© 2023 PDN Cyber Security Consultant. All rights reserved.
In a world where fast data transfer is now essential for businesses, CDNs (content delivery networks) have become a must: most of the world’s traffic travels through these services, which accelerate content delivery for faster loading of websites and minimal latency. CDNs also allow, to a certain extent, to protect sites, especially against DDOS attacks.
In this two-part article we will first talk about Cloudflare and its philosophy, before looking at its contribution to piracy.
Cloudflare, founded in 2007, is the market leader in CDNs, but that may not be why you know the company.
Indeed, year after year, data shows that about 80% of traffic to the top 250 piracy sites is routed through Cloudflare.
The company is well known for allowing pirate sites, and even terrorist sites to use its services, which include among other things masking IP addresses.
CloudFlare had revenues of $212 million in the first quarter of 2022, and a significant portion of this income came from illegal sites that violate the first clause of Cloudflare’s Terms of Service, which states, “By accepting these Terms, you represent and warrant to us… (iii) that your use of the Websites and Online Services complies with all applicable laws and regulations.”
And yet, as any rights holder who has tried to shut down a site infringing on their intellectual property knows, Cloudflare does ( almost ) never shut down the offending sites.
The company has been repeatedly accused of facilitating piracy, and making good money from it. Cloudflare has also been at the heart of social controversies that shed light on its philosophy.
It is, after all, legitimate to wonder whether intermediaries such as Cloudflare should be held responsible for the words written and content hosted on the sites that use their services.
The company’s policy, accordingly, is not to comply with requests for shutdown, nor to provide any information about its customers.
Cloudflare has nevertheless been led to remove several sites in recent years: the neo-Nazi site the Daily Stormer in 2017 and then the infamous offshoot of QAnon and 4chan, 8chan in 2019. They admitted several times that they were uncomfortable with this decision, as they consider themselves as an Internet public service, and do not feel responsible for the actions of their customers; they compare their company to a telephone service: it is not because customers make racist or insulting remarks during a phone call that their lines are cut; they therefore feel they can – and even should – behave in the same way, and refuse to act as a sort of Internet police.
In September 2022 a new case hit the headlines: the streamer, Canadian communist candidate and transgender rights activist Clara Sorrenti was harassed by the KiwiFarms forum, labelled “the worst place on the internet” by The Guardian newspaper. The site, a successor of 8chan, whose raison d’être is to harass internet personalities (mainly women, both cis and transgender), revealed her personal address and the hotel where she had taken refuge after this revelation. Forced to flee to Ireland, Sorrenti was threatened there too, once again after the revelation of her new address on the forum. The site is also responsible for her arrest by Canadian authorities, having used her identity to issue false threats, where it appeared that she was preparing to commit a mass shooting.
Cloudflare initially refused to shut down the site, regretting the flood of requests they received after the closure of 8Chan and Dail Stormer. However, after what Cloudflare spokesman Matthew Prince considered an “imminent threat” to Sorrenti’s life, Cloudflare was forced to comply.
The removals of the sites mentioned have set what they consider a “dangerous precedent” making it difficult for them to refuse increasingly frequent requests to take a number of sites offline – activists and copyright holders were the first, but many authoritarian regimes, who were trying to take human rights sites offline in their respective countries, soon followed.
At first glance, this has nothing to do with piracy. However, these various cases clearly show the position that the intermediary tries to adopt – that of a perfect neutrality, which allows everyone to express themselves and to see their content protected. It is precisely these rationales that are used by the company when it is confronted with withdrawal requests from the various rights holders.
The company’s managers have also repeatedly stated that they do not contribute “in any significant way to copyright infringement” while the vast majority of pirate sites use Cloudflare’s services, thus making themselves virtually immune to takedown requests.
However, their treatment of the above cases shows that in some situations, Cloudflare is willing to stop providing its services to the offending sites. Would it be possible for the site to take its responsibilities in the field of intellectual property and start cooperating, in the long run, with the authorities and the rights holders?
In our next article in mid-November, we’ll look at how this philosophy makes the company an enabler of piracy, and examine some of the recent convictions Cloudflare has faced in 2022.
In the meantime, if your content needs protection, don’t hesitate to contact us, we’ll be happy to help.