Unspam, Prince's company before Cloudflare, which created Project Honeypot, had a slightly unsavory (to me, at least) business model of lobbying state legislatures to pass laws requiring "no-contact" registries with requirements that were tailored for Unspam. Looks like they succeeded in 2 states and some version of the company exists: https://www.unspam.com Prince gave up on it and got an MBA at Harvard but he's still listed on the company website.
> A registry of individual e-mail addresses also suffers from severe security/privacy risks that would likely result in registered addresses receiving more spam because spammers would use such a registry as a directory of valid e-mail addresses. It ultimately would become the National Do Spam List. Furthermore, a registry of domains would have no impact on spam and a third-party forwarding service model could have a devastating impact on the e-mail system.
Also, the laws Unspam pushed for were intentionally tailored to make them the only suitable vendor. Leveraging personal connections and paid lobbying to compel taxpayers to fund a counterproductive, privacy-violating and monopolistic service is not what I'd call "doing good" but YMMV.
I contributed some VM's to this early on in the project but then pulled out of it. There were no stats to show how my nodes were contributing and I was concerned that I might lose my VPS account since I could not tell how this was being used. I liked the idea.
That's funny, I figured they would have shown it to you for recruiting purposes. :)
I remember Matt always talking about how Cloudflare was his ultimate vision for the honeypot project -- a way to block bad actors on the internet by aggregating information.
He tried to recruit me very early on although I don't think in 2009 (I believe it was the year after) and I wasn't ready to go to the US and they weren't ready to have someone in London.
Didn’t down vote you, but generally bad form to hijack a thread just to pop a question about a completely unrelated topic; both from the thread and post itself.
Realize (now) you’re Cloudflare’s CTO, but might be worth pointing it out when you’re replying to Cloudflare related topics; you obviously have been around HN awhile so guessing it’s unlikely to make a difference, but in my experience on HN people generally appreciate the clarity.
FWIW I agree with that approach. HN audience recognizes you anyway which gathers the upvotes, and if it’s really confusing someone will point out you’re the CF CTO anyway.
Think of it more as a name tag & uniform a franchise restaurant makes its employees wear, so you know who works there. Takes away the prestige pretty quick ;)
They have it in their bio which is the HN norm, not announcing one’s creds at every turn.
But I think these “HNers would appreciate it!” community spokesman kinds of comments are kinda lame. I don’t think HNers need to be spoon fed “I’m Cloudlfare’s CTO btw! :^D” every time the guy rears his head. Especially just to say he never read TFA before…
> They have it in their bio which is the HN norm, not announcing one’s creds at every turn.
No, appending something like "(disclaimer: CF employee)" is absolutely the norm anytime it could even remotely be construed as a conflict of interest. It might be fine here, but this is an edge case.
I disagree that every comment you make in a community has to stand alone and reintroduce yourself lest a newcomer flies off the handle without knowing who they’re responding to.
That is just annoying. Nor do I think it’s a convincing point coming from someone who suggests they aren’t new here.
imo people new to a community could slow their roll esp in a debate.
Alright; I've been on HN for 5 years. Since we're all friends who know each other so well, how about you tell me about myself? I'm reasonably active and I have an extremely recognizable username, so you should of course remember me quite well.
>I disagree that every comment you make in a community has to stand alone and reintroduce yourself lest a newcomer flies off the handle without knowing who they’re responding to.
I think it's circumstantial. For instance, I don't really think it's necessary for the CTO to have said, "disclaimer: CF employee/CTO/whatever" in this thread. But in this thread[1] from yesterday, I think it would've been helpful.
To me, it’s about the easy of connecting a comments relevance to the post, assuming CTO was on the founding team, so makes sense that them posting they had never seen the post adds value to the thread; anyone else posting comment like that would have likely been down voted.
To me, fair to assume everyone does not know everyone else, though they might be familiar with a subset of the information, for example, knowing who Cloudflare is. If a user appending affiliation to a comment adds context, to me it makes sense to add it - and not assume or expect users to click your profile, other users point out who you are, etc.
But even if you didn't know the user was a cloudflare exec, the comment just becomes a boring throwaway comment from some luser on the internet telling you their thoughts, like posting 'Me too!' like some braindead AOLer.
Sorry, but do not understand references or generally what you were expressing; highly suggest reading all my comments in thread to avoid forcing me to unnecessarily repeat myself.
My point is that adding a disclaimer about your employer only matters if the post has a possibility of being seen as astroturfing if the reader doesn't know about the relationship between the poster and the company.
For example, if jgrahamc said "I never knew that. Cloudflare is such an amazing company, everyone should apply for a job there!", then okay, request a disclaimer. But if someone just says "I didn't know that", then the comment goes from mildly interesting (if you know who they are) to boring (if you don't know who they are). The failure mode here for lack of disclaimer is the post just becomes a boring, low-effort comment.
I think jgrahamc adding "I'm the CTO of cloudflare, and I didn't know that!" might have been reasonable context, but no disclaimer is required, because the reader didn't need to be protected from the post. There was no conflict of interest in the post.
Said the user with “this account is a GPT-3 bot” in their profile.
Like I said, pointed this out 100s of times over years and my experience says otherwise; not my first account, nor will it be my last. Also, not dang, not trying to be dang, but also firmly believe HN is a community and important for the community to express themselves, but also would be more than happy to respect dang’s wishes.
A bit more about this as I’m remembering. Cloudflare’s original “data center” (which was really just a single server) was located in Chicago. We had the zip/postal code for Project Honey Pot participants from when they signed up so we emailed anyone within a certain radius around Chicago to be our first beta testers. We knew they were the folks most likely to have acceptable performance.
The original way you signed up for Cloudflare was to give us your GoDaddy username and password and we’d login, slurp the DNS records, then update the name servers. It was magic when it worked. But it was almost too easy so if something broke people didn’t know how to undo what we’d done. Worse: sometimes we’d miss a DNS record like an MX record and be unable to even contact the user.
The crazy thing is we emailed people basically with the content on this page and asking Project Honey Pot users to give us their user names and password. A scary number of people just did without asking any questions.
We put this page up to prove this was a legitimate project after a (scary) few people asked us: “How do I know this isn’t phishing??”
Fun to find it still kicking around 12+ years later.
Are you ignoring the part of that page where if you click sign up, you can create an account for free, and get protection and services for free? Sure, its not everything they offer is free, but enough for most users is.
Aspirational business model goals in 2009 won’t be 100% realized 13 years later. That doesn’t mean the original goal was a “lie”. That word requires intent.
And DDoS mitigation is part of the free feature set. Im guessing some of their largest customers may be kicked off the free tier if they are too much of a resource burden.
I don't think it's terribly surprising that there might be companies out there who charge for things that they think should be free because they can get away with it. That said, in this case it sounds like pretty standard marketing speak, and I tend to be skeptical that anything sounding like that is a genuine profession of values rather than a catchy tagline (which probably explains my lack of surprise at the first thing as well)
I think one interesting thing about Cloudflare is that once enabled on a domain, it can be used to serve different versions of that domain to different audiences, enabling things like selective censorship and propaganda.
Cloudflare has also taken investments from the intelligence agencies (at least in the US).
To be fair, the ability to serve different content to different users was (is) a primary feature of essentially all web servers. This has been the case for multiple decades.
It’s important to understand and internalize the difference between capability and willingness/desire to do something.
Servicing different content based on different visitors is a feature of any web server. If you are insinuating that CloudFlare does this without the domain/website owner’s permission/knowledge, cite your sources. That is the kind of insinuation/rumor that can destroy/erode the reputation of a cybersecurity company.