alt.hn

5/11/2026 at 6:12:38 PM

Can someone please explain whether Cloudflare blackmailed Canonical?

 https://www.flyingpenguin.com/can-someone-please-explain-whether-cloudflare-blackmailed-canonical/

by speckx

5/11/2026 at 7:00:02 PM

"Renting attack capacity from [cloudflare]" is inaccurate as I understand things. That group hosts their site behind cloudflare but I have not seen anyone claim that cloudflare's infra is used for the attacks.

This whole article seems conflate hosting an informational site run by the attackers and hosting the attack itself.

by jwitthuhn

5/11/2026 at 8:30:41 PM

In The Before Times, there were very few problematic DDOS operations because... they would all DDOS one another offline. Websites, control infrastructure, anything.

DDOS protection services were provided by companies like Akamai; call for pricing, big companies only, absolutely no anonymous sign-ups.

Cloudflare revolutionised the industry by providing free DDOS protection to anyone, including DDOS-for-hire services. Preventing them from DDOSing one another offline really let the DDOS industry take flight.

by michaelt

5/11/2026 at 10:58:49 PM

It's been a well known story around Cloudflare from the beginning that they protect booters and other cybercrime actors just like any other (paying or non-paying) customer.

If you report the DDoS-for-hire actors that offer their services on forums where such things are offered openly, they reply with a template that freely interpreted say something along the lines that they can do nothing and who is a crimininal is .. like, just your opinion, man (checks notes) they say here they are a legit load tester operation, so nothing really we can do.

You can say they entered the scene because DDoS exploded in popularity, but you could just as easily make the argument it was the other way around. Make of that what you will but they sure made a lot of money from the same booters they protect their customers from.

by xorcist

5/11/2026 at 9:03:24 PM

So "big companies only, absolutely no anonymous sign-ups" should be the only ones able to put stuff on the internet without fearing that a random teenager can take your site offline for days just because they're bored?

by peanut-walrus

5/11/2026 at 10:15:24 PM

No. Nobody said that.

Cloudflare should simply enforce basic rules, like "don't run a cybercrime storefront", rather than letting criminal operations like this proliferate.

by RIMR

5/11/2026 at 10:42:12 PM

How? Their sign-up flow would have to change dramatically. It might even become a process that is internally "expensive". There is likely one or more managers in charge of this decision and they don't want it. Additionally the current universe rewards the current situation (for them)

by edoceo

5/11/2026 at 11:18:21 PM

This is called KYC and is a standard part of operating a financial service. Seems to me like it should be part of internet infrastructure services as well. And, I thought, in some cases already is?

by eblume

5/11/2026 at 11:37:40 PM

... and financial services companies huge and small still go out of their way to help their clients move money around in a myriad of ways, because it's very lucrative and there are so many loopholes and ways to obscure things. Offloading the responsibilities of law enforcement and regulatory bodies to private companies makes things worse for everybody. Providing non-crime services to criminals should not be a crime any more than selling a candy bar to a criminal is. As long as you aren't actively aiding or covering up for a crime, not reporting criminal activity is not even a crime in many areas, and if KYC can effectively identify criminals, law enforcement should be able to do it themselves.

by t-3

5/12/2026 at 6:31:49 PM

No fintech within reach of the US government is going to give money to terrorists under sanctions on the SDN without facing severe fines/consequences. That various groups have faced consequences for giving money to terrorists is a sign of the system working, not that it doesn't work. No system is going to be 100% perfect, but the US is pretty serious about having no one they have control over sending money to eg North Korea.

by fragmede

5/13/2026 at 5:04:31 AM

Ok, terrorists and countries we've been at war with for 70 years. What about drug dealers, mafias, hitmen, corrupt politicians, white collar criminals, scammers, etc? Criminals that actually threaten Americans? Nobody cares about whether terrorists or whatever tinpot dictator can get funding through US banks, because the CIA is bringing pallets of cash to them anyway.

by t-3

5/12/2026 at 4:00:34 AM

KYC is useless as a regular user. I hope it never infects industries outside the financial system.

Why care about them hosting an info page for anyone? Cyber criminals supposedly can host it a billion other ways so why care?

by ozgrakkurt

5/11/2026 at 11:20:12 PM

Plausible deniability is all they really need. Asking companies not to make money in very likely to be legal ways will never work. If these people are really doing illegal business in plain sight it should be easy for law enforcement to catch them.

by t-3

5/12/2026 at 3:07:42 PM

The danger with this is that you're asking cloudflare to know more about you and your website and to be more ready to take websites offline. That's a monkey paw if ive ever seen one.

by array_key_first

5/11/2026 at 10:14:08 PM

Seems like they could use Tor onion sites just as easily tbh.

by iamnothere

5/12/2026 at 5:24:13 PM

Why don't they?

by michaelmrose

5/12/2026 at 8:42:42 PM

Good question—they should?

Or maybe not, I’d rather have more Tor sites that aren’t questionable content. It’s a great tool for hosting even personal sites if you appreciate privacy and resilient infrastructure.

(The great thing, though, is nobody can prevent you, or anyone, from hosting your site there.)

by iamnothere

5/12/2026 at 1:29:24 AM

Why didn't those companies use Telegram?

by charcircuit

5/12/2026 at 12:59:07 AM

You mean if CloudFlare didn’t protect DDOSers, CloudFlare wouldn’t be able to provide as much service to the victims ?

by BobbyTables2

5/11/2026 at 9:38:11 PM

I have no insight into this particular case/incident, but I do have to deal with a lot of http traffic management, and I've lately been seeing Cloudflare IPs show up a lot more often in my logs for probes and nuisances, and not because the traffic is being proxied (or at least, it doesn't have the CF-Connecting-Ip header).

Used for these attacks, dunno, used for some attacks, yes. (But CF still remains a much less frequent nuisance than pretty much any other infrastructure provider.)

by thaumaturgy

5/11/2026 at 10:10:57 PM

One of types of services Cloudflare provides goes by the name "Warp". Calling it a VPN is only wrong in ways that don't really matter — it has the effect of causing client traffic to appear to originate from a different IP address to the one they're notionally connected to the Internet via.

by andrewaylett

5/11/2026 at 10:01:54 PM

I also found this confusing. And given how thorough and precise the author was with other elements, it seems like a deliberate gloss.

by anon84873628

5/12/2026 at 3:52:02 AM

Yes, agreed these are very different things. Also I'm not really sure the argument holds, there are plenty of AWS Command and Control hosted servers and AWS victims, is AWS to blame or blackmailing? The answer is a large no.

by corvad

5/12/2026 at 6:42:12 PM

AWS does have an abuse department though, and if you're in that space, you can send them abuse reports and they'll do something about that.

by fragmede

5/12/2026 at 5:20:24 AM

Linux users and FUD. Name a more iconic duo

by TiredOfLife

5/11/2026 at 8:17:08 PM

people will always be able to pick a handful of sites they think shouldnt be allowed to use cloudflare hosting services. the problem is that every person will have a different handful of sites. cloudflare should host everything and anything unless and until a lawful order is received.

if they start sticking their fingers into sites and determining whether the site's content is "appropriate" or whatever, based on some sort of nebulous set of criteria, people will get (justifiably) big mad about it, guaranteed.

the "renting attack capacity [from cloudflare]" should have some evidence behind it, because as far as i am aware, the attackers are not using cloudflare infrastructure for the actual attack.

