In yesterday’s post about Cloudflare and Spamhaus Fazal comments that Cloudflare may have been asked by law enforcement to leave the website up.
This does happen and it’s not totally out of the question that’s what is going on with this particular website. But I used the malware C&C as an example of the poor behaviour condoned by Cloudflare, it’s certainly not the only bad behaviour. There’s also the issue that Cloudflare disavows all responsibility for the behaviour of their customers.
CloudFlare is a pass-through network provider that automatically caches content for a limited period in order to improve network performance. CloudFlare is not a hosting provider and does not provide hosting services for any website.
We do not have the capability to remove content from the web. If your submission is found to be legitimate, you will be directed to the appropriate provider for your report. Only reports of URLs resolving to CloudFlare IPs will be reviewed and appropriately handled. Cloudflare Abuse Policy
This doesn’t sound like the abuse policy of a network that actually is interested in policing their customers.
CloudFlare’s response to legitimate DMCA complaints a year ago was to provide the direct-connect IP address of that domain and disclaim any responsibility. This year they stopped providing even the IP address, and the form I had to fill out to file my complaint was designed to obstruct my efforts. I started a nonprofit website called “CloudFlare Watch” because their entire business model is something that no law-abiding citizen should have to tolerate. This new website shows over 100,000 domains of past and present CloudFlare users, many of which include the direct-connect IP address that CloudFlare now refuses to provide. CloudFlare claims nearly a half-million domains, so there’s much more work to be done.