We have a client that had someone make a direct copy of their website, same branding, same everything and put it on a domain running through Cloudflare. We've reached out to Cloudflare to get them to take it down but nothing has been done. You also have a Cloudflare account to file a complaint, which I found to be odd. We're a Cloudflare customer too...but still that shouldn't be a hoop you have to jump through. Now there is this identical phishing site out there that Cloudflare reverse proxies and we can't see who registered the domain or who hosts the site (since Cloudflare masks the IPs.)
This really doesn't seem like Cloudflare's problem.
Did banks sue the Ford dealer for selling big V8 getaway cars to bank robbers? Or the city for operating the roads that they used to get away? Or the toll collector for letting the bank robbers cross a bridge after they paid the toll?
No, because any of those things would have been ridiculous.
At some point we as a society are going to have to get off this intellectual property high horse.
Maybe we should stop trying to protect things that are easy to copy like website designs and wedding dresses. The enormous effort to try and protect these things damages society more than the benefit that even a successful outcome might have for a rights holder.
> Maybe we should stop trying to protect things that are easy to copy like website designs and wedding dresses.
Right, but the website is being used to scam customers and steal their information. So, that's not even the same thing. It's like Cloudflare protecting people that send out spam phishing emails that look like PayPal, etc. It's not just because the site was copied outright, though that's bad enough. It's about tricking customers entirely. It's literally fraud.
Crimes should be investigated by law enforcement, not Cloudflare.
Cloudflare is not Batman.
(Edit to add: yes, I'm aware law enforcement is often useless when it comes to cybercrime. But that's what we need to fix, rather than encouraging private companies to act as vigilantes.)
OK, this is actually an amazing framing, because it honestly does seem like way way too many otherwise-smart people seem to prefer the idea of all of their problems being solved by corporate vigilante billionaires--such as Cloudflare or Apple--than government, without seemingly caring about the negative effects of having justice dolled out by caped crusaders who do whatever they want while police are told to get out of the way...
I have raised this same argument many times in various debates on Right to Privacy, free speech on online platforms etc.
One counter point that regularly comes up is that people have become cynical of the system and feel that it doesn't respond to their need fast enough or even in an easy and accessible manner. This is partly true. Laws and regulations still haven't caught up to the various things online platforms are trying at a fast pace. (And that's by design in mature democracies - politicians are supposed to observe the effect of something on a society before deciding the best way to legislate on it). And thus people are being forced to turn to the corporates instead to address their need.
I mean, who wouldn't prefer to just yell at Twitter or Facebook to take down a post compared to the convulated process of the judiciary to do it legally?
Thankfully, the governments around the world are finally starting to debate laws and regulations on Privacy, Right to Repair, etc. are starting to legislate on it.
I dont understand how US got to to this point, having tech companies making morale judgement and law enforcement on pretty much every issue.
This is not being snark, troll or whatever you what to call it. I am genuinely curious. How? Why? Did we arrived here.
At one point you thought this is some thing that are amplified by social media, and they are a small minority. You ignore Social Media. Then you see this even on HN, or some other specific / niche forum. And someday you meet people in real life who actually believe in it. That company should do the right thing. And these people are suppose to be smart, from an educational or pay grade scale.
No one is advocating that Cloudflare should be the moral arbiter tasked with policing all sites on the internet, and what you are complaining about is actually the opposite of what is generally true on the internet today -- it is far, far too easy to take down a website with a frivolous or even completely fabricated DMCA claim. For cases like this where there is legitimate fraud going on, there is a well-established legal process to follow -- get law enforcement involved, get a warrant, require cloudflare to release information on that particular customer through the legal process, get ICANN to revoke the domain if you own the trademark, etc. It shouldn't be as easy as "send a quick email to cloudflare and the site goes down". This is by design -- only in extreme cases should stuff get taken down. Please stop trying to make it easier to censor the web.
Lets also not forget about fair use -- right now the TOS on Youtube and Twitch counts cases of legitimate fair use, like using a 10-20 second segment of a taylor swift song in a gaming montage, as an automatic DMCA strike. Slowly but surely they have eroded the definition of fair use to basically mean there is no such thing as fair use in practice. Complain about that shit instead?