(its really jarring to see the general sentiment on this submission vs. the general sentiment on google submissions)

by john_strinlai

5/11/2026 at 11:04:47 PM

"... its really jarring to see the general sentiment on this submission ..."

I am heartened to see a high default level of suspicion, bordering on contempt, for a global observer MITM'ing as much of the Internet as they can.

I'm not sure if Cloudflare is a malicious actor but we should all behave as if they are.

by rsync

5/11/2026 at 11:19:01 PM

you are heartened to see people advocate for cloudflare to start proactively and arbitrarily deciding who can host legal content, instead of being content-neutral?

their size and the "man-in-the-middle"-ing is a huge problem. however, i dont think the solution is to encourage them to also start acting as content police.

i dont trust cloudflare, which is exactly why i dont want them policing my legal content. you want the "malicious actor" to exercise more control?

by john_strinlai

5/12/2026 at 2:10:15 AM

I don't think it's proactive, most people are just saying they should respond to abuse reports more or should be treated based on their lack of response.

If I'm hosting anything I don't have to proactively police it. If someone alerts me that a certain domain I'm hosting points to something illegal, I then decide if I want to remove it or not (and don't decide this based on a shell script). Cloudflare is apparently just fine removing child porn when reported, so we know they are making an active decision in every case, and we can judge them based on their decisions.

by tardedmeme

5/12/2026 at 1:02:15 PM

>If someone alerts me that a certain domain I'm hosting points to something illegal

neither of the pages that people want taken down are illegal.

by john_strinlai

5/11/2026 at 11:16:47 PM

>I'm not sure if Cloudflare is a malicious actor but we should all behave as if they are.

Theres sentiment and content. If you claim something without evidence, you become another malicious actor.

by protocolture

5/11/2026 at 8:38:14 PM

Most companies have TOS that include not damaging or attacking the company itself. The advertised service attacks Cloudflare explicitly. It seems very straightforward that this would violate any reasonable TOS.

edit: and here it is straight from their TOS

https://www.cloudflare.com/en-ca/website-terms/

"7. PROHIBITED USES

As a condition of your use of the Websites and Online Services, you will not use the Websites or Online Services for any purpose that is unlawful or prohibited by these Terms. You may not use the Websites or Online Services in any manner that could damage, disable, overburden, disrupt or impair any Cloudflare servers or APIs, or any networks connected to any Cloudflare server or APIs, or that could interfere with any other party's use and enjoyment of any Websites or Online Services. You may not transmit any viruses, worms, defects, Trojan horses, or any items of a destructive nature through your use of Websites or Online Services. You may not exceed or circumvent, or try to exceed or circumvent, limitations on the Websites or Online Services, including on any API calls, or otherwise use the Websites or Online Services in a manner that violates any Cloudflare documentation or user manuals. You may not attempt to gain unauthorized access to any Websites or Online Services, other accounts, computer systems, or networks connected to any Cloudflare server or to any of the Websites or Online Services through hacking, password mining, or any other means. You may not obtain or attempt to obtain any materials or information through any means not intentionally made available through the Websites or Online Services. You may not to use the Websites or Online Services in any way that violates any applicable federal, state, local, or international law or regulation (including, without limitation, any laws regarding the export of data or software to and from the US or other countries).

Cloudflare retains the right (but not the obligation) to block content from its Distributed Web Gateway that Cloudflare determines (in its sole discretion) to be illegal, harmful, or in violation of these Terms. For these purposes, illegal or harmful content includes but is not limited to: (a) content containing, promoting, or facilitating child sexual exploitation and abuse or human trafficking; (b) content that infringes on another person’s intellectual property rights or is otherwise unlawful; (c) content that discloses sensitive personal information, incites or exploits violence, or is intended to defraud the public; and (d) content that seeks to distribute malware, facilitate phishing, or otherwise constitutes technical abuse."

by tensor

5/11/2026 at 8:46:43 PM

cloudflare is not hosting the infrastructure doing the actual attacks. the attack is coming from residential proxy servers, not from the webpage being hosted by cloudflare, which is just a marketing page and a login portal. that clause is not really applicable.

in any case, its not a question of whether cloudflare can remove a website. of course they can, for whatever reason they want.

its a question of whether we want to be in a world where cloudflare starts making content-based decisions on website hosting. most people probably dont want that.

by john_strinlai

5/11/2026 at 11:42:23 PM

> the webpage being hosted by cloudflare, which is just a marketing page and a login portal

thus being used for illegal and harmful activities right?

> Cloudflare retains the right (but not the obligation) to block content from its Distributed Web Gateway that Cloudflare determines (in its sole discretion) to be illegal, harmful

Not that I have any hope for TOS violation claims. I've learned early on in life that people generally don't care in life if you violate rules they invented if they're not impacted themselves. They do care if they violate someone else's rules and there is a chance of repercussions. There are exceptions, quite a few hosting companies in fact, but Cloudflare so far hasn't acted like a party that has the good of the web in its interest (even when strictly speaking of whom they offer services to despite them doing harm). Just wanted to point out that the cited clause, assuming it is correct as stated above, could be applied at Cloudflare's discretion if they so wished

by lucb1e

5/11/2026 at 11:47:11 PM

>thus being used for illegal and harmful activities right?

neither the login portal page nor the marketing page are illegal.

>Cloudflare so far hasn't acted like a party that has the good of the web in its interest

for a lot of reasons, i generally agree with this statement. however, for this specific reason (maintaining a content-neutral approach, instead of playing content-police), i could not disagree more. cloudflare making hosting decisions based on the legal content of your site would be a huge disservice to the internet.

by john_strinlai

5/12/2026 at 6:40:47 PM

What's inside the login portal? I honestly don't know and am genuinely asking but the article didn't seem to go into it, but if the login portal leads to a page with a btc/other crypto address and a text box where the attacker enters ubuntu.com and a submit button labeled DDoS, should that bit be legal?

by fragmede

5/11/2026 at 10:05:55 PM

Wait, the webpage hosted by cloudflare, as you say. So yes, they're not hosting the infrastructure doing the actual attacks, they're "just" hosting the infrastructure for the site advertising the attacks.

