I'm not sure if you're playing along or if you entirely missed his point. Of course it's a bad argument, just like when it is used by cloud flare to protect the ddos site they are hosting while they often remove other stuff. That's the hypocrisy he is pointing out.
But it's not hypocritical in the least. CloudFlare is not in the business of removing customers based on site content. Google is. It's entirely reasonable for CloudFlare to expect Google to clean the caches without having to consent to being internet cops.
Child pornography sites are easy to isolate and remove. There's a database of md5 hashes for images that are considered illegal; if you're a CDN you are likely already calculating the md5 hash of all images passing through your system as part of your caching process.
If you find any site has a large number of illegal md5 hashed images going through it; then just remove the site.
Piracy sites can be isolated by checking for keyword clusters or seeing if they're directly serving torrents, or banned hashed content.
We do something similar at work to sanitise image data---by policy no one actually looks at the content, but if you match against previously banned content for DMCA reasons, we drop your data.
DDoS sites though? How can you tell some site individually is part of a network to DDoS another?
These sites aren't performing DDoS, they're advertising DDoS services/tools. This makes them prime candidates for targeting by other DDoS services, hence the importance of being behind CloudFlare. If you can use keyword clusters to find piracy, DDoS advertisements aren't too far away.
Or they could just remove them when someone points them out to them, which is even harder to explain when you're already working to suppress child pornography and piracy sites using your services.
MD5 hash detection is easily avoided by changing the files by one bit. But if they're using PhotoDNA that's actually quite plausible, and they have my full support (err, I mean, censorship! Slippery slope! Where's the court order?)
Keyword clusters would work just fine for flagging DDoS attack-for-hire content:
They say they are 'legal' and perform 'stress tests', and 'distributed performance analysis' or 'real world testing'.
Granted I'd never use something as shady sounding as ddos.xyz, but they are plenty of legit companies that do the exact same things.
You'd need a bunch of manual review, and even then it'd become a "we think they're shady" instead of a "they're objectively sharing known illegal content" like it is with illegal pornography or copyright content.
Cloudflare understandably doesn't want to get into the business of being a company that manually reviews the internet (in how many languages?), and boots people who don't meet its tests.
neither is google in the bussines of removing the content, they have to remove it if they get the legal request, or they remove it based on some internal rules.