>No one is advocating that Cloudflare should be the moral arbiter tasked with policing all sites on the internet,
Except that is what I see both on and off the internet. That is why I raised the question. Especially where there is a distinction between Hosting provider and transit provider. It would be more appreciated in this case to be writing to the site's host and not Cloudflare. ( Unless it is hosted on Cloudflare workers then we would have argue it differently ) Or as OP have pointed to the different about banks. It is all about different layer of stack, which people often seems to lump it all together.
DMCA is completely separate issues. But I do agree DMCA is being misused a lot.
How? Attacks against companies not complying, through court is one type of attack, boycot, not to forget lobbying that endup having our representative legislate to make companies responsable.
If you wonder how it got so far, I think the fact as individuals we don't care what isn't right, so long as we personally don't really get impacted.
Why? Because, money for the most part. If you can't see the money incentive then it's about control. And if you can't control yourself, compel those who can to do so, it's even cheaper.
> I dont understand how US got to to this point, having tech companies making morale judgement and law enforcement on pretty much every issue.
Because the institutions that should have handled these responsibilities got broken down intentionally due to "starve the beast" libertarian ideology. Congress is gridlocked and plagued with cronyism, corruption and obstructionism for decades, and the fact that FPTP leads to extreme polarization doesn't help either.
Regarding law enforcement, the problem is similar - the fact that police unions are so powerful that they can threaten democratically decided reform projects (e.g. https://www.newyorker.com/magazine/2020/08/03/how-police-uni...) is maddening in itself.
The end result is a weird form of anarchism - trial by public, one may call it IMO... in the absence of government regulation - no matter if due to incompetence, old age of those in decision-making power or bribery - individual actors simply do whatever they want (aka makes the most profit for them), unless the pressure of the public in form of protest campaigns reins them in a bit.
>Because the institutions that should have handled these responsibilities got broken down intentionally due to "starve the beast" libertarian ideology.
Historically, the position of liberal/libertarian free market advocates has been that protecting and enforcing property rights is a core responsibility of the state - one of very few core responsibilities.
You can probably find some fringe opinions that would question even this limited role of government, but I think you're going to find it very difficult to demonstrate that this is a significant political force.
Underfunding or general ineffectiveness of the judiciary and law enforcement can be a consequence of many political and organsiational failures. You can find it in many countries around the world that could never be called remotely libertarian.
> Because the institutions that should have handled these responsibilities got broken down intentionally due to "starve the beast" libertarian ideology. Congress is gridlocked and plagued with cronyism, corruption and obstructionism for decades
Libertarian ideology famously pro-cronyism, corruption and obstructionism?
If a stated principle conflicts with common behaviour, then you focus on the behaviour. People/organisations aren't incorrupt just because they claim to be.
Conservative isn't the same as libertarian. Libertarians vote for Conservatives because they're the closest thing they've got, to my understanding.
If they have a choice between people who overtly want to move more power to the state, and those who say they don't but sometimes do, they're going to pick the latter.
You seem very confused on the basic concept of morality.
It used to be perfectly legal for companies to openly refuse to hire or serve black people, or even let them in the building.
Many people felt this was morally wrong, even though it was legal. And now we're talking about something that is illegal.
If your company freely does business with a company like this, would you really be surprised and shocked that people would also judge you for doing for business with them?
Wouldn't you expect a company to do the right thing and refuse to work with openly racist and/or criminal companies?
If a newspaper was printing false ads from a person impersonating a company and committing fraud, wouldn't you expect them to stop printing the ads?
It's one thing to expect companies to act on their own initiative, but to do nothing when the problem is proactively reported to them borders on negligence.
I think to make a comment like that you also have to explain why they have that obligation, especially in light of the downsides of them having that responsibility/power being as large as they are.
Exactly. They should also explain why Cloudflare should have the right. Once they have the power to turn off websites, that power can be abused. Do you switch a site off because it broke a law? Which law? In which country? Iran? Or China? Did it upset someone? An Imam? A politician? A bearded wokebro? Your grandmother?
5 years ago I might have agreed that Cloudflare should intervene a lot more. Now I don't.