"You may not use the services to attack our infrastructure. You may use the services to advertise and charge for attacking our infrastructure".

by FireBeyond

5/11/2026 at 10:10:02 PM

correct, you should be able to host any lawful website you want.

if a police investigation turns up that X DDoS is linked to Y advertising site, the police should then submit a lawful takedown request, which cloudflare will oblige.

by john_strinlai

5/11/2026 at 8:52:46 PM

[flagged]

by tensor

5/11/2026 at 9:04:56 PM

No. You want it because you are shortsighted. Others don't want that. If it is illegal, go and sue.

by CrimsonRain

5/11/2026 at 9:38:08 PM

They have been suing and winning. Yet Cloudflare continues. I'm not a fan of overzealous companies, like La Liga, cutting out massive portions of the internet in Spain during football matches, but Cloudflare isn't the good guy here either.

La Liga sued Cloudflare in Spanish court and won. Cloudflare now starts taking down content that directly violates La Ligas copyright, but mainly only in Spain. It looks like Cloudflare will happily still serve the exact same content outside of Spain.

In response to these court rulings, the got the US government involved and now there is talk of this being a digital trade barrier.

https://www.courthousenews.com/spanish-soccer-league-battles...

by mschild

5/11/2026 at 9:36:36 PM

You don't sue for criminal activity, the police come and collect you and you go to jail.

by tensor

5/11/2026 at 9:10:45 PM

I think you may have missed the forest for the trees; the concern is about the slippery slope that may lead to a for-profit company (also the risk in case it's non-profit; see OpenAI shenanigans) controlling what content you can read, what operating systems you can download, etc... and the fear is about protection rackets leading us to being stuck with a monopoly or an oligopoly at best that enforce that censorship.

by rolandog

5/11/2026 at 10:04:28 PM

He hasn’t missed it, he (and the others agitating for this) want to be able to pressure certain websites off the internet, whether or not they face action in an actual court.

by iamnothere

5/11/2026 at 9:04:11 PM

The split is on who decides when the account should be terminated as criminal for legal reasons, not whether we should support criminals regardless.

by zamadatix

5/11/2026 at 9:01:56 PM

>We already live a world where your service is terminated for illegal activity. Of course we want it, how is this even a question?

you are misunderstanding me, but im not sure if you are doing it on purpose.

if they receive a lawful order of course they should oblige. and without a lawful order they should not make content-based decisions on what to host.

>The mental loops people in these comments are using to support criminals is truly mind blowing.

this is a complete mischaracterization of what i am saying. and implying that i am... astroturfing for ddos? plain offensive.

i just dont want cloudflare ai-scanning my blog, seeing the word "DDoS" because i am in networking, and proactively removing my site from the internet.

by john_strinlai

5/11/2026 at 9:30:42 PM

Your account can get terminated for any other random nonsense though. Happens all the time, with cloudflare, google, github, everywhere. Everyone just pretends that "this can't happen to me". You want cyberspace free from any "evil" state jurisdiction, nor "coddling" so this is what you get.

by rini17

5/11/2026 at 9:37:07 PM

was this meant as a reply to someone else?

by john_strinlai

5/12/2026 at 5:54:37 PM

no it was reply to "i just dont want cloudflare ai-scanning my blog, seeing the word "DDoS" because i am in networking, and proactively removing my site from the internet."

by rini17

5/11/2026 at 9:34:32 PM

> if they receive a lawful order of course they should oblige. and without a lawful order they should not make content-based decisions on what to host.

You are ignorant of the law. You cannot host user content without being required to police it for at a minimum things like child porn.

But this is also not a remotely ambiguous case. Any normal service would instantly terminate a client account if the client is blatantly and openly advertising their service to disrupt the business. This is not some "slippery slope grey area" where maybe they are breaking the law but who knows. They have a website that says "Here is our service to disrupt cloudflare." It's as black and white as you can get and any normal service would instantly terminate them as soon as they became aware.

by tensor

5/11/2026 at 9:40:12 PM

>You cannot host user content without being required to police it for at a minimum things like child porn.

yes, child sexual abuse material is covered by law, i.e. they already have a lawful obligation for that thus do not require a separate lawful order.

the issue is around arbitrary content-policing, where the decision is made by cloudflare rather than the legal apparatus.

having a website that says you do ddos for hire is not illegal. (doing the ddos is the illegal part. but that was not done with cloudflare infrastructure = cloudflare should not be involved unless they receive a lawful order).

i am going to choose to ignore your additional mischaracterizations and insults. it would super cool of you to stop calling me ignorant, an astroturfer for ddos, etc. over a simple disagreement.

by john_strinlai

5/11/2026 at 10:11:34 PM

Yeah, there's a huge big hole you're ignoring:

That 18 USC 2 and 371 apply to the CFAA, too. What are those? Accomplice liability, which has been considered to include aiding and abetting. Hosting (and protecting, by virtue of your product) computer crime organizations could quite plausibly be rolled into accomplice liability.

by FireBeyond

5/11/2026 at 10:16:40 PM

cloudflare has no knowledge that <random site> is linked to <random attack on a completely different company, originating from random places on the internet> and they have no way of gaining that knowledge unless presented with a lawful order stating such.

if what you were saying was at all a plausible legal interpretation, it would have been brought to light over the last 16 years of lawsuits cloudflare has been involved in. or it would have been brought up by their literal room full of (actual) on-staff lawyers.

aiding and abetting requires knowledge of the crime and intent to facilitate it. cloudflare has neither.

by john_strinlai

5/11/2026 at 10:09:21 PM

[dead]

by iamnothere

5/12/2026 at 2:11:26 AM

You don't have to police content. You only have to take content reports and read them. (Assuming you don't live in a dictatorship)

by tardedmeme

5/11/2026 at 9:35:58 PM

One of the few reasonable comments on this thread.

I don’t see how cloudflare could have prevented this at all. Even if they took down the info site of the attackers they could just host it on GitHub pages, or a million other free static site hosters.

Zero evidence that cloudflare actually enabled the attack itself from what I can tell.

by somewhatgoated

5/11/2026 at 10:05:18 PM

Cloudflare enables this because their stance is that they are a neutral carrier who is not responsible for the data they carry. If I send an abuse report to github for content on their system, there is a chance that I will be annoyed by how they handle it.

