I'm no fan of Cloudflare, but they're completely in the right on that. Infrastructure for blocking websites simply shouldn't exist.
Because if it's allowed to exist, it ends up subsumed by political and corporate interests, and becomes a tool of overreach and abuse. We've seen that happen over and over again.
If US Trade Office can be leveraged to destroy internet censorship efforts in other countries, then so be it.
> Infrastructure for blocking websites simply shouldn't exist.
I think people have forgotten how extreme a position this is: the idea that once something is on the internet, national law simply ceases to apply and governments should have absolutely zero control over obscene material, IP infringment, harassment, libel, foreign propaganda, money laundering, fraudulent financial services, gambling, and so on - simply because it's hosted in a different country.
Not even the US really believes that domestically .. or even when it comes to overseas enforcement, such as sending the FBI to New Zealand to get Kim Dotcom. Or the Pokerstars case.
Not to mention I am really skeptical of the magic invocation of "trade" to overrule national sovereignty. That leads you to stupid places such as Philip Morris trying to use the ISDS process to force Australia to accept an inherently poisonous product (fortunately they eventually lost). https://www.linklaters.com/insights/blogs/arbitrationlinks/2...
It is a tough predicament we find our selves in. A totally free and open network is prone to exploitation by rampant abuse. A controlled and monitored network is prone to excessive restrictions.
There is a middle way that can kind of muddle along