
Cloudflare Terminates Service to Sci-Hub Domain Names - jakobdabo
https://torrentfreak.com/cloudflare-terminates-service-to-sci-hub-domain-names-180205/
======
mjevans
This is terrible news in the chilling effects department.

The mere fact that CloudFlare and similar services are a "requirement" for not
being beaten in to submission for pennies of traffic flooding in to a website
is a clear design flaw of the global communications system.

No site or service should be forced to receive //every// bit of information
sent at it. Nor should they be forced to blackhole (route) /themselves/
(giving in to the terrorists) out of existence.

Clearly, we are lacking a means for pushing 'cancer' filtering over to the
source side of data transit. To the point where it becomes the problem of the
source ISP. "Block this customer" (for a while) and "don't send us any traffic
at all" (for a while; in response to /far too many/ abusive customers) are the
necessary solutions.

~~~
devit
Yeah, it seems like it should be possible to send a packet using a "firewall
rule protocol" to the DoSing IP address, and have any non-malicious routers in
between enact a rule that blocks traffic in the opposite direction (obviously
there needs to be either spoofing prevention, or the packet must be signed
with a certificate provided by the RIR to prove ownership of the source IP
address).

Why not do this? Is it impossible to design it in a non-abusable way, or is
there too much overhead to store and apply a possibly long list of arbitrary
blocking rules?

~~~
mjevans
Well, there would be the overhead, so more ideally you'd be submitting such
requests to an out of band network (possibly forward to such a CnC network
/by/ the routers along the way).

The command and control network would authenticate the source request via some
means and if it's authentic act accordingly.

The benefit of this is that it also allows for identifying infected or
otherwise abusive customers and actually being proactive about getting them
cleaned up.

Of course all of that degrades the 'customer' experience, and costs money.
Both of which are probably why no one does this right now.

------
bo1024
I am surprised that so many sites rely on cloudflare. I'm sure they provide
some very cool services, but I would be concerned both from

\- a design perspective (they are a somewhat single point of failure for much
of the web, and add complexity/potential vulnerability), and from

\- a control perspective, you are giving them control over your site and they
have shown themselves a capricious in the past as well as vulnerable to legal
coercion. (For instance, could a malicious actor take down a website by
sending CloudFlare fake DMCA notices?)

~~~
Kalium
You're right! That does seem like a lot of risk to be taken on blithely.

If I may offer a few points, in the interests of helping you understand why
people might make a decision that seems so obviously silly?

First, bandwidth is still fairly expensive. It adds up much faster than many
people expect. A CDN, especially one that doesn't meter or charge for
bandwidth, is a lifesaver. Yes, it's adding a complex potential point of
failure to your system. As you completely correctly point out, that is not a
desirable thing. However, what you get in exchange for that complexity and
potential failure is more controllable costs and a greater ability to fend off
some major attacks.

On the control point, you're once again absolutely right! With the potential
caveat that this puts CloudFlare on a level with every single other service on
the internet. Unless you're one of the few people who owns all the
infrastructure starting with your server and ending with a full backbone
network, you're already relying on capricious companies vulnerable to legal
coercion. So this isn't really a new risk for most people. It is, again, a
risk people take because they judge the costs and added risks to be worth
taking on.

And one would have to work pretty hard at it to get a fake DMCA notice
through. CF's legal department doesn't screw around.

So you're absolutely, completely, 100% right on all counts. It's a lot of risk
to take on, and your concern is wise and justified! For a lot of people, the
gains to be realized justify the risks taken.

~~~
pathseeker
>you're already relying on capricious companies vulnerable to legal coercion.

The important distinction is that you're relying on a local ISP, not some
company based in the jurisdiction of some foreign government (for everyone
outside of the US like sci-hub).

~~~
Kalium
Indeed! But there's more, you know? You're not just relying on your local ISP.

You're relying on every single local, national, and international ISP between
client and server. In many places, at least one of those is going to be owned
outright by a government that might take a keen interest in what bits it
transports. You're also relying on a variety of DNS providers and other
services.

The number of services that have to cooperate for you to use any given website
is staggering. And they're all capricious and vulnerable to legal coercion.