Cloudflare's core thing OTOH is to hide who I could be sending an abuse report to,

Possibly they will forward it ( more likely not) , but they will include my personal information in a report to an entity that is unknown to me, who are likely criminals, exposing me to danger.

by yosamino

5/12/2026 at 6:56:51 PM

Do you think people in that space aren't going to go after the "million other" static site hosts for hosting their content though? Yeah it's a game a whack a mole but there are some motivated whackers out there because they really don't like DDoS for hire services.

by fragmede

5/11/2026 at 9:21:42 PM

>if they start sticking their fingers into sites and determining whether the site's content is "appropriate" or whatever

They already pick and choose. They have not decided to sit outside of it. Any claim about them not getting involved should be read as tacit approval. Because we know they will drop users they sufficiently disapprove of.

by dogleash

5/11/2026 at 10:10:19 PM

They have done this one time and the CEO said he regretted it.

by iamnothere

5/12/2026 at 5:23:11 AM

They have done it at least 3 times: The Daily Stormer, 8chan, and Kiwi Farms

by TiredOfLife

5/12/2026 at 11:24:07 AM

Thanks for the correction, I didn’t know they had done it again. Unfortunate that they allowed themselves to be bullied into deplatforming again. DDoS protection should be content-neutral, like electricity service.

by iamnothere

5/12/2026 at 6:44:12 PM

Which, the FBI can get the electricity shut off in a hostage situation.

by fragmede

5/12/2026 at 8:42:25 PM

We’re not talking about a hostage situation, we’re talking about extralegal deplatforming.

by iamnothere

5/12/2026 at 5:26:01 PM

Most people on planet earth will be able to trivially agree on a subset of all their lists which in fact shouldn't be able to use it

by michaelmrose

5/11/2026 at 8:59:53 PM

Articles like these seem to hold a weird belief that Cloudflare does not react to security reports or legal orders? From my experience, they react appropriately and relatively quickly compared to rest of the industry.

Could Cloudflare be more proactive or add more friction to their signups? Yes, probably, but the reasons they have outlined for not playing internet police make sense to me.

I don't think it should be a requirement to provide your credit card, phone number and a copy of your ID in order to host content on the internet...

by peanut-walrus

5/11/2026 at 9:42:45 PM

The internet worked for so long because people responsible for each little island did what was for the most part in the best interests of the rest of the islands. If you didn't, other islands would shut off their links to you. Law enforcement was a last resort because 1. the courts don't move at the speed of the internet and 2. nobody wanted the internet getting top down governmental regulation because it was trans-national.

Cloudflare spent a bunch of venture capital to give away expensive things for free and buy market share. If you convince all the grocery stores to move to your island, you can operate a den of criminal activity with no fear of everyone else shunning you.

Talk to anyone who fights botnets, malware, or online scams. Once you hit the Cloudflare dead end you just have to give up. Law enforcement isn't going to take up a case where only 7,000 peoples computers are infected, and Cloudflare isn't going to investigate and take action themselves.

by dsl

5/11/2026 at 9:58:06 PM

I do fight botnets, malware and scams. Criminals flock to any service where they can spread their stuff and appear legitimate. Google, Facebook, Vercel, Netlify, Amazon, Oracle, Microsoft, OVH, etc. In my experience, Cloudflare is not any more or less of a dead end than any of the other providers, there are some others in that list who deserve being called out a lot more.

by peanut-walrus

5/11/2026 at 10:13:34 PM

Yes, Cloudflare has always been really shitty and automated at responding to abuse reports, and because they are the front-end connection, it is impossible to pursue the report against the 'real' host unless Cloudflare is willing to provide you with information about where that host is: which they won't typically do, even if you are a fellow infrastructure provider. It's been several years, so maybe they have gotten better, but I would be surprised.

by Sebguer

5/11/2026 at 9:22:49 PM

I don’t think it should be a requirement to talk to cloudflare at all to host content on the internet. I certainly don’t.

by hdgvhicv

5/11/2026 at 9:41:31 PM

Oh absolutely agreed. Cloudflare becoming a giant internet chokepoint is certainly a real problem. It would be a much better world where ddos protection would not be a needed service or where we it was provided as a public service, rather than by private companies. However, that's not the world we live in.

by peanut-walrus

5/11/2026 at 9:38:02 PM

How did you get that from the comment? It’s the other way around - if you report criminal or illegal sites hosted by cloudflare they will take it down.

I’ve hosted content online for decades and never once talked to cloudflare.

by somewhatgoated

5/11/2026 at 10:15:12 PM

Will they? Have you gone through that process with them? In my experience (admittedly somewhat stale) it was fairly hard to get through to them, much less to get the information required to actually report bad actors to their real hosting provider that Cloudflare is fronting.

by Sebguer

5/11/2026 at 11:10:07 PM

I once came across a website hosting extremely inappropriate content while surfing the web. I discovered that this website was using Cloudflare for DDoS protection and other purposes. I had a bit of a look online and found out how to submit a complaint to Cloudflare. On that form, I was asked for my email address and no other personal details, if I remember correctly. On the very same day, I received an email confirming that my complaint had been accepted and was under review - presumably an automated response. It was already quite late, so I went to sleep.

And just a few hours later, I received a letter informing that the information about the website in question had been forwarded to the relevant authorities, as well as to the website’s hosting provider. To be honest, I didn’t read that second email until the next day (I was sleeping), and it seems the website's hosting provider acted quickly (or the site owners decided to cover their tracks), because when I went to that website to check how it is going, it was no longer active, no longer existed at all. It just was gone. That was about six months ago.

So... I won’t speak for others’ experiences, but in this particular case, they reacted quickly and quite effectively. Perhaps other people have had different experiences.

by dryarzeg

5/11/2026 at 10:57:11 PM

I haven’t but it seems you have gone through it successfully with some friction (which is probably good?)

by somewhatgoated

5/11/2026 at 11:04:55 PM

Cloudflare & AWS wouldn't even INVESTIGATE a abuse report I sent because there weren't any "infringing URLs" or "specific resources".

I provided enough evidence for them to at least be able to kickstart a internal investigation or even CONTACT the abusive customer, which they did not do.

If it were a stresser, all they would see is a login panel. It's not like these sites are publicly advertising what they're doing...

by hn773746483

5/11/2026 at 9:58:27 PM

That's not a "weird belief". Cloudflare positions itself as "infrastructure". That means they think they are not responsible for the content that they carry.

In a normal scenario, if you want to protect your systems from other "bad" systems on the internet, you can block them on the IP layer.

But Cloudflare operates at the IP layer proxying data between you and good and bad (and everything in between) systems.

In a normal situation you could block and report a site that is run by the the mob, by either blocking them at the IP level or by contacting the abuse@ of the organization that is hosting the content.