It's like bad software architecture. Imagine we already have a security module responsible for deciding what requests are properly authenticated and authorized. And we have a service module responsible for some of the processioning of requests. Now someone comes along saying they think the security module isn't doing a good enough job - and their proposed solution isn't to fix the security module, it's to let the service module do request authorization too. And not even by asking for input from the security module about what should be authorized, or having a shared definition of authorization rules that they both rely on, but by letting the service module decide on its own what it thinks should be authorized. You'd tell whoever proposed that, our system already has that responsibility living in a single place, and spreading it out to multiple places is how you turn your code base into an unmaintainable mess, thankyouverymuch.
Sorry, are you asking why Cloudflare has a right to terminate a business relationship?
The most immediate reason for that is of course that you grant them that right when you sign the customer agreement, the default one even containing:
> Additionally, we may at our sole discretion terminate your user account or suspend or terminate your access to the Service at any time, with or without notice for any reason or no reason at all.
Because there is documented illegal activity going on? If hotel staff were alerted to a murder within their hotel, they would respond by calling the police, not sitting on their hands because the murderer paid for the room.
Calling the police on discovery of a death is their duty, ejecting the alledged murderer is not. What you're talking about here may be akin to giving Cloudflare the power and the obligation to act as police force, judge, jury an executioner.
Besides, if a domain owner can switch to Fastly, Akami, Cloudfront or any other CDN, are we really solving this problem in the right place, or are we just giving Cloudflare extra responsibilities and powers that they shouldn't have?
Cloudflare isn't even telling the police any of this information. They took it from OP, said "OK, we will continue to profit off this client," and swept it under the rug. They don't have to be the judge jury and executioner here, they should however pass that information along to said legal system rather than continue to turn a profit off of the criminal behavior.
..._alleged_ phishing site. Who says the OP isn't the actual phishing site? Just because he posted here, we know for sure that he is the good guy and the other party the bad guy?
It seems obvious that something phishy is going on, but that's for law enforcement to figure out. They can then instruct Cloudflare to take down the infringing site. It's not up to a random individual to tell Cloudflare to take down random sites, and it's not up to Cloudflare to decide on questions of law.
It's "innocent until proven guilty in a court of law", not "innocent until accused by a random dude on the internet".
This is such a stupid way to think about it ("but what even IS malware") and you're obviously completely ignorant as to how threats like phishing are handled.
You are right that cloudflare doesn't have to take down the site, but the fact that they aren't, you know, forwarding this information to law enforcement for them to decide, and instead opting to continue to collect profit from the phisher really looks like aiding and abetting from the outset.
That's really the job of the injured party, not Cloudflare.
If someone calls my office and tells me that one of our customers is doing something illegal, I will not, under any circumstance, forward that information to law enforcement. Why would I? All I have is an unproven accusation by someone I know absolutely nothing about! What, exactly, is stopping the person making the accusation from calling the police himself, instead of me? Why is he contacting me - is that because contacting the police would get him into legal hot water? If so, would it be wise for me to act as his unpaid proxy in this? No, of course not!
Again, we still don't even know if the person making the accusation is in fact the injured party, or guilty of the very fraud he is accusing the other website of! Why are you trusting him at all? You don't know either party, you don't know the websites, so what are you basing your preference on?
The law also says that its matter should be decided by a judge, and specifies how disputes should be handled. Cloudflare has not been appointed judge, nor is it a venue recognized by law for bringing disputes.
Then cloudflare should respond by forwarding this information to the authorities rather than sweeping it under the rug and continuing to collect money from the phishing website
If someone is running a meth lab on the property only accessible by your private road, and you know about it...you're complicit in the crime. Also, because of Cloudflare's reverse proxy you can't see who their host is, and with private registration you can't see who is behind it all. You have to go through a huge legal obstacle course just to prevent your customers from being scammed when Cloudflare could literally just flip a switch. Google will remove scam ads from its platform, though it doesn't host the websites behind them...it's basically the same thing. It's a means of operating the scam.
> If someone is running a meth lab on the property only accessible by your private road, and you know about it...you're complicit in the crime.
Uh, no I am not. It is illegal to landlock someone, this is a pretty common thing in rural areas.
Let’s say I purchase all of the property between person X and the highway. Well, he has to have access to it so I have to give him a right of way. But that doesn’t make me the police. He’s responsible for what he does, not me.
