
Russian government threatens to block CloudFlare - rbanffy
http://rkn.gov.ru/news/rsoc/news24880.htm
======
ingenter
The cases of adding CloudFlare CDN addresses to the unified registry of banned
information٭ are becoming more frequent.

It is related to active use of this service by violators of Russian laws.

Attempts to determine hosting provider for such web-sites using whois return
CloudFlare IP addresses, hiding whereabouts information for this site in
Internet.

This makes interaction between Roskomnadzor and real hosting provider harder
and, factually, eliminates the possibility of removing illegal content in
time, to restore٭٭ access to the blocked resource.

CloudFlare representatives are refusing to cooperate and do not react to
official Roskomnadzor notifications.

Many conscientious resources using this CDN are blocked by ISPs in Russian
Federation due to lack of reaction from CloudFlare.

To avoid such situations we recommend hosting web-sites using native (russian)
hosting providers which abide Russian laws in good faith and timely restrict
access to internet-resources and information which is prohibited for
distribution in Russian Federation.

٭yes, it is as bad as it sounds

٭٭implying access will be restored after "illegal content" will be removed

~~~
dmpk2k
They actually do restore the site.

Russian authorities have blackholed my site a couple times because some trolls
posted illegal material there, and then turned around and reported that site
to the authorities. Once the files were brought to my attention and removed,
the blackhole was also removed.

As an aside, I hope authorities (and hosts) realise this is a trivial and
common tactic to take down websites. It's one of the cheapest and least
technical attacks available. Only the really large sites (the 0.1%) are immune
to it due to their stature. I'm tempted to say that attackers employing this
method are more skilled, because they understand risk-tree analysis better
than the clowns with huge fancy botnets.

~~~
memracom
I think that Ruskomnadzor does understand the dynamic nature of the Internet
which is why your sites were restored when you removed the illegal material.
They don't want to block you, they just want to stop Russians from ignoring
the law and sharing copyrighted materials.

Just remember, Russia is not the Soviet Union, neither the real one nor the
imagined one that the West is always going on about. Russia is a technically
advanced country that intends to be the most modern country in the world in
the 21st century. A force to be reckoned with.

~~~
ISL
Is 'force to be reckoned with' a prerequisite for modern-country status?

I can think of plenty of countries that I consider modern that cannot change
the course of global events by force, but do so by example.

Here in Seattle, USA, the way we teach our children mathematics may yet be
altered by ideas from Singapore, a modern country.

------
hotwatermusic
Russian here. It's only small part of what is coming from the goverment in
near future... Soon, if you are using/registering ".ru"-domain and use it, you
will have to "register" it in gov - pay ~30$ and wait for 5 days. If you
doesn't do that, then created site can be immediately blocked via providers
with no warning on any day. So a lot of us moving to .com now adays... Worst
is yet to come. Now we have a blacklist of domains, and maybe have to expect
whitelist in 2015 or so.

~~~
pistle
Emigrate. We appreciate the intelligence and skill of our Russian hacker
friends. Let's not lose a generation of highly-skilled talent due to psycho-
nostalgic policies. You guys have come too far for all this.

~~~
kovrik
Well, I'm a java developer from Russia and I want to emigrate. But don't know
how. A lot of people here want to leave Russia. But it's not as easy as going
from one state to another (USA) or going from one EU country to another.

~~~
mtrimpe
The Netherlands is very welcoming to knowledge migrants and offers lucrative
tax benefits on top, so just apply to one of the companies that are subscribed
to the ruling and you should do just fine.

You can find all companies that offer the ruling at
[https://ind.nl/zakelijk/openbaar-register](https://ind.nl/zakelijk/openbaar-
register) under the heading 'Erkende referenten Arbeid Regulier en
Kennismigranten'

Do keep in mind that homophobia is both not acceptable and that you'll meet
actual openly gay people here, so if you have a problem with that you'd
probably be better off elsewhere.

~~~
krbbltr
You have a funny way of making someone feel welcome, regurgitating memes and
stereotypes propagated by Western media. Really, that last line in your post
wasn't necessary.

Also, as the immigrant he will eventually be at the receiving end of at least
some minor racism or xenophobia, no matter how progressive and open you think
your society is. So lecturing him on that is kind of pointless as well.

~~~
mtrimpe
It's actually based on a real life example that happened to me personally
which cost myself and several other people their jobs.

In my experience there are _some_ Russians who come here expecting to be able
to be openly homophobic which, as I can personally attest to, is a recipe for
disaster.

I've worked with lots of Eastern Europeans and many of them have been
perfectly accepting of my orientation and the vast majority treated me
respectfully though.

Unfortunately, when you move from a society where being gay is still
considered a mental illness by 70+% of the population, you can't assume that
_everyone_ is just able to leave that behind when they move.