Cloudflare is making it so that you can't do either. And if you send an abuse report to Cloudflare, you cannot be sure that they will not just forward your contact information directly to the entity that you are complaining about. They have changed their stance over the years to appear more responsible, but the fact remains:

If I want to send an abuse@ report to a system that is hidden behind Cloudflare I can not be sure that they won't just forward it without me knowing who they are forwarding it to.

by yosamino

5/12/2026 at 2:25:08 AM

This is a good thing. You shouldn’t be able to get a Discord full of “activists” with personality disorders to spam someone’s host with false abuse reports and threaten them until the host boots them out of sheer annoyance.

by iamnothere

5/11/2026 at 10:08:17 PM

I dislike CFs role in the modern Internet as much as the next person, but this is a bunch of speculation trying to connect dots with no basis other than that a Canonical cert renewal happened on the same day as a company transfer.

There might be somewhat of a tangential story, however, in that Njalla seems to have reorganized or changed ownership fairly recently[1], and that Njalla and immateriali.sm seem to be related entities[2]

https://xn--gckvb8fzb.com/njalla-has-silently-changed-a-word... https://www.wipo.int/amc/en/domains/decisions/pdf/2026/dio20...

by Libre___

5/11/2026 at 7:00:29 PM

The article puts it very succinctly: Cloudflare fronts attackers for free and bills the victims for relief.

Ddos protection services can be cast as a digital protection racket where they have a perverse incentive to keep attackers attacking. “It's a dangerous internet out there; you'd better pay us to protect your website from the attackers using our free tier.” At the least, even if there is no active collusion or profit sharing or anything like that, there is not a clear side that the DDos protector service is on?

by wood_spirit

5/11/2026 at 9:59:53 PM

Ok, so what's the solution?

I do agree with your comment. But obviously Cloudflare didn't invent DDoS. If Cloudflare just magically disappears tomorrow, the AI crawlers won't stop. So what's the alternative? It's not a world you need to upload a government-issued ID to browse the internet, right? ...right?

by raincole

5/11/2026 at 10:02:44 PM

Don’t offer service to DDoS rings?

by acdha

5/11/2026 at 10:41:49 PM

That doesn't get rid of the important perverse incentives. They still "want" DDoS all over from a monetary perspective. Kicking off the web page of the attackers will have a slight impact but not a whole lot.

by Dylan16807

5/12/2026 at 5:58:34 PM

Perhaps, but not accepting money from criminals is always a good idea and it would cause problems for those guys as their competitors push them off-line. Just because they wouldn’t go away doesn’t justify helping them.

by acdha

5/12/2026 at 6:09:22 PM

Are they getting paid by the criminals? It sounds like a tiny little site that's extremely within the free limits.

by Dylan16807

5/12/2026 at 9:50:37 AM

Government or non profit run ddos protection service.

by 0dayz

5/11/2026 at 7:05:34 PM

The thing is, you can control a neighborhood, a country etc. from attackers and establish control over violence.

How can we do that, if we would like to preserve relative anonymity and global nature of the internet?

People can indeed form cooperatives to handle the protection, but this is hard to manage globally as an entity. DDoS protection is done by primarily having too much capacity to tank it and then filter it. The required investment is rather high.

by okanat

5/11/2026 at 7:22:01 PM

You can’t have both ‘sockpuppet-grade anonymity’ and ‘held liable for their actions’ in the same society, whether Internet or otherwise. Both in reality and online, those that create sockpuppet corporations-slash-identities are unmasked only when their web of sockpuppetry is pierced by e.g. ‘reused a mailbox’, ‘used a neighbor’s identity’, ‘used a family member’s identity’, and so on. Until such investigations, sockpuppets get away with billions of dollars-slash-gigabits of crimes every year, and barring the ever-incompetence of most criminals, the Internet is a vast improvement over shell corporations in that regard. Still. It is technically possible to be able to ban the controlling human of an online sockpuppet without violating their anonymity, but we lack the societal infrastructure to do so — and since our own techno-utopian societies have invested no effort in doing so, it seems like the core utopian ideal could be ‘freedom from consequences’, rather than ‘freedom of anonymity’. If that’s a valid interpretation, then the core issue is not ‘preserve relative anonymity’, it is ‘preserve relative non-liability’, which may offer new avenues for much cheaper investment than pseudoanonymity would cost.

by altairprime

5/11/2026 at 7:10:21 PM

This seems like one of those cases where you need to assign responsibilities and obligations to those enabling the damage, even if their offerings also enable a lot of good. If you have the capacity to offer cheap/free VPS, then you also need to cover the cost of protecting against the DDoS attacks that service enables. You don't get to offload that burden on to the victims. If that makes your VPS offerings more expensive then so be it; that's the result of pricing in the externalities.

by idle_zealot

5/11/2026 at 10:51:30 PM

> If you have the capacity to offer cheap/free VPS, then you also need to cover the cost of protecting against the DDoS attacks that service enables.

Which would drive the cost back up. What you are saying is that it should be impossible to run cheap services, and therefore hobbyists and shoestring startups are not allowed anymore.

And as the sibling comment points out, where does this stop? Should ISPs be liable? DNS providers? Banks (already becoming an issue btw)? Why not just cut off anyone who looks suspicious from society, just in case?

We have a legal system for a reason. It may be slow and imperfect, but it’s better than the alternative. Rule by law beats rule by man any day of the week.

by iamnothere

5/11/2026 at 8:47:22 PM

So if your kid downloaded a shady app, and it turned out that app had some residential VPN SDK, are you on the hook too? Does it stop at DDoS attacks? If it turned out they were scraping linkedin, can they sue you for a thousands of dollars of "harm" that you enabled?

by gruez

5/11/2026 at 9:10:34 PM

Seems petty clear the intent of the post you are replying to isn't to hold random parents accountable for thousands and instead to hold app developers (add maybe too open app marketplaces) accountable for malicious app behavior

by collingreen

5/11/2026 at 9:35:56 PM

This road seems to lead to the exclusion of third party app stores and/or the ability to load apps that aren't signed by Google/Apple.

by TomatoCo

5/11/2026 at 10:12:18 PM

That’s what they want, it’s why you often see people popping up in discussions on HN supporting licensing for software developers.

by iamnothere

5/11/2026 at 8:33:07 PM

Same with ISPs.

by cuu508

5/11/2026 at 7:14:54 PM

> People can indeed form cooperatives to handle the protection, but this is hard to manage globally as an entity.

This is a fascinating idea. Is this something anyone is working on?

by radlad

5/11/2026 at 7:33:23 PM

In a sense, one can argue IPFS can do it, provided the content is syndicated widely enough. It is not, though.

