
Project Galileo: five years of protecting the vulnerable online - jgrahamc
https://blog.cloudflare.com/project-galileo-fifth-anniversary/?a
======
joshAg
I think the most impressive part is that they partnered with organizations for
determining who to add to the project from the beginning instead of trying to
do it in-house. That's kind of a pleasant surprise compared to typical
attempts for projects like this where it feels like NIH syndrome applied to
social sciences or philosophy.

------
Slippery_John
I've been really impressed with Cloudflare lately between this, 1.1.1.1, and
warp. It's nice to see a large company find ways build up their business by
supporting the public good.

------
legostormtroopr
Reading this post just concerns me more than anything.

DDoS protection is pretty much vital infrastructure for any web site, and
Cloudflare is one of the first and largest organisations that provides this
service. Infrastructure of this scale and this importance should be impartial,
but this is more evidence that CloudFlare isn't.

For example, Cloudflare at the whim of Mathew Prince pulled service for white
supremacist site "Daily Stormer" [1] - because they made claims of support and
their content "made him angry".

The message is clear, if your content makes a CEO angry your site may be
DDoS'd off the internet (eg. Daily Stormer), if your content getting DDoS'd
off the internet makes a CEO "sick", then you'll get special treatment (eg.
Ukranian Newspaper).

Would this blog post be as warming to people, if Cloudflare didn't help the
newspaper because it supported Russian claims over Crimea?

Regardless of your content, if your content is legal, the political whims of
tech CEOs shouldn't be what ensures you have consumer rights.

[1] [https://blog.cloudflare.com/why-we-terminated-daily-
stormer/](https://blog.cloudflare.com/why-we-terminated-daily-stormer/)

------
jgrahamc
This Wired article has some good quotes from organizations using Project
Galileo: [https://www.wired.com/story/cloudflare-project-galileo-
prote...](https://www.wired.com/story/cloudflare-project-galileo-protect-
nonprofits/)

------
_wmd
> He followed our run book and triggered a FINT — which stands for "Fail
> Internal" — directing traffic from the site directly back to its origin
> rather than passing through Cloudflare's protective edge. Instantly the site
> was overwhelmed by the attack and, effectively, fell off the Internet.

So if I'm understanding this correctly, free users have their backend servers
and hosting provider information exposed to an attacker _right when that
information needs to be kept secret the most?_ This is nuts. Can someone
clarify whether CloudFlare still do this? I can think of 100 scenarios where
it would be better to just pull the zone (or similar) and let the site go down
instead

~~~
judge2020
This stopped being the norm as Cloudflare's footprint grew, and formally
stopped with this blog post [https://blog.cloudflare.com/unmetered-
mitigation/](https://blog.cloudflare.com/unmetered-mitigation/).

~~~
292355744930110
After reading that, I'm not sure what Galileo provides considering that don't
FINT anyone.

~~~
eastdakota
There are a lot more controls and features for our higher tier security
services that Galileo participants get for free. And there are a lot of
security threats we help protect them from that go beyond DDoS. But, you're
correct, the experience of dealing with the nation state-level attacks that
Galileo participants face on a regular basis was a big part of what encouraged
us that we could make Unmetered DDoS Mitigation free to all Cloudflare users
approximately 18 months ago.

------
jlawson
Serious question - Are they serious about being evenhanded? Or did they just
handpick a list of organizations with the same politics as them to serve as
cover?

I guess this should be easy to tell. Are any of their partner organizations
doing work to protect 2nd amendment rights, or supporting pro-life causes? I
couldn't tell.

From my priors my first guess would be that this is a left-activist effort
masquerading as a universal protection. But I'd be pleasantly surprised to
discover that they're serious.

~~~
eastdakota
We worked hard to try and get conservative and libertarian organizations as
partners including the CATO Institute and the Heritage Foundation. They
originally objected because they couldn't understand what was in it for us
(Cloudflare). I think over time we've proved that we're serious about the
Project and the idea of having global, diverse partners with different
perspectives.

If there are potential partner organizations that you think represent a point
of view, whether politically or geographically, that the current parters do
not, I would encourage you to have them apply:
[https://www.cloudflare.com/galileo](https://www.cloudflare.com/galileo)

~~~
ForHackernews
> They originally objected because they couldn't understand what was in it for
> us (Cloudflare).

This is hilariously libertarian.

~~~
Slippery_John
If nothing else it's advertising. "We have the capability to regularly defend
against attacks from state-level actors."