------
tempodox
"... information which is prohibited for distribution in Russian Federation"

— And what information would that be exactly? Maybe anything that wouldn't
agree with Putin & his cronies? The Russian gov't has been known to sit on
their hands (to put it politely) while dissenting journalists were being
killed off in the open street in bright daylight.

Fuck the Russian government.

~~~
ingenter
\- War propaganda; pornography and antisocial behavior propaganda

\- Free speech abuse: Extremism

\- Free speech abuse: Drug production and acquisition information

\- Free speech abuse: Secret information disclosure

\- Free speech abuse: Latent influence (e.g. hipnosis)

\- Anything related to extremism

\- Malicious programs

\- Information which is a crime by itself (slander, humiliation, call for
terrorism, offer for a drug use, etc.)

\- Improper advertisement (alcohol and tobacco ads)

\- Secret inforation

~~~
exo762
And in practice anything they want. Example: navalny.livejournal.com is not
available in Russia for some time. Not chosen articles, whole blog.

~~~
Elhana
For a good reason. If Snowden published US secrets soemwhere, how fast do you
think it will be taken down by cloudflare. wikileaks never had a problem with
hosting either it seems, right?

~~~
jessaustin
Perhaps you've missed it, but numerous media outlets have published US secrets
collected by Snowden. Where are the takedowns you expect against NYT,
Washington Post, Guardian, NBC News, etc.?

~~~
Elhana
Remind me, those photos of Guardian destroying Snowden files all over the news
sites are clearly because Russians forced them to? Or was it UK government?

~~~
bmm6o
That was a quick moving of the goalposts.

------
ShaneOG
English translation (Google translate) \--- The cases made ​​in the Unified
Register of banned information network addresses CDN- service CloudFlare. This
is due to the active use of this service sites - Russian law violators . When
trying to determine the hosting provider such websites whois services indicate
ip- address CloudFlare, concealing information about the location of your
hosting provider , providing accommodation in this Internet site.

This complicates the interaction Roskomnadzora with this hosting provider and
virtually eliminates the possibility of timely removal of illegal information
to regain access to locked resources .

CloudFlare representatives refuse to cooperate and do not respond to legal
notices Roskomnadzora .

In the absence of reaction on the part of many conscientious CloudFlare
Internet Resources using this CDN- service fall under lock operators on the
territory of the Russian Federation.

To avoid such situations , it is recommended to place web- sites on the
capacities of local hosting providers who operate in good faith and in a
timely manner the Russian legislation restricting access to Internet resources
with information dissemination in the Russian Federation is prohibited.

~~~
crashandburn4
Can someone translate the google translate? (obviously even better would be a
russian speaker translating/summarising the article)

~~~
bgentry
CloudFlare is hosting sites which, according to claims in this article,
violate Russian law. CloudFlare is not responding to legal notices from the
Russian government (or is not complying with the demands in these notices).

It sounds like they're warning website operators that they will be blocking
access to CloudFlare in the future, and that operators should move sites to
local hosting providers who comply with local Russian laws.

~~~
crashandburn4
I guess I don't understand this, I thought cloudflare was just a cdn and put
up static versions of sites when sites were under DDOS (along with DDOS
mitigation techniques), I didn't think they hosted sites themselves? am I
missing the point or do they host or act as an intermediary for some websites
or something similar?

EDIT: found this post which answers my question (obfuscated whois records is
the problem russia has with it):
[https://news.ycombinator.com/item?id=7572336](https://news.ycombinator.com/item?id=7572336)

~~~
huxley
WHOIS records come from the registrar not Cloudflare, perhaps they mean
obfuscated traceroutes?

------
jacquesm
Props to cloudflare. What with the number of websites that are using
cloudflare these days the public outcry against a ban of cloudflare would
probably be heard all the way to Warswaw. It might even have a Streisand
effect bonus causing people to wonder what exactly it is that they're not
supposed to be looking at.

------
rdl
How much did CloudFlare have to pay to get this advertisement and endorsement
from the Russian Government?

~~~
imikushin
This is a good one :) Build some decent service, have it used by human rights
activists, and any sufficiently oppressive government will advertize (the same
way) it for free.

------
dmpk2k
That's unfortunate. I happen to run a site somewhat popular with some Russians
(on a lark, since I don't understand anything), and it has attracted its share
of DDoS attempts.

CloudFlare has been a boon here. I don't pay them to speed the site up, nor to
hide from the government, I pay them so I don't need to spend any time on
these occasional low-grade DDoS attempts.

~~~
mtrimpe
I don't think it'll go anywhere fast.

Russia has been on a media-blocking spree, shutting down 'dissenting
opinions,' ever since the Ukraine conflict started. With CloudFlare they're
running into the problem that their infrastructure can't selectively block
specific CloudFlare sites and that blocking all of CloudFlare would cause far
too much of an outcry.