Similarly, BitTorrent does roughly the same once the peer relationships are established.

by necovek

5/11/2026 at 8:41:34 PM

Then there is going to have to be geographic separation. Someone completely out of your jurisdiction or control can bring essential services down, leadership only has one option, to put up a Great Firewall. Or the wider public internet will be abandoned naturally as AI slop infests it.

by tencentshill

5/11/2026 at 10:19:28 PM

There's a simpler explanation: Cloudflare (generally speaking, not 100%, as in the case of The Daily Stormer[1]) does not censor presumably-legal content traveling through their systems, and do not themselves opt to be arbiter of legality.

[1]: https://blog.cloudflare.com/why-we-terminated-daily-stormer/

by sneak

5/11/2026 at 7:16:35 PM

It's a protection racket born of fundamental weaknesses in the Internet's bedrock protocols.

by api

5/11/2026 at 7:01:33 PM

Completly agree, cloudflare protects scammers on a huge scale and no one cares...

All the faceshops I have reporeted to cloudflare, all these phising pages behind cloudflare I reported, never came down.

None of them.

For a company making billions, protecting people, they should take this stuff serious.

by AntiUSAbah

5/11/2026 at 7:09:33 PM

If you’re not using the legal system to seek action from Cloudflare, you’re unlikely to be heard by them. “I was injured for $20 and I seek as redress the customer payment details (issuing bank, account number) provided to Cloudflare so that I can identify and file a claim for financial redress against them” would be a lovely small claims lawsuit, for example. I haven’t heard of anyone trying that yet but I’d love to admire the results if someone does!

by altairprime

5/11/2026 at 10:20:17 PM

Would you prefer a huge organization that arbitrarily censors websites without a mechanism for appeal or legal process? The current state of affairs is way better.

by sneak

5/11/2026 at 11:13:47 PM

Can you seriously see no space between hosting people advertising DDoS-for-hire services and arbitrarily censoring the Internet? Is this what passes as civil discourse these days?

That's especially rich considering that Cloudflare is the actor perhaps best known for blocking access to the Internet for people who seek privacy. Have you tried using Tor during the past several years? Or just a lesser popular web browser?

Look, it's very simple. When any one of your customers is exactly the criminal you sell protection against, you drop them, otherwise you are aiding and abiding. Perhaps not exactly in the sense of the law, if you have expensive enough lawyers, but in practice.

by xorcist

5/11/2026 at 10:26:13 PM

The current state of affairs is that cloudflare is that huge organization that arbitrarily censors websites without a mechanism for appeal or legal process.

Cloudflare actively removes your ability to decide for yourself which websites and systems you want to connect to by obscuring their sources.

Without Cloudflare I could decide for myself that I want to block certain networks to connect to my networks.

Cloudflare hiding the origin of these networks along with it's size in the market make Cloudflare exactly that huge organization.

by yosamino

5/11/2026 at 10:49:25 PM

> The current state of affairs is that cloudflare is that huge organization that arbitrarily censors websites without a mechanism for appeal or legal process.

Where are they censoring? You're talking about more than a single digit number of sites ever, right?

> Cloudflare actively removes your ability to decide for yourself which websites and systems you want to connect to by obscuring their sources.

What, you look up the ASN of sites before you decide if you want to connect to them? That ability is very unimportant at best. And any CDN or cloud host does the same kind of source-obscuring for servers.

> Without Cloudflare I could decide for myself that I want to block certain networks to connect to my networks.

How are they stopping you from filtering incoming connections? By running a VPN? I'm pro-VPN.

by Dylan16807

5/11/2026 at 7:00:50 PM

I always assumed ubuntu was brought down to prevent ubuntu servers from patching copy.fail, so that hacking group could exploit as many targets during that time as possible

by PcChip

5/11/2026 at 7:38:24 PM

> I always assumed ubuntu was brought down to prevent ubuntu servers from patching copy.fail

On Ubuntu copy.fail could be mitigated against with some modprobe(8) config tweaks:

    # echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif.conf
    # rmmod algif_aead
There may be some processes that use this functionality ("lsof | grep AF_ALG"), but it is not that widespread AIUI, and so disabling it should not be an issue for the vast majority of systems.

by throw0101c

5/11/2026 at 7:09:02 PM

copy.fail patches can be applied with minimum downtime, and a VM reboots in 30 seconds, tops, regardless of size. I believe all the apex servers are configured as HA to keep the load distributed, so normal users won't feel anything when copy.fail is patched.

Our users didn't feel a thing when we rolled out the patches.

by bayindirh

5/11/2026 at 7:18:13 PM

But the Ubuntu update servers are necessary to serve the update. Taking them down prevents the users from downloading the update. I don't know whether the update servers were affected though.

by Lukas_Skywalker

5/11/2026 at 9:58:31 PM

They were affected, update service was intermittent for a couple days

by queenkjuul

5/12/2026 at 3:31:37 AM

It is apparently still intermittent as it no longer works when I'm on a VPN, but does work when I disconnect from the VPN.

by rationalist

5/11/2026 at 6:56:08 PM

That'd be extortion, not blackmail. CF did neither thing.

by luma

5/11/2026 at 7:04:19 PM

With this kind of logic we can blame keyboard manufacturers for the illegal things their products wrote.

by aggakake

5/11/2026 at 8:54:47 PM

This is a service, not a device sale. Continuing to provide a service to an organization that is using it to support criminal activity is very different and terminating clients for illegal activity is not controversial.

by tensor

5/12/2026 at 1:28:54 AM

>At Beamed.su, we provide a professional stresser panel intended for security researchers and network administrators to test their own assets.

It's the customers of Beamed doing the illegal activity and not Beamed themselves.

by charcircuit

5/11/2026 at 8:51:51 PM

Not the same case. If you get a bomb on a ups package, that's not UPS' fault.

But if you tell UPS someone is using them to send bombs to people, and they don't act on it in the least and even look like they are shielding bomb senders, then it starts being their fault a little bit, doesn't it?

by PowerElectronix

5/11/2026 at 10:33:38 PM

What if there are one or two bomb senders out of the millions of people sending normal packages, and you have hundreds of thousands of false “tips” that are actually just harassment campaigns? Do you cut off service to the victims just in case? What if you can’t tell what half of the packages even are? Mystery mechanical parts and circuits?

by iamnothere

5/11/2026 at 9:59:58 PM

But in this case, all UPS was doing was delivering flyers for the bomb-makers, not delivering bombs.

by queenkjuul

5/11/2026 at 9:42:01 PM

How are they “shielding bomb senders” though? Because their marketing static page was hosted through cloudflare? Taking that down wouldn’t have changed anything here either.

by somewhatgoated

5/11/2026 at 10:18:40 PM

This is a flawed analogy. The "keyboard manufacturer" in this scenario is the "router manufacturer" who Cloudflare buys off of, not Cloudflare.