~~~
pathseeker
We're talking about take-downs, not wiretapping. Don't muddy the waters trying
to equate them.

I'm not aware of cases where a government has coerced someone like level3 to
drop a peering relationship to an ISP in a foreign government or conduct BGP
hijacking to take down a website under that governments jurisdiction.

Cloudflare is a significant risk for anyone pushing the boundaries of US laws
in a different company.

~~~
Kalium
Indeed! We are discussing take-downs, rather than wiretapping. You're
completely right, and I failed to be sufficiently clear previously. Any level
of ISP might be tasked with taking down content that flows over its wires.

For example, at one point a Pakistani ISP accidentally black-holed YouTube
worldwide (briefly) through BGP while attempting to comply with a court ruling
to block it.

------
jacquesm
HN is served up by Cloudflare. A pretty sizeable fraction of the internet is.

Cloudflare showing they could take down some websites because of their content
conveniently set them up to be a pressure point in other cases as well such as
this one. The argument that they are 'just a common carrier' and have no
influence over the content they serve went out the window that day.

~~~
drunken-serval
They were served a court order to stop serving Sci-Hub. They had attempted to
argue common carrier in a previous case and were told by the court that
argument didn't hold water.

~~~
jacquesm
Yes, and my point is they owe that to themselves. Exercise control over
content once and you lose any kind of common carrier argument that you might
want to make in the future.

~~~
tonyztan
>"Exercise control over content once"

Is this the incident you are referring to?
[https://www.theregister.co.uk/2017/08/16/cloudflare_ceo_dail...](https://www.theregister.co.uk/2017/08/16/cloudflare_ceo_daily_stormer/)

~~~
randyrand
I'd imagine so. And because of that move they lost their common carrier
argument.

~~~
thephyber
> And because of that move they lost their common carrier argument.

> "We could not remain neutral after these claims of secret support by
> Cloudflare."

So common carrier status is forfeited if a company reasonably terminates a
contract due to the actions of the other party?

~~~
tedivm
Honestly part of the problem with this discussion is that people are just
making stuff up. CDNs never had "Common Carrier" status, so all arguments
around it make no sense.

That being said, this argument is a recurring theme. It came up when spez
edited comments on "/r/the_donald" and comes up any time a company enforces
it's own TOS to a way the alt-right and libertarian crowds don't like.

I can come up with dozens of examples of companies exercising control over the
content of their networks without issue. Reddit removed "fatpeoplehate" and
related subs, youtube removes terrorism recruitment videos, and even
Cloudflare removes malware (if pushed hard enough). None of those cases
resulted in this mythical "common carrier" status from being removed, or
caused them legal issues in other ways. If I'm wrong it should be easy enough
to come up with examples proving it, but that won't happen.

~~~
pathseeker
>to a way the alt-right and libertarian crowds don't like.

sci-hub is appreciated by far more people than the alt-right and libertarian
crowds. Is there any particular reason you felt the need to try to politicize
it?

~~~
tedivm
Please reread what I said. My comment had nothing to do with sci-hub at all- I
am explicitly talking about the people who keep bringing up the "common
carrier" claims whenever someone removes content they don't like.

For some reason the alt-right has been all over this claim, and they use it
whenever they get censored (either on reddit or twitter), and the libertarian
crowd does the same here on this website.

Also, I do want to point out something- saying that someone's argument isn't
valid because they have a misunderstanding of the law is not the same thing as
taking a side. I think sci-hub is awesome, but I'm not going to defend it by
making stuff up.

~~~
syshum
>>the libertarian crowd does the same here on this website.

I have never seen "the libertarian crowd" (of which I count myself a member
of) use "common carrier" language on anything outside Internet Service
Providers, NN, and Title II regulations.