That's why this press release was made: as a feeble attempt to influence
CloudFlare.

If CloudFlare stands its ground (which it should given the political/human
rights nature of the majority of these blocks,) nothing will happen until they
block CloudFlare wholesale, which would probably not actually happen unless
the conflict escalates into Cold War II territory.

P.S. If anyone from CloudFlare reads this and you're not sure what to do with
it; go talk with the US government. I'm fairly sure they're willing to give
you all the support you might need.

~~~
anton_gogolev
> shutting down 'dissenting opinions,' ever since the Ukraine conflict started

Much, much earlier.

~~~
mtrimpe
Very true; although they did ramp it up significantly after the Ukraine
conflict.

I agree though that you could also turn it around and say that it was only
temporarily toned down a bit for the Olympics.

------
jmedwards
It took CloudFlare 5 weeks to even respond to one of our DMCA takedown
notices, let alone take action (which would simply include passing the DMCA
notice onto the origin hosting provider).

It is very frustrating - CloudFlare is used to protect a number of warez and
file sharing forums and websites, but we struggle to get hold of the origin
host information and have to go through CloudFlare who clearly are not geared
up to deal with it.

~~~
abc123xyz
Did you actually follow the DMCA procedure and send them a letter to their
registered agent, as is the law?

Anyways the worlds largest pirate ebook site LIBGEN.ORG is being run out of
Moscow apartment, so pot, kettle, black

~~~
jmedwards
Yes, and followed up 5 times.

~~~
swandive
Us too...

Cloud Flare and LeaseWeb are not playing nice. LeaseWeb is asking Cloud Flare
to give me the IP so that I can enter it into LeaseWeb's automated system, but
Cloud Flare refuses to do so.

They've sent the IP to LeaseWeb, but LeaseWeb refuses to do anything manually.

Ugh.

~~~
celsoazevedo
So... Cloudflare sent you the IP and they are not "playing nice"? You have to
understand that they can not remove any content because they don't have access
to the server. If you want to blame someone, blame LeaseWeb or Netherland's
law.

Also, Cloudflare chose to stay neutral and this is good in some cases and bad
in others. They may protect warez sites but they also protect websites with
content that some goverments and people loved to erase from the internet.

This can be bad for you, but the internet is not perfect...

~~~
swandive
No... CF sent the IP directly to LeaseWeb. Not me.

They refuse to send it to me, but LeaseWeb refuses to take any manual action
with it.

~~~
mirashii
Good. CF should not send you the IP address. If they sent the origin IP
address to any random person with a DMCA claim, their service would be
useless, as attackers would just send any old DMCA, demand the origin IP
address, and DDOS that.

------
mkriss
Probably CloudFlare makes difficult for Russian government to censor certain
sites.

------
kmfrk
Probably a good idea to follow how this plays out, in case leaders like
Cameron and Erdogan decide to take a page out of the same playbook.

~~~
tempodox
However, not every populace is as accustomed to falling into line with their
government as the Russians are. Russia is still about 200 years behind the
standards of civilization elsewhere.

~~~
rbanffy
If I were you, I'd stop at acknowledging most of them have no clear idea of
what a democracy, or even rule of law, looks like. On many aspects of
"civilisation" they are pretty much on par with the rest of the world.

------
EGreg
Native-sounding translation:

The cases of adding CloudFlare CDN-service internet addresses to the unified
registry of prohibited information have become more frequent. This is related
to the active use of the above service by sites which violate Russian law.
During attempts to ascertain the hosting provider of these websites, whois
reveals ip addresses belonging to CloudFlare, hiding information about the
whereabouts of the hosting provider of the actual site.

This makes cooperation of the ROSKOMNADZOR[1] with the actual hosting provider
difficult and basically eliminates the possibility of removing illegal
information in order to restore access to blocked resources.

CloudFlare representatives refuse to cooperate and do not respond to official
notifications by ROSKOMNADZOR.

As a result of CloudFlare's lack of response, many conscientious internet
resources using this CDN-service are falling under[2] blocking restrictions by
ISPs on Russian Federation territory.

To avoid similar problems, we recommend hosting websites using the facilities
of domestic hosting providers, which comply with Russian legislation in good
faith and restrict access, in a timely manner, to internet resources
containing information whose dissemination in the Russian Federation is
banned.

[1] Federal Service for Supervision in the Sphere of Telecom, Information
Technologies and Mass Communications (ROSKOMNADZOR)

[2] Unclear from the text whether this already happened or will happen

------
Donzo
"CloudFlare representatives refuse to cooperate and do not respond to legal
notices"

Ha ha. I wonder if they bother to translate these...

~~~
1ris
Why should they?