Or, if you think this is a grand idea, I think landlords should be responsible for crimes committed by tenants. If you make that a co-condition of these ridiculous IP laws they’d all be dead and gone in a week…
There are numerous accounts of illegal activity at hotels, hostels, government sanctioned housing, college rental properties, and any privately owned, leased property, but no one, ever has been held accountable for illegal behavior (like domestic violence, illicit drugs, underage drinking, etc), so why should a SaaS?
OP has done the equivalent of alerting the front desk of illegal behavior taking place in their hotel. At that point they have an obligation to act. What hotel goes "Duly noted about the drug dealer in 302. He does pay for his room though so we aren't going to bother him."
If that illegal behavior does not seem to be likely to harm either the room or other guests, I feel like the people who are saying that not only "the correct thing" for a hotel to do here but "what I expect most hotels to actually do in this situation" is to, if they do anything, at most alert local law enforcement and cooperate with them if there is an issue, not decide to send hotel employees to go run an internal investigation to verify the activity even is illegal in the first place, after which point I guess the idea is you want to send the bell hop and the concierge and the night security officer to go evict them from the hotel?... This just isn't how anything is done and is asking the wrong things of the wrong people leading to situations that are super dangerous for everyone involved.
Meanwhile, it isn't even "in the public's best interest" for the hotel to act as law enforcement as the most they can do is evict the person from their one hotel, not actually stop them from doing whatever "illegal behavior" is taking place. (At this point, apologists for monopolies probably start arguing that this is why we are all better off if everyone is forced to use one or two providers, so that everyone can be forced to fall in line with whatever the new corporate vigilante justice rules are... sigh.) Law enforcement is empowered, trained, and equipped to actually do something, not the hotel staff.
>if they do anything, at most alert local law enforcement and cooperate with them
And cloudflare isn't even doing that. They just shrugged and decided they would continue to collect profit off the criminal behavior and act as a brick wall for OP in this case. They don't have to be the law enforcement here, but they should be obligated to report this activity to law enforcement and let law enforcement do their jobs. OP will probably have to get a lawyer and spend a lot of money and time to force cloudflares hand to turn in the phisher, all while their business is being hurt directly, and that's just not right at all.
I'll tell you what the difference is, that no one ever points out...
In the case of a crime being committed in a hotel room, the criminal is the nuisance. The hotel operator gladly participates with law enforcement to remove the nuisance. In the case of something as ridiculous as these plaintiff wedding dress makers claiming "intellectual property" over a white dress, the plaintiff is the nuisance, not the people they are accusing.
Interesting analogy, it fails pretty quickly though once you take a deeper look
Your analogy amounts to a person having a private road, for which a random person comes buy proclaiming "hey there is meth lab up your road" from this you then jump to the conclusion that the person that owns the road now legally "knows" about the meth lab, thus if a methlab is found they are complicit.
I would find this to be very lacking from a legal standpoint that some random person yelling an accusation at you constitutes "informing" someone of a fact to whit they would then become legally liable.
No proof, evidence, or other actionable noticed has been given, so the owner can simply ignore you accusation and move along with their day, in fact legally that would be the best course because if they then investigated they could become complicit, but at the moment of accusation they are not
It’s not as simple as knowing that they’re using the road. In the US, they are forbidden from using the road only if you have denied them access to the road through either clearly posted no trespassing signs at quarter mile or less intervals or notified them either verbally or in writing that you are denying them access, and if no easement protects their access through your property to theirs, etc. So you would not only have to know, but have good reason not to deny them access other than to ignore or protect them of your own uncompelled free will.
I think this topic is not about physical VS virtual, but discrete VS continuous involvement of the manufacturer/provider.
A car is manufactured and sold once to a customer, which then goes on a road rampage. (physical, discrete)
A website is continuously served and maintained by a provider to a customer, which then uses it for shopping scams. (virtual, continuous)
A spreadsheet serial key for an offline app is sold by the developer to a customer, which then uses it for embezzlement. (virtual, discrete)
Some legal questions:
Is the manufacturer/provider liable? Did they know the product/service was purchased with the intent to harm? At what point can the manufacturer/provider be considered an accomplice? The product was sold already, what can they do about it? The service is still being provided, should they stop it?