We defend free speech, and want to hold organizations that claim to support
free speech to actually supporting free speech, We believe if a website says
"They support free speech and want to allow free exchange of ideas" that they
actually uphold those claims... to make a public claim of supporting free
exchange of ideas or free speech on your platform then use heavily handed
censorship is in our opinion very similar to bait and switch fraud and should
be considered as such under the law even if you sneak in some provisions on
page 100 of your 8point font legalese terms of service...

I know we libertarians are soo crazy with our ethics and principles...

------
izuchukwu
To those unclear, Cloudflare is terminating Sci-Hub due to court order, not
their own censorship.

~~~
toomuchtodo
Terminating Stormfront voluntarily discredits any attempt at common carrier
status.

EDIT: I'm unsure you can argue, with a straight face in front of a judge, that
you're a common carrier when you've publicly blogged about determining to
terminate a user because you felt like it. I'm not judging Cloudflare
(anymore), just observing the pickle they've put themselves in because of
their own decisions.

~~~
epistasis
Edit: more connected than I thought it was!

Explanation for why I downvoted your comment:

Your comment is completely unconnected to the statement above it. It's only
connected to the story in that Cloudflare was involved with both, but if
you're going to try to connect it to this story your comment should go at the
top level. But connecting a highly controversial subject to this one by
posting inflammatory comments does not seem to be a good way to connect these
two different stories.

~~~
stale2002
Well, it is connected because it has to do with cloud flare being a common
carrier or not.

If cloud flare hadn't effectively given up its status as a common carrier, by
blocking stormfront, maybe it would have been able to defend itself from the
sci-hub court order.

Cloudflare being forced to take down content in the future is exactly what
people predicted when they decided to give up their status as a common
carrier.

~~~
hedora
They were never a common carrier. “Common carrier” is a well-defined legal
term that does not apply to them.

In related news, I did not give up my status as a fish by breathing air.

~~~
stale2002
Tell that to Cloudflare.

They are trying very hard to be a common carrier, because they want the legal
protections that it provides them.

But, because of their actions, they've lost the court cases, and are unlikely
to recieve that status.

------
jimrandomh
Sci-Hub pits US law against morality, public sentiment, and public interest
much more directly than usual. Unfortunately, the US government is not the
sort of entity which can notice itself being a villain, or notice itself
burning its credibility.

~~~
lucb1e
Is it just because I'm not a native speaker, or is that very cryptically
phrased? I'm really not sure what you are trying to say, for or against the
termination.

~~~
smichel17
Native speaker. It is understandable (explained in sibling comments) but
definitely puts eloquence before readability.

------
jerheinze
Looks like their onion service is also down:
[http://scihub22266oqcxt.onion/](http://scihub22266oqcxt.onion/)

Can anyone test their i2p eepsite as well?

~~~
akerro
Sci-Hub should host an IPFS node with all their contents. Once owner sets-up
IPFS directory, owner can update it (it's not static like torrents), other
nodes will download changes, it will be distributed, censorship-resistant and
shared between community of people who pin directories on their PCs and ARM
computers.

Another similar solution would be to setup ResilioSync or LibreVault
repositories, again makes it decentralized by P2P, there are public
repositories so anyone can join and leach/seed files, owner can update files.

I'm surprised they're not doing it already.

~~~
jerheinze
First off, there's a difference between Sci-Hub (no content is hosted, only a
portal) and LibGen. Papers downloaded from Sci-Hub are hosted in the latter.
And secondly, they do offer torrents as a P2P solution:
[http://gen.lib.rus.ec/repository_torrent/](http://gen.lib.rus.ec/repository_torrent/)

I'm not familiar enough with IPFS, but I think once onions play nicely with
IPFS (i.e. when this is solved[1]), then it could be very promising. I'm not
sure how censorship resistant it could be.

[1] :
[https://github.com/ipfs/notes/issues/37](https://github.com/ipfs/notes/issues/37)

~~~
akerro
> they do offer torrents as a P2P solution:
> [http://gen.lib.rus.ec/repository_torrent/](http://gen.lib.rus.ec/repository_torrent/)

yes, that's the problem. Once you have a torrent they can't add new files to
the torrent, they have to make a new one, and you have to download the new
one.

