Cloudflare Removes Neo-Nazi Site From DDoS Mitigation Service

News
By Nathaniel Mott
published

Cloudflare CEO Matthew Prince said the company, which provides distributed-denial of service (DDoS) attack mitigation services to many popular websites, has terminated service to a neo-Nazi site called The Daily Stormer. Prince also said the company took "measures to ensure that [The Daily Stormer] cannot sign up for Cloudflare's services ever again" and explained why he believes this was a "dangerous" decision to make.

That decision followed numerous attempts to bring down The Daily Stormer. Earlier this week, host GoDaddy gave it 24 hours to find a new service provider. Shortly after, an article supposedly written by Anonymous hackers who "took over" the site claimed The Daily Stormer would be shut down within 24 hours. From there, the site moved to a Russian host, and it was then taken down following Cloudflare's decision to stop defending The Daily Stormer from the barrage of DDoS attacks.

As we've said before, DDoS attacks seem destined to remain in the headlines. They've been used to wreak havoc on popular services and games over the last year, and thanks to the continued rise of DDoS-as-a-service platforms and new attack methods, they're likely to continue to do so. That in turn means defensive services like Cloudflare's will become increasingly necessary for anyone who wants to remain online.

Prince recognized this reality in the blog post he published about his decision to stop providing services to The Daily Stormer:

The size and scale of the attacks that can now easily be launched online make it such that if you don't have a network like Cloudflare in front of your content, and you upset anyone, you will be knocked offline. In fact, in the case of the Daily Stormer, the initial requests we received to terminate their service came from hackers who literally said: 'Get out of the way so we can DDoS this site off the Internet.'

It's not hard to see why Cloudflare made this decision with The Daily Stormer, which Prince described as "vile," but that doesn't mean the choice won't have consequences. Allowing hackers to decide what content is or isn't allowed on the internet, he said, "subverts any rational concept of justice." Cloudflare allowing that to happen because of Prince's beliefs could set a worrisome precedent for how it approaches content policing.

Yet it's also easy to see that defending The Daily Stormer's website could have led to other problems for Cloudflare. Allowing the site to be taken down by DDoS attacks could make people worry about its de facto ability to be the arbiter of whose services remain online and whose don't. Continuing to defend the site could anger many people and would allow a site dedicated to hate speech to continue operating. Both options have their downsides.

Prince isn't the only person at Cloudflare concerned about the decision to terminate service to The Daily Stormer:

Someone on our team asked after I announced we were going to terminate the Daily Stormer: 'Is this the day the Internet dies?' He was half joking, but only half. He's no fan of the Daily Stormer or sites like it. But he does realize the risks of a company like Cloudflare getting into content policing.

For now, it's clear that Cloudflare doesn't plan to make a habit of dropping controversial sites. The question is how the company, which Prince said handles "around 10%" of internet requests, will balance the sometimes opposing values of free speech and anti-Nazism. Contrary to popular belief, there's no exception for hate speech in the First Amendment; neo-Nazis are given the same protections as everyone else.

But that doesn't mean Cloudflare has to provide its services to sites like The Daily Stormer. First Amendment protections start and end with the U.S. government; private companies are allowed to suspend service for pretty much any reason they want. Prince said in his blog post that Cloudflare's terms of service allow it to "terminate users of our network at our sole discretion." The company has avoided using that power, but Prince said The Daily Stormer forced Cloudflare to respond when it "made the claim that we were secretly supporters of their ideology." He said:

Our team has been thorough and have had thoughtful discussions for years about what the right policy was on censoring. Like a lot of people, we’ve felt angry at these hateful people for a long time but we have followed the law and remained content neutral as a network. We could not remain neutral after these claims of secret support by Cloudflare.

With the rising number and effectiveness of DDoS attacks, questions like this will have more and more impact on who is allowed to express their views on the internet. Services like Cloudflare will effectively control what speech remains online and what doesn't. That's a lot of responsibility, and it's not always clear how it should be wielded.

Nathaniel Mott
Nathaniel Mott
Freelance News & Features Writer

Nathaniel Mott is a freelance news and features writer for Tom's Hardware US, covering breaking news, security, and the silliest aspects of the tech industry.

135 Comments Comment from the forums
  • bit_user
    Not a single word about how Cloudflare's DDoS mitigation actually works? Did you even ask them about it? Is this still a tech site?
    Reply
  • bigpinkdragon286
    Sounds more like a case of cowardice and censorship than anything else. This closes the door to open dialogue and opens the door to much darker things. If you can cite illegal activities the web presence was engaged in, that should be part of your argument, otherwise this reeks of nothing more than discriminatory virtue signaling.
    Reply
  • RomeoReject
    "Sounds more like a case of cowardice and censorship than anything else. This closes the door to open dialogue and opens the door to much darker things."