I'm wondering how long until we see the physical, continuous scenario, exactly like the road rampage, but with a connected car. Should the manufacturer disconnect that car? Should they remotely disable it?
Very complex legal and ethical questions ahead in our times.
A Ford dealership would be liable for selling counterfeit Fords, or at least would be responsible for helping track down where that counterfeit came from.
Cloudflare's not selling the website. Is the Ford dealership liable when you show up at their door, ask how to get to 1308 Halifax, they direct you there, and then the people at 1308 Halifax sell you a counterfeit Ford?
Is the landlord at 1308 Halifax liable when his tenants sell someone a counterfeit Ford?
If you tell the landlord their tenant is selling counterfeit fords and they do nothing and continue to collect rent from the counterfeiter while looking the other way, at what point are they complicit in the crime?
dymk, while you prompted this post, this has nothing to do with you, so ear muff it for a sec if you don't mind.
If I may briefly stand on my soapbox: I'm starting to think analogies never help prove a point. No matter how relevant or true they might be, someone will pull some comparison out of the analogy and use that to detract from the main point being compared and expect that comparison to be a valid rebuttal, often to great popular success. Anybody else notice this?
When used well, analogies aren't meant to prove a point, they're to illustrate a point. It is actually useful for two people to offer different analogies that they think are appropriate, because it helps to show their point of view. What is useless is treating an analogy as though it had the force of argument.
Yes, all the time. I don't know why people do this, it's as if they lose track of the conversation and think they're debating the analogy itself, rather than the thing the analogy is meant to illustrate.
It's very frustrating when they make a counterpoint to the analogy that doesn't actually correspond back to the original point.
> I'm starting to think analogies never help prove a point.
HN is particularly bad for chains of increasingly surreal analogies, each of which the poster seems to think is a silver bullet. the analogies are some of the least useful content on the site, next to sarcasm.
Absolutely. My post is really making a meta point about the analogies I see here. You can make an analogy that makes any point you want if you stretch it enough.
Fight bad analogies with bad analogies. Show off how useless a tool they are.
The HN audience is not perfectly reflective of wider society. One obvious example is that people on this site tend to be more technically aware than the wider population, but that's not the only relevant characteristic.
The userbase here tends to be technical, tends towards (or is at least dominated by) particular political positions, and seems to be much more literally-minded than other online communities.
This is not a comparable analogy, CF isn't selling each website you visit.
They are providing Privacy and Security via 100% automated tools.
Perhaps take it up with the registrar, or file a lawsuit against CF and the Reg and get a court ordered TakeDown. There are avenues of resolution for such disputes, if one is passionate enough to exercise them.
I think the difference is that ford sells a car then someone robs a bank. With hosting it's a continuing relationship.
Hard to work that into a car analogy but what if a rental car is returned obviously with bank robbers and they want another one telling you they are going to rob another bank
Obviously nobody would confess a crime while returning a rental car. They'd return the car and leave. Then later the cops will stop by with a warrant and collect info/security footage.
If a bank manager went down to Hertz by themselves and demanded someone's information, they obviously wouldn't get very far. There are established legal processes to follow.
Just like the physical world, if you want to compel Cloudflare to identify one of their customers, you have to use the legal system.
If you look at this thread, you will see many people coming up with different analogies, thinking about "what would Ford do" or "what if there is a meth lab". Simply because they saw your analogy and didn't like it
I wish HN would introduce a "please no analogies that compare digital stuff with physical" rule because such things turn conversations into a mess
No, it sounds like a completely valid thing to make such analogies. Whether it is true is another thing, but it certainly is a point of view. This sounds a lot like 'I don't like your conclusion so I am going to attack the perfectly valid means by which you attained it'.
My point of view that an analogy cannot possibly be, in your words, "true". Don't you think any analogy is leaky and we shouldn't use them? Any point of view demonstrated with an analogy can be conveyed without it.
And no, I attack this method not because I don't agree with the conclusion of comment I was replying to, it's because I hate analogies.
How comparing cloudflare to ford and then saying "wouldn't that be ridiculous if Ford got sued if a criminal bought a car" can be accepted by anyone as a valid argument? Yes, it would be ridiculous but that's it
> Maybe we should stop trying to protect things that are easy to copy like website designs and wedding dresses.
