Because we’re a U.S.-based company subject to SESTA and the one site in question we took down affirmatively told us they were violating SESTA. SESTA is a very bad law. But, if you’re violating it, don’t wave that fact in the face of your infrastructure providers who are liable under the law for providing service to you. We continue to work to overturn or repeal SESTA.
We never told you we were violating SESTA. We never waved it in your face. You could have given us some warning, but you didn't.
Until you show evidence on your work to overturn/repeal SESTA, I'm going to call bullshit on that.
Cloudflare knowingly fronts many other sites that are clearly violating SESTA, so obviously you don't think it's that big of a liability as you claim to be.
Not to mention your Head of Sales reached out to us offering Cloudflare services a year after kicking Switter off when we mentioned we were dealing with DDOS attacks as an escort directory.
I do understand that Cloudlfare can't just violate SESTA/FOSTA.
That being said, the communication and messaging around those decisions were clearly different than what's happened with Kiwi Farms. I'm not expecting Cloudflare to violate the law, but my goodness is it really obvious to me that taking down Kiwi Farms was a much harder decision for you than taking down those sex sites.
This kind of feeds into my long-running criticism of how Cloudflare handles adult content in general. You launched a DNS filtering service that accidentally censored the GLAAD website -- and to be clear, my beef is not that Cloudflare made a mistake and I'm not implying that any of that censorship was intentional. My beef is that I can't imagine you making that same mistake around bigoted content. I firmly believe that if you were launching a DNS filter for hate speech, you would have done more testing before you launched it. You would have been scared enough about that filter that you would have made sure it wouldn't accidentally censor a mainline political blog.
But to this day, 1.1.1.3 filters adult content but not sites that are dedicated to hate speech. Kiwi Farms wasn't blocked from 1.1.1.3. That may not be intended as a statement, but it sure reads as one. It is impossible for me to look at those decisions and not come away with the conclusion that you are more comfortable censoring explicit material than you are censoring violent speech.
And it does make it harder for me to believe you when you claim that taking an absolutist position towards platforming even organized doxing sites is protecting marginalized groups. Because you're already launching your own services that make it easier for network operators to attack those marginalized groups; they're not seeing the same level of consideration that doxing sites are getting.
I lost a lot of respect for Cloudflare's "free speech protects everyone" argument when 1.1.1.3 launched. You can't simultaneously argue to me that we have to care about the principles of speech when it comes to banning a doxing site, and also that technically your sex-specific DNS censorship service is optional so it has no implications for free speech and it's just fine.
Cloudflare will ignore reports of DDOS-for-Hire websites that are illegal almost everywhere in the world, including the US. So, you see yourself as free to ignore laws when you feel like it?
I was thinking “if I was your lawyer” and didn’t type it. Then hit enter and saw my message, and edited it. The problems of getting in flamewars while making breakfast!
I would recommend to anyone to follow the advice of their lawyers regarding posting to hacker news! But it’s mainly a joke
EDIT: and to the original post, I was being way too glib. I do kinda believe what I say but there are less agressive ways of saying it. Again, breakfast posting, but legitimately touchy subject for obvious reasons and I should keep my cool.
> to be under oath and claim nobody at your company was like “maybe this site is coordinating illegal activity” and you said “nah” and continued to provide services for them?
I think Cloudflare did the right thing. But I'd fight for a CEO's right to make calls about user-generated content without worrying about liability because someone suspected something.
I suppose the contention here is that at one point you’re looking at a website, are told its modus operandi, see a lot of the content it hosts… and at one point 230 starts being less relevant.
Like if you have multiple incidents with the same site at one point you need to actually acknowledge that these incidents are here! You might still declare “it’s ok though” but honestly that arguments way easier with something like Reddit compared to something “single-use” like KF.
Obviously not a lawyer, but it feels possible to argue this in a securities fraud case