    What kind of a dialogue do you reasonably expect with literal Nazis? I mean, I'm all for open dialogues, and understanding, but there becomes a point where being open becomes detrimental to freedom, and personally, I'd say that point falls quite a bit before accepting an ideology of genocide.
    Reply
  • bigpinkdragon286
    Who said anything about accepting an ideology of genocide, or that the dialogue would even be with the Nazis? If the company can censor Nazis without concern, they can censor anybody without concern. My concern is the bad behavior of forcefully shutting up the people who's opinion is disagreed with, which is what Cloudflare has done. It would appear that Cloudflare has decided it will not render a service based on their feelings and their view of the feelings of others toward the person or group they are rendering the service for. I suspect if this was based on a legal matter, it may not have even made headlines. I find it unfortunate that there hasn't been consistency on allowing private businesses to exercise this sort of discretionary service. Other service businesses have been sued, with very heavy fines levied against them for refusing to provide their services, based on the private owner's discretion, so what makes Cloudflare special?
    Reply
  • leoscott
    "What kind of a dialogue do you reasonably expect with literal Nazis?"
    None actually. I ignore them. And had Antifa and BLM ignored them they wouldn't have gotten all the press they have received this last week.
    The real question is where is the line drawn? And next, what will you believe when the line is drawn on the other side of you? Who is the decider? That is the problem with restricting free speech. Someone decides. Which is great as long as they decide the way you like. But it's never the same people always deciding. I prefer free speech as long as it passes muster defined by SCOTUS. If I don't like it, I don't listen and on comment sections, if I don't like it enough, I provide counter comments.
    Reply
  • Kelavarus
    BIGPINKDRAGON286 - My guess is that the private service businesses used, or were at least found guilty of using, a reason to refuse service that is protected by law (race, sex, etc...). Ideology isn't protected. And Cloudflare doesn't have a monopoly on DDOS mitigation, nor is it (to the best of my knowledge) stated anywhere that DDOS mitigation is a requirement to run a website. It seems reasonable that they have the ability to decide what to protect and what not to with their service, especially in this case as the client presents extra risk and expense.
    Reply
  • ibjeepr
    I'm glad the article focused on "should we" versus "can we?" The fact that Cloudflare did, is concerning. At least they realize it. I don't think they should have, but then, I think people should be smart enough on their own to see this garbage on the internet and treat it as such. Apparently far too many people aren't that smart. So, if you are in a position to help protect people from themselves for the overall greater societal good, what should you do? When the number of individuals that fail to do what's right grows, government and corporate control over individuals grows with it.
    Reply
  • shrapnel_indie
    Okay... what I read, and hopefully is truth:
    The company has avoided using that power, but Prince said The Daily Stormer forced Cloudflare to respond when it "made the claim that we were secretly supporters of their ideology." He said:

    Our team has been thorough and have had thoughtful discussions for years about what the right policy was on censoring. Like a lot of people, we’ve felt angry at these hateful people for a long time but we have followed the law and remained content neutral as a network. We could not remain neutral after these claims of secret support by Cloudflare.

    In the name of neutrality, i can see them not dropping these hateful losers just because of what they say. I can also see dropping them when they try to make out that Cloudfare actually were supporters secretly. Not to do so would also cast doubt to how neutral Cloudfare really was and doing so can cast some of the same doubts too. Unfortunately, there are unintended consequences that we all will have to face if this sets a precedent since it has been done.

    Real and honest dialogue can be a good thing (especially when the dialogue is true dialogue and not just what might as well be a monologue of thought (dialogue between those who support the exact same thing.) Most of these people are beyond a dialogue and considerably more into the territory of monologue and you won't budge them even a millimeter anyway.
    Reply
  • I don't like negative ideas. The internet should only be about buying things, watching kittens, and information from vetted reliable sources, like CNN.

    It's not up to me to think for myself. It's different for my masters.
    Reply
  • bigpinkdragon286
    20072992 said:
    BIGPINKDRAGON286 - My guess is that the private service businesses used, or were at least found guilty of using, a reason to refuse service that is protected by law (race, sex, etc...). Ideology isn't protected. And Cloudflare doesn't have a monopoly on DDOS mitigation, nor is it (to the best of my knowledge) stated anywhere that DDOS mitigation is a requirement to run a website. It seems reasonable that they have the ability to decide what to protect and what not to with their service, especially in this case as the client presents extra risk and expense.
    Actually, I disagree with you and say that ideology is selectively protected by law, and that's where the inconsistency comes from. I already know the reasons behind the lawsuits, but have no interest in steering the conversation in that direction. There may not be a special legal protection for this ideology, but the censorship is pretty blatant, along with the concerns it brings up.

    I personally feel that if the requested service was not in violation of any laws, this either is, or is bordering on discriminatory refusal of service. Yes, there are exceptions, but I would consider the Daily Stormer's assertion that Cloudflare secretly supported them is pretty thin in the good reason department. The article doesn't even mention whether the Daily Stormer had violated any of Cloudflare's terms of service.

    If Cloudflare is concerned about their image, dumping controversial customers seems rather short sighted. Furthermore, dumping a client from a service, such as mitigation from DDOS attacks, because they might have a higher need of those services sends the message that only customers that are on message will be protected, and only if they don't need too much of the service being provided.

    In response to your statement that, DDOS mitigation is not a requirement to run a website, I will disagree again. Under normal circumstances, it may not be a requirement, but in the case of a site with controversial content or that presents as a very visible target, DDOS mitigation is required. The article points out that hosts are refusing the site due to the DDOS attacks. Nobody wants to deal with the excess traffic, and if the site can't obtain any mitigation services, the site is effectively taken down. So, you may be technically correct, a site can be hosted without DDOS mitigation services, but in reality the site is rendered unreachable.
    Reply