You get half your wish as wedding dresses aren't covered by any intellectual property laws except for big designer dresses which use Trademarks. Copying the dress design itself is expected and a regular part of the fashion industry.
That's a flawed analogy, cloudflare here provides cover for these dodgy sites to hide behind. Cloudflare here is not only the V8 supercar but the getaway driver as well.
So in that case, wouldn’t the right way to handle it be to get a warrant to have Cloudflare give you the identity so that they can be prosecuted under copyright law? And if there is no law being broken, Cloudflare doesn’t have a responsibility to do anything. You wouldn’t want a company to reveal your identity just because someone asked nicely. You’d want a judge to approve a warrant.
The protection these dodgy sites enjoy also protect a lot of other sites that could be quickly removed with simply enough capital, even if the legal claims had absolutely no basis.
Yes, it isn't optimal, but the advantages of hosters not carelessly taking down other sites makes hosting a few bad apples worth it.
In centuries past, if you wanted to infringe copyright at the same scale we do today, you'd need expensive stuff like printing presses and a viable business model that pays for the costs of running an industrial copying process. That's what made copyright enforceable: you'd need to be a major industry player in order to infringe copyright and such centralized operations are easy targets for litigation.
Now everyone's got computers that can make and distribute a virtually unbounded amount of copies of anything to anyone within the network and there's pretty much nothing people can do about that.
You (your client) can still subpoena Cloudflare for the customer's IP if you can get a court to agree that it's infringement and then go after the upstream host. That's seems like a solution compatible with this ruling, and an appropriate amount of lift.
Cloudflare, it seems, was perfectly willing to tell them identify of the customer without even going to court.
> Cloudflare's security services do impact the ability of third parties to identify a website's hosting provider and the IP address of the server on which it resides. If Cloudflare's provision of these services made it more difficult for a third party to report incidents of infringement to the web host as part of an effort to get the underlying content taken down, perhaps it could be liable for contributory infringement. But here, the parties agree that Cloudflare informs complainants of the identity of the host in response to receiving a copyright complaint, in addition to forwarding the complaint along to the host provider.
Some big parties always try to skip the court ruling and do whatever they want block the site without a law suit directly. Even the court ruling path exists there since forever and accomplish with the problem they claimed perfectly.
Either because it is expensive or court obviously won't agree about every flawed claim they created. That isn't really a problem only in America.
Some people in Taiwan also tries to pass similar law, end up get backfired when someone noticed it and stop the law creating process everytime. (And they still didn't give up
)
Cloudflare does take reports seriously when a site exists to phish logins from another site’s users (whether that site is a clone, or just claims to be representing the other party when it isn’t.) Especially when that other site has a credit card form.
Sadly, the most they can really do (about their regular Cloudflare Proxy clients, at least) is reveal to you the unmasked hosting info of the origin site; at which point you’ve got to start another process for reporting a TOS violation to the origin’s hosting provider.
Cloudflare forwards DMCA copyright infringement complaints to the hosting provider, probably automatically to an abuse@ domain that it can detect. I’m not sure if they do the same for any other copyright claims, but they do pass it on to the parties that should be involved.
But don't they store the copyrighted content on their servers? It's one thing just to be a transit mechanism it's another thing to store and serve copyrighted material like a hosting a provider.
If someone ships drugs through UPS, and it sits in a UPS warehouse for a few days, did UPS store drugs? Technically yes, but should they be liable for that?
If UPS finds drugs, they call the cops and you are probably better off not having that package delivered. If someone tells Cloudflare they are hosting copyright-infringing content.. they sue to say the Cloudflare service is ineffective and does nothing to provide the infringing content?
Except UPS doesn't find drugs because they don't look for it. Just like Cloudflare doesn't look for illegal content.
If someone told UPS a package has drugs in it, they'd say, "that's nice, talk to the sender" and then deliver the package. If someone tells Cloudflare, "that content is illegal", they say, "that's nice, talk to the site owner".
Usually, people don't tell UPS they have a drugs package, they tell the police directly and the police go and work with UPS. That's the issue with many of these analogies, people don't talk to the car dealership/UPS/landlord/hotel staff/etc, they talk to the authorities because that's the normal thing to do.