~~~
swandive
Because ummm... people are posting pirated files maybe? We've been fighting
this battle for a month now.

~~~
morkbot
Pirated files? I thought that's what vk.com is used for and Russian gov
doesn't seem to have any problems with it AFAIK.

------
joshfraser
This is why most CDNs like Akamai don't allow illegal sites to use their
service. You have a shared-destiny with all their other customers. If someone
goes after a site like Rescator for selling credit cards online or blocks
4chan for child-porn, your site can be affected because it's served from the
same Cloudflare network.

A few CDN's have build entirely separate networks with a different ASN's for
keeping their more questionable content away from the bulk of their customers.
I've not checked if Cloudflare have done this or not, but it would make a lot
of sense. This segmentation can really help. For example, a bunch of hacker
groups use Cloudflare and by putting them all on the same IPs, you can
magically stop them from DDOS'ing each other.

------
puppetmaster3
Related to CloudFare, I know what a real CDN is, but I'm not sure what
cloudfare does useful at all, ex:

[http://halfelf.org/2013/i-dont-understand-
cloudflare](http://halfelf.org/2013/i-dont-understand-cloudflare)

[http://pergento.wordpress.com/2012/02/01/cloudflare-
slowed-d...](http://pergento.wordpress.com/2012/02/01/cloudflare-slowed-down-
our-site/)

[http://amix.dk/blog/post/19627](http://amix.dk/blog/post/19627)

Like they tell you to use CloudFare w/ a CDN. what? It appears that they are a
good marketing company, and OK tech, but not clear to me what. Compare it to
real CDN Fastly or MaxCDN.

So other than marketing, what does Cloudfare do when you pay them?

~~~
celsoazevedo
Cloudflare is a CDN with security options (they stop bots, spam, ddos, etc).
In some cases websites load faster, in others load slower... you have to try
and see.

I'm using Cloudflare on 3 websites ($30/month) and on the last 30 days they
saved 4.9 TB in bandwidth [1]. The "5TB" plan on MaxCDN costs $299/month.

[1] [http://i.imgur.com/xqQ3Aea.png](http://i.imgur.com/xqQ3Aea.png)

------
dsabanin
Oh, how glad I am that I got out of that shithole.

~~~
anonbanker
Was working for CF really that bad?

------
pawelkomarnicki
Too many gay porn with Putin leaked perhaps ;) He must've been like "Kurva,
abort abort, block teh whole interwebs!" :D

------
weirdcat
From what I understand, the political aspect of the issue aside, the problem
is that if a site is served via CloudFlare, there's no easy way to identify
and communicate with the actual hosting company.

Off the top of my head, this could be solved by adding the origin IP in
CloudFlare's HTTP response headers. Am I wrong? Or this makes no sense (or
it's there already) and I just don't know what I'm talking about?

EDIT: Ha! Got downvoted, probably because someone thought I want to help
Russia censor the web. :)

Thing is, CloudFlare shouldn't be responsible for taking down sites, whatever
the basis of the takedown might be; this should be addressed at the host
level, not this or any other proxy.

~~~
krapp
>the problem is that if a site is served via CloudFlare, there's no easy way
to identify and communicate with the actual hosting company

Isn't that the the entire point, though?

~~~
weirdcat
I don't follow. I use CloudFlare to make my sites respond faster and be
protected from DOS attacks. Hiding the place where my files are stored is not
why CloudFlare exists -- at least I thought so.

Of course one might argue that revealing the origin IP exposes it to DOS
attacks, but this is a different issue.

~~~
krapp
That's basically what I was arguing - giving access to the origin IP
undermines its value as a service.

------
confluence
In the end, it's all geopolitics. US funds revolutionary Ukrainian groups in
an attempt to bring the Ukraine under the US sphere of influence, Russia
annexes Crimea in an effort to reinstate its sphere of influence, US threatens
visa restrictions on Russian elite, Russia begins to threaten companies that
act as extensions of the US on trumped up charges. And so the cycle goes.

~~~
mtrimpe
If the US funded the revolution in Ukraine it did a pretty damn good job of
finding a representative cross-section of the Ukrainian population to do so.

It's much more likely that it's a classic case of an economically failing
petro-dictatorship attempting to stay in power through the age old technique
of radicalizing it's population through cracking down on free media, ramping
up propaganda and starting some 'little wars' to restore former glory.

~~~
Elhana
It is a classic case of an economically failing superpower trying to stay
afloat with skyrocketing debt, shifting attention from it's internal problems
and feeding on wars in other countries. US keep supporting terrorists in Syria
and did so in all other uprisings they fueled. None of them ended well for any
of the countries involved so far - Libya, Iraq, Syria.

~~~
mtrimpe
Totally. If you'd have asked me five months ago which super power was most
likely to start the next world war I would've said the US. It seems we
overlooked and misjudged a player we thought was fairly harmless though.