In your scenario Cloudflare is more like a newspaper aggregator which carries all sort filth along with it's normal commentary.

If this was a normal situation one could just decide not to read some filthy newspapers, while letting those who want to read it make that decision for themselves.

But in the Cloudflare scenario all the major relevant normal newspapers decided to publish all their content through Cloudflare and if something objectionable is published along with it, instead of taking your beef to the original publisher, you have to to take it up with Cloudflare who might just forward your details to some very unsavory people without you having a chance to know beforehand.

by yosamino

5/11/2026 at 7:10:13 PM

Or water companies for selling water for them. Where is the line?

by nicce

5/11/2026 at 7:18:57 PM

If a billboard company accepted an ad that included a threat on the president’s life or recruitment info for a known terror organization, are they complicit in the crime? Water is a basic utility so I don’t think that’s a fair comparison

This is more like a firearms dealer selling a gun to someone after they put their intended usage as “robbing banks” in the ATF form

by mcmcmc

5/11/2026 at 7:51:41 PM

> If a billboard company accepted an ad that included a threat on the president’s life or recruitment info for a known terror organization, are they complicit in the crime? Water is a basic utility so I don’t think that’s a fair comparison

Yet Meta and Twitter are doing fine, while this has happened.

Water was kinda intentional extreme end. Is there a line? Where is the line? Giving food for someone before they make a murder can give you much bigger jailtime than not giving it, and then just ignoring the knowledge that they are going to make a murder. It is not what you do but the act itself.

by nicce

5/11/2026 at 9:44:15 PM

Nah this is more like a billboard service “selling” a billboard to someone (for free) and the billboard reads something like “wanna have a bank robbed for you? call me” — tbh not sure if that is illegal (probably depends on jurisdiction?)

by somewhatgoated

5/11/2026 at 11:11:47 PM

Note in this example that the billboard seller is not told what messages will be placed on the billboard, and the billboard itself is a digital billboard that can change messages instantly on command and without permission required from the billboard seller.

by iamnothere

5/11/2026 at 7:25:12 PM

Obviously we need to go after supermarkets and corner stores since criminals eat, so somewhere past that.

by sophacles

5/11/2026 at 7:23:57 PM

how does anyone not know where the line is?

An example that makes it more clear: "by that logic it's my fault that i was robbed for leaving the door to my house unlocked."

No, it's the robber's fault you were robbed. The robbery is the illegal part. It is not illegal to leave a door unlocked. Back to your train wreck of an example: it is not illegal to sell keyboards, and it is not illegal to provide water to people. Extortion is illegal. Denial of Service attacks are illegal.

That's where the line is. It is the border between legal and illegal.

by naikrovek

5/11/2026 at 9:55:56 PM

Cloudflare didn't say "give us money or we'll cause you harm"... so no extortion. Cloudflare infrastructure wasn't used for the attack, so no DoS attack.

They sold services to two customers, one of whom did a crime independent of cloudflare.

If a robber sees Bob buy a bunch of expensive electronics at WalMart, and then buys a crowbar and robs him, is WalMart somehow responsible for the robbery?

by sophacles

5/11/2026 at 10:34:39 PM

> If a robber sees Bob buy a bunch of expensive electronics at WalMart, and then buys a crowbar and robs him, is WalMart somehow responsible for the robbery

Yes, if Walmart somehow knew robber’s intentions, but sold anyway. That is the primary question actually. Was the intent or act known or not.

by nicce

5/11/2026 at 10:58:27 PM

Should Walmart be responsible for performing background checks on people buying crowbars to ensure they don’t intend to do harm? What about lighter fluid? Rat poison? Baseball bats?

by iamnothere

5/12/2026 at 4:45:00 PM

you keep missing the point. is it intentional?

by naikrovek

5/12/2026 at 8:41:37 PM

I believe I simply disagree with you.

by iamnothere

5/11/2026 at 9:04:53 PM

Firearms companies for wrongful death, keyboards for hacking, 3d printers for suicide drones. Shovels for holes.

by esseph

5/11/2026 at 7:19:42 PM

I'm not sure how correct this is but when you upgrade your tier on Cloudflare aren't the costs basically up to Cloudflare?

With the horror stories heard over the years I think a real issue is no hard pricing cap with forced shutdown.

Unless that's changed? I booted them a year ago..

by JeremyJaydan

5/11/2026 at 11:20:52 PM

There's not even any proof Beamed was responsible for the attack in the article--it's all speculation.

"Anonymous person on the internet claiming <thing>" is proof of nothing.

It's just as likely someone claimed they used Beamed to try to get a competing service taken down or direct attention elsewhere.

Don't get my wrong, Beamed looks like a scummy booter service with no legal purpose.

However, claiming companies should deplatform sites based on speculation is, imo, a very dangerous precedent.

by nijave

5/11/2026 at 7:23:02 PM

Hanlon's Razor applies here. "Never attribute to malice that which is adequately explained by stupidity."

Pretty much anyone can get onto the free tier for Cloudflare. The fact that someone is, doesn't mean that there is a business relationship with Cloudflare. There isn't.

In order to make this business model work, Cloudflare does essentially no due diligence. Getting onto the free tier before you need it, is cheap. And then if you really need them, you have every reason to start paying.

Ideally you'd hope that they would allow third party takedowns. But the ability to do third party takedowns provides a target for the exact attackers that their business is trying to protect against. They wouldn't have a business if they made that a viable target!

But the result of these business decisions, made for their main customer acquisition flow, makes them a tempting place to host malicious content, as well as good. Black hats make a sport out of taking each other out. And so have every reason to use Cloudflare.

Still doesn't indicate a relationship between Cloudflare and the bad actors who are taking advantage of the setup.

by btilly

5/11/2026 at 7:27:11 PM

> Ideally you'd hope that they would allow third party takedowns. But the ability to do third party takedowns provides a target for the exact attackers that their business is trying to protect against.

I don't think that argument holds water. There's a world of difference between knocking a site offline with a DDoS and making a legal request which results in a hosting provider shutting it down.

by duskwuff

5/11/2026 at 8:35:43 PM

Sure. Any evidence such a legal request has been made in this case? If not, why the whining?

by semiquaver

5/11/2026 at 9:09:44 PM

They are both denial of services. While there indeed differences between them, they don't seem relevant here.

If a third party takedown system is poorly implemented (and it's pretty hard to create a balanced takedown system at scale), it may become more effective to abuse it instead of using DDoS.

by fluffybucktsnek

5/11/2026 at 7:37:20 PM

What you are saying is that Canonical should have first updated the DNS to point at the attacker's web site IP (hosted by Cloudflare) for a few hours to let Cloudflare eat 3.5Tbps for a bit? :)

by necovek

5/11/2026 at 6:51:58 PM

This is insanely dumb. Cloudflare is providing free hosting services, not materially supporting the attacker. You can argue that cloudflare needs to be better, or adopt different values towards, taking down sites they host, but this organization could absolutely just serve elsewhere (or just advertise their services over telegram or the like).