In this case, it would be like if you told UPS someone is continuously shipping drugs through their system, and they said 'that's fine they are a paying customer' and continued to let them traffick with their infrastructure, rather than contact the police. At a certain point UPS is complicit and could be charged themselves even.
So what should UPS do? Open a box because someone claimed something potentially illegal is in the box? What if UPS does not have the tools or right to open the container and determine that the thing is actual illegal drugs, do they now need a drugs lab and drugs experts?
Isn't more simple and correct that you contact police directly, present the evidence, have the authorized person to decide if the thing you claim is illegal or that the evidence is convincing then intercept the package.
UPS already doesn't consider their customers packages private property and does in fact open boxes that are deemed suspicious. But even then, cloudflare isn't even doign the latter. They aren't bringing this information to the police, they are continuing to collect money from the phisher and stonewalling OP until he shows up with a lawyer and a much bigger can of worms for them.
You are ignoring my main point, CloudFlare should act for each complaint? Like some Skyrim modder bitches that someone stole a texture from his mod , then what ? An employee starts an investigation to determine who is right?
Like in the case with a website, some dude complains that some other dude stole some css, now you need a detective to find the real author, licenses and then detect if is fair us ... this seems to be a job for police/justice. It is not a clear case like you are hosting an entire Disney movie.
If someone reported it to UPS and they didn’t do anything. UPS would be complicit. Just like if someone sent a CDN a DMCA notice. Justice do prosecute the shipping companies for illegal materials that use their network.
Well, they don’t _not_ store it - their whole dealio is they cache website content on their servers. Not forever, but they’re not just a transit mechanism.
> You also have a Cloudflare account to file a complaint, which I found to be odd. We're a Cloudflare customer too...but still that shouldn't be a hoop you have to jump through.
I was once locked out of my Cloudflare account, and I couldn't contact them because to do so... required an account /* facepalm */
FYI, the way around this is to send an email to support@cloudflare.com. This isn't mentioned anywhere on the public-facing website.
> and we can't see who registered the domain or who hosts the site (since Cloudflare masks the IPs.)
According to OP, it should be possible to get Cloudflare to tell you the originating IPs. I am not sure the mechanism though. From article:
> But here, the parties agree that Cloudflare informs complainants of the identity of the host in response to receiving a copyright complaint, in addition to forwarding the complaint along to the host provider.
Not true -- according to the OP -- we'll tell you who the hosting provider is -- as in, the name and abuse email of the host. The origin IP is not needed.
I would think the origin IP would be needed for the hosting provider to identify their customer though? And the judge seemed pretty sure that the complainant could effectiely take it up with the hosting provider... still, there are lots of opportunities for misunderstanding here in case to judge to article to us. Not sure exactly what cloudflare will give you!
Regarding the IPs behind Cloudflare, when you send a DMCA notice to Cloudflare via email (meaning you don't need an account), Cloudflare will forward the notice to the host of the website, who will then take appropriate action. Cloudflare will usually also notify you about the origin IP of the website so you can further enforce your rights directly at the company which hosts the website.
> we can't see who registered the domain or who hosts the site (since Cloudflare masks the IPs.)
TIL Cloudflare is also a registrar[1], Might be even the cheapest. I was wondering why the parent wasn't able to find who the site belonged to through just WHOIS and sending a abuse request to the registrar, Still Cloudflare should be forwarding the abuse report not sure what's the case here.
Can anyone tell share their experience with Cloudflare registrar? When compared to something like Namecheap? Also can different Cloudflare accounts for separate products use same credit cards for using the registration service?
That's a good point. I guess those who already have cloudflare nameservers wouldn't have an issue with it unless there are some issues with transferring the domain to cloudflare which already acts as your reverse proxy.
> We've reached out to Cloudflare to get them to take it down but nothing has been done.
By “reached out”, I assume you don't mean “filed a DMCA takedown notice and, when they failed to take down the infringing material, filed a contributory copyright infringement lawsuit seeking both damages and a permanent injunction against Cloudflare making the infringing content available.”
But I wonder why not? If there is a good reason not to, though, its probably also the reason that Cloudflare knows they can ignore you.
There are some methods for discovering the IP address of the origin server hidden behind Cloudflare. No guarantees but IME, many origin IPs are easily discovered.