Also this website is blocked in the UK.

~~~
jerheinze
> Also this website is blocked in the UK.

Use the Tor Browser to access it:
[https://torproject.org/download](https://torproject.org/download)

~~~
akerro
I have a VPN at home.

------
scientician
Can I offer my computer to Sci-Hub to store and retransmit encrypted content
for them? If I could run software that would assist Sci-Hub, I would.

Is anyone else doing something similar?

Sci-Hub is important - it's one of the most important resources we have today.
How can we support Sci-Hub?

~~~
john_minsk
PopcornTime for Sci-Hub?

------
ftoo
To the people upset with CloudFlare: please explain why it is better for
random startups and multinational corporations to set and enforce policy, than
for elected officials and governments and courts. Because that’s basically
what you’re saying...

~~~
kinkrtyavimoodh
People upset with CloudFlare are not asking CloudFlare to set up policy
instead.

They are saying CloudFlare should behave like a common carrier and NOT have
any policy to begin with.

But Cloudflare already lost that privilege. And now the Common Carrier
Chickens are coming home to roost.

~~~
matt4077
"Common Carrier" status is granted by the FCC to certain communication
companies. It is not something acquired by (not) acting in a certain way.
Example: You can't just run the mafia's books and "I'm a common-carrier
accountant; I don't get involved in my customers' business".

~~~
dogma1138
Common carrier is a legal concept which goes way beyond Title 2.

Public transport is a common carrier in the US oil and gas pipelines are also
common carriers they don’t ask the FCC to classify them as such.

------
acd
There is other delivery networks that work peer2peer such as IPFS, Bittorrent
and websockets p2p cdn.

~~~
viraptor
Are you prepared to host and distribute copyrighted documents from your home
connection and publically advertise that to the whole world? Because that's
what P2P really means in this case, unfortunately.

~~~
RRRA
If a little civil disobedience is what it takes to save public access to human
knowledge, than so be it...

~~~
aaron_m04
Yes, but if you get caught right away, you aren't maximizing your impact. It
would be better to use P2P with anonymizing layers.

------
wolco
Cloudflare is on a path to no where. The more services they ban the less
attractive they are.

~~~
web007
You are speaking only from a free-speech perspective.

As a business user, I would absolutely want $CDN_PROVIDER to only allow /
serve traffic in compliance with the laws of my country. I wouldn't want any
chance of my non-controversial content being blocked because some third-party
caused my host to be removed from the internet, either by direct action (BGP
blackholing / similar) or by side-effect (IP or block being added to $FIREWALL
blacklist).

~~~
wolco
When they change your acceptable content to non-acceptable content it might be
too late to protest.

------
markdown
I can't stand companies like Cloudflare that won't let you contact them to get
support. My phone was stolen and with it my 2nd factor. Now I can't get in,
and you can't access any support whatsoever without logging in first.

So now I have to transfer all my domains away from them and go through all the
trouble of setting up DNS elsewhere.

~~~
slig
Their CTO is always here on HN. Try to reply to him.

Also, use a app such as Authy to store your 2-way tokens.

------
thecodeboy
You can access Sci-Hub at [https://5ly.me/scihub](https://5ly.me/scihub) .

------
zerostar07
sci-hub.tv and sci-hub.hk seem to work fine

why would they want to mess with cloudflare anyway.

------
saagarjha
We're going to see this kind of thing happening more and more as Cloudflare
receives takedown requests from every copyright association. By taking down
websites, it signaled to the industry that Cloudflare was a viable place to go
to if they wanted things to be removed from the Internet. Cloudflare dug this
hole for themselves, and it's going to be very hard for them to go back to the
"dumb pipe" status they enjoyed before.

------
stevefan1999
Well, at least we still have SciHub access through Tor

------
IntronExon
_According to Sci-Hub’s operator, losing access to Cloudflare is not
“critical,” but it may “cause a short pause in website operation.”_

There is some kind of weird disconnect between the reality of distributed
communications, and people/companies who seem to think that they have a prayer
of stopping them. You’d think that the near implosion of the music industry
would habpve be a clue though. Where there is demand and anti-consumer
practices, there will be piracy.