Maybe there is a point to be made about monopoly power in hosting and ddos protection. I don't really see how this blog post, or labelling it blackmail, help make that point.

by jpereira

5/11/2026 at 11:06:04 PM

Seems unavoidable if you're running DDoS protection services. Of course the people performing the attack also don't want to get attacked back.

Taking down their info site wouldn't have made the attack go away anyway.

by nijave

5/11/2026 at 6:55:06 PM

It's not dumb. There's a conflict of interest.

by mjd

5/11/2026 at 7:07:44 PM

Yeah, I demand all my hosting providers be 100% vulnerable to DDoS for this reason.

by sophacles

5/11/2026 at 6:57:10 PM

It seems disingenuous to assume that CF offering some (unknown) amount of service to a malicious actor amounts to "blackmailing" someone that actor is attacking. CF could, and probably should, be better about not offering services to criminals but making a leap of logic certainly doesn't help anything.

by jmuguy

5/11/2026 at 6:47:42 PM

They didn’t.

by deadbabe

5/11/2026 at 6:51:15 PM

Yeah, probably not - because they don't explicitly have to, as outlined in the post. The very architecture of CF's services essentially enables "blackmail as a service" in the sense that, CF protects the attacker and essentially creates a coercive environment in which the victim "has" to pay CF to protect them from... the very attacker that CF protects.

by amatecha

5/11/2026 at 11:02:02 PM

> and essentially creates a coercive environment

This is the part that's wrong. CF is not creating the fact that sites are vulnerable to DDoS, and these attacks would happen even if the sites were kicked off.

If some guys are going around slashing tires, would we demand that tire repair shops not sell to them? Would we say it's blackmail because the tire shop sells to anyone, and selling tires to them "creates a coercive environment"?

by Dylan16807

5/11/2026 at 11:21:04 PM

A tire repair shop that also hosted a the National Tire Slashing Club for free in the back?

I think it's fair to assume that would cause some reactions.

by xorcist

5/11/2026 at 11:32:27 PM

That gets confusing because it sounds like a special thing they're doing in addition to their main function.

If the back of the store was a convention center that allowed basically any small club to use it for free, and of their many thousands of hosted clubs one or two were focused around tire slashing, that wouldn't cause the same reactions.

by Dylan16807

5/11/2026 at 6:50:35 PM

Right. It's more abstract than that. They protect (from legal consequence or even discovery) the attackers and host them on their infrastructure so they're untouchable. Then they sell the same "protection" to the victims. It's the classic mafia protection scam.

by superkuh

5/11/2026 at 6:53:01 PM

>They protect (from legal consequence or even discovery) the attackers and host them on their infrastructure so they're untouchable

Victims can't file a subpoena to get account details?

by gruez

5/11/2026 at 6:54:24 PM

I've never tried a subpoena. I've tried reporting them to ICANN for whois abuse contact violations and never received a response (after I recieved a response from cloudflare saying, "Go away, we don't care, sign up for our services and pay us to care."). Perhaps I should set up a gofundme or something for the thousands of dollars needed to get justice via subpoena.

If I were hosting illegal malicious actors doing this stuff on my home servers and refused to even say who was doing it I would 100% get my door kicked down by the FBI. But some persons, corporate persons, are more equal than others.

by superkuh

5/11/2026 at 7:12:13 PM

> If I were hosting illegal malicious actors doing this stuff on my home servers and refused to even say who was doing it I would 100% get my door kicked down by the FBI. But some persons, corporate persons, are more equal than others.

If you refused to tell some random person who asked? No, you wouldn’t. If you refused to respond to a legal authority—a court-issued subpoena, for example—then there would be consequences.

As far as cloudflare is concerned you’re just a random person asking. They have no legal obligation to provide you with information.

by CrazyStat

5/12/2026 at 11:15:55 PM

They have a legal obligation to provide a working abuse contact address. I guess you're saying that it is working when they say, "go away." and yeah, I can see that point of view.

But it also means that any domain fronted by cloudflare won't actually have contact information for the owner of the domain required by their legal contact with ICANN as a registrar.

by superkuh

5/11/2026 at 6:57:27 PM

>I've tried reporting them to ICANN and never received a response.

So ICANN is complicit too? After all, if we adopt your interpretation, in some way ICANN is also turning an blind eye, both to what cloudflare is supposedly doing and also to what the domain registrars are doing.

by gruez

5/11/2026 at 7:05:33 PM

ICANN doesn't get any kickbacks from Canonical needing to protect itself as far as I can tell. Cloudflare literally sells the protection.

by Xirdus

5/11/2026 at 7:24:26 PM

So ICANN is alright because they're protecting them for free, but Cloudflare is bad because they're protecting them for money?

by joemi

5/11/2026 at 7:47:12 PM

In a way, yes, that makes it more okay. You can't have a conflict of interest if you have no interest. Cloudflare has clear interest in hosting the malicious actors and it's in clear conflict with providing services to their other users.

by Xirdus

5/11/2026 at 7:22:53 PM

No you wouldn't. Unless you failed to comply with subpoenas/warrants/etc for it.

That assumes of course that like Cloudflare you were hosting a web page and not the actual illegal activity, and were following the laws around hosting things.

by sophacles

5/11/2026 at 7:08:10 PM

Yes.

I find a similar pattern to Meta's scammer ads.

Huge publicly traded companies benefitting from the illegal actions of their clients, turning a blind eye, or conveniently delaying their takedowns.

Big companies need to absorb the liability of small companies, otherwise you get this delegated Sybil Good bank/Bad bank attack

by TZubiri

5/11/2026 at 7:13:19 PM

If they accept money to display malicious ads they should be prosecuted as accessories to the crime tbh

by mcmcmc

5/11/2026 at 10:39:09 PM

who would be they in that case? I don't think entities can be charged criminally.

A more basic middle ground would be making the company liable for the damages (civil court not criminal).

by TZubiri

5/11/2026 at 7:20:29 PM

I am curious about the existence of https://beamed.su/

    The best IP Stresser service since 2022.
That is one way of putting "DOS" for hire

WTF does it really mean?

by worik

5/11/2026 at 7:23:19 PM

It is DDoS for hire. What are you asking exactly?

by IshKebab

5/11/2026 at 7:09:31 PM

Crimeflare - proudly extorting DDoS victims and protecting criminals while building a global surveillance dragnet since 2009!

by anonym29