by 35%.
We have been very quiet about CloudFlare in order to be able to launch publicly at a leading technology conference in a couple weeks. However, before we open the service to the public, we wanted to make sure every Project Honey Pot member had an opportunity to check it out.
I was so early to CloudFlare, ShortFormBlog was a low-four-digit number on its domain. And from this email, I have to ask myself, what the hell happened?
This week, CloudFlare has been intently targeted by online users upset that the company continues to host a highly controversial website called Kiwi Farms. (I’ll let other folks offer the scoop on it, but suffice it to say, not a fun place.) Given the company’s background in fighting fraud and abuse, it seems pretty shocking to know that the company’s response to this campaign has been complete radio silence. Not even reporters are breaking through to them, even to get a basic “no comment.”
Prince, as well as his company’s lieutenants (which include John Graham-Cumming, a famous technologist who got the British government to posthumously apologize to Alan Turing), have taken to shutting off replies on their tweets and stopping themselves from tweeting entirely, all in an effort to prevent their company from having to shut down a site when even people who are generally strong free-speech advocates, like First Amendment lawyer and famed blogger Ken “Popehat” White, are siding with the crowd.
https://twitter.com/Popehat/status/1562228984837877761
Now, to be clear, CloudFlare has been down this road before, famously in 2017, when it banned The Daily Stormer, an equally controversial site. Prince clearly seemed beside himself with the call, challenged to make peace with his desire for a free-speech approach and the fact that the company has to make a content call.
As he wrote back then:
We’re going to have a long debate internally about whether we need to remove the bullet about not terminating a customer due to political pressure. It’s powerful to be able to say you’ve never done something. And, after today, make no mistake, it will be a little bit harder for us to argue against a government somewhere pressuring us into taking down a site they don’t like.
I don’t think that anyone is expecting CloudFlare to get involved in every battle over content, but they’ve given themselves a reputation of only making a call in the most extreme cases. The current situation clearly reflects an extreme case, and one that as a company, they owe users a response more nuanced than radio silence.
I think the thing that bothers me the most, besides the knowledge that moving away from CloudFlare is really hard, is that it’s clear the company has moved away from its original mission to fight fraud and abuse, as in the words of Matthew Prince himself. They are a security company that is clearly not standing up for the security of the internet, which ultimately goes beyond DDOS attacks and ransomware. That is wrong.
I stood up and made the case for this company for years. And now I feel like all of that is for nothing. What happened?
Time limit given ⏲: 30 minutes
Time left on clock ⏲: 1 minute, 20 seconds