Is it just that people making these decisions are ignorant, or emotional? Does
anyone know?

~~~
stfwn
> You’d think that the near implosion of the music industry would have been a
> clue though. Where there is demand and anti-consumer practices, there will
> be piracy. Is it just that people making these decisions are ignorant, or
> emotional? Does anyone know?

Wow. That is harsh.

The current state of music is that artists need about 4 million Spotify plays
per month to make minimum wage ($1160) [1]. That's assuming the artist does
not have to share the revenue with anyone and not counting the time needed to
break even on the initial investment (if you even manage to break even before
the recording is 'old' and you're up for a new one).

Realistically there is no money in recorded music anymore except for the John
Mayers and Taylor Swifts, so nothing has been solved in that industry and
there is no 'clue' to get.

There was a legitimate source of income, then technology devaluated the
product to oblivion. It's not worthy of damnation that those in an industry
that is being levelled with the ground are caught off guard and attempt to fix
their problems.

It would do us good to empathise with the people in these industries, because
there are going to be a heck of a lot of them in the coming years. If we value
the product of their labor we should want to offer them an alternative source
of income instead of berating them.

[1]: [https://informationisbeautiful.net/2010/how-much-do-music-
ar...](https://informationisbeautiful.net/2010/how-much-do-music-artists-earn-
online/)

~~~
cortesoft
That is pretty misleading to reference 'minimum wage' in regards to how much
money a band makes from streaming. A wage is determined by hours worked /
revenue. Once the music is recorded, they aren't 'working' anymore hours, so
how would you figure they need $1160 a month to make minimum wage? They aren't
working any hours while that music is being streamed.

If you wanted to figure out the wage, you would have to take the number of
hours spend creating the music (writing, practicing, recording), then divide
by (revenue from streaming - costs to record). Since that streaming revenue
can keep going long after they are done recording, you are going to hit
minimum wage if you wait long enough and people keep streaming your music.

Artists deserve to be compensated for their work, but we should be thinking
about it in terms of income per hour worked. No other job expects to be paid
forever for work done years ago; if someone hires me to build a fence, I don't
expect to keep being paid for every year that fence is up.

~~~
stfwn
> Once the music is recorded, they aren't 'working' anymore hours, so how
> would you figure they need $1160 a month to make minimum wage?

I completely agree. The minimum wage figure was just a reference point that
aligns with the way we pay for it: monthly. It's ridiculous music has (been)
moved into this area.

The same problem is in the software industry now. More and more companies move
to subscription business models simply because a pay-upfront model isn't
viable anymore. Sure, it's great to support developers in their endeavours,
but what if I just want to buy _this exact version of the app_ and decide for
myself if I want to pay for bug fixes and extra features later? Maybe this
version is fine for me. But the new business reality doesn't allow for this.

Anyways..

> No other job expects to be paid forever for work done years ago; if someone
> hires me to build a fence, I don't expect to keep being paid for every year
> that fence is up.

The entire intellectual property licensing space works in this way, and that
space is badly broken. I agree that there's no moral requirement to pay
someone for work done years ago, and the reality is that most musicians really
aren't. A quality recording takes a long time to make and its average lifespan
is about a year (if that) before attention (if any) dies out.

On top of that it requires a big investment to record, produce and promote an
album (consider also a new website, logo and album art) and then after all you
have to share the $0.00029 per song play with about five people _and_ the
label. You're lucky to break even at all.

------
s2g
Need alternatives outside the reach of the us government and other hostile
entities.

------
dingo_bat
I don't see the issue. We were all ok when daily stormer was kicked off the
internet by godaddy and google. Apparently companies are within their rights
to shut down anything they don't approve of. So wtf is the problem now?

------
lucb1e
Really disappointing of Cloudflare. I thought they were above this.

~~~
gtirloni
Above the law?

 _> Cloudflare has received the attached court order, Case 1:17-cv-OO726-LMB-
JFA_

I must clarify I'm not saying this is fair or unfair, I just doubt CloudFlare
has much room for maneuvering.

~~~
lucb1e
Oh, my bad. The bold text on top says they "seemed to offer no resistance this
time," which made it sound like they could have. I should have read on and
seen your quote.

------
aminorex
Time for our sites to switch to keycdn or cachefly. I am not going to support
cloudflare with my business any more.

~~~
johannes1234321
Since those ignore court orders? Which in turn means they would ignore court
orders if you sue them. Cloudflare didn't act on their own ("Cloudflare has
received the attached court order, Case 1:17-cv-OO726-LMB-JFA")

------
breakingcups
As much as I'd rather see it happen to something other than Sci-Hub, I'm glad
Cloudflare is being held accountable for their hosting services.

Their "we're only a neutral pipeline" spiel is complete bullshit and I'm glad
they are being held accountable for it.

(Short version: They are not neutral because they provide a paid service for
the websites they host.. Yes, in some cases it's a free service but in that
case you are still "paying" in good publicity. The fact that no money changes
hands doesn't suddenly make them a neutral party.

They are also absolutely a hosting provider. Even though they don't host the
central, permanent, authorative data of the sites themselves, they still host
plenty. They store images, code, stylesheets even complete pages in their
cache. The data is on their servers, being pushed onto the internet from their
ip's. They host the DNS. They can even host some business logic with their
page rules.)

Without going into whether the rules that apply to webhosts are fair, it is a
very good thing that Cloudflare is being held just as accountable as any other
service provider. Their IP's, their responsibility just like any other party.

Edit: Those downvotes came quick. Care to comment on why you think Cloudflare
should be held to a different standard than a traditional hosting provider?

~~~
makecheck
By this logic, you must want us to hold counties accountable for the highways
they build. After all, every truck full of illegal material is driven down
roads that somebody built; gee, if only those road builders took a more active
stance to enforce the law. Come on.

~~~
yosamino
That is not the logic. The logic is this:

Cloudflare serves up illegal content, let's say a phishing site.

Cloudflare refuses to stop serving the phishing site.

Cloudflare refuses to disclose who they are serving the site for.

By using your metaphor, the county would not even send out the sheriff to
prevent a shipment from illegal material being driven over their highway once
they were aware of it and would just flat out refuse to cooperate with state
police.

It's not up to Cloudflare to decide what content is or isn't illegal. But
Cloudflare actively prevents investigations to even start determining whether
or not something is illegal.

~~~
notyourday
> Cloudflare refuses to stop serving the phishing site.

You name cloudflare and a provider of the phishing site in a lawsuit. It makes
it through courts. Cloudflare is unlikely to attempt to defend it. Your
attorneys figure out how as a part of the redress get an order for cloudflare
to disconnect the phishing site. You hire appropriate parties to service
Cloudflare. Cloudflare disconnect the phishing site.

That's exactly how it is supposed to work.

~~~
yosamino
> a provider of the phishing site in a lawsuit.

Except CloudFlare refuses to name such an entity. All they're willing to do is
forward my complaint to the "provider of the phishing site".

So they're willing to violate my privacy and put me in danger by possibly
forwarding my details to possible criminals, but they refuse to do anything
about the actual problem.

They say they will

> put a warning page up for when visitors try to access the specific link. We
> will also notify the site owner to have them clean the malicious files on
> their site. [0]

but that's a flat out lie. I've tried this avenue numerous times.

I shouldn't have to go to court for what is basic network hygiene.

What you're advocating is like having google, disable their spamfilter and me
then having to sue every single spammer that sends me spam mail.

[0] [https://support.cloudflare.com/hc/en-
us/articles/200167736-H...](https://support.cloudflare.com/hc/en-
us/articles/200167736-How-do-I-file-a-phishing-complaint-)

~~~
notyourday
You file a lawsuit. Support article always loses to a court motion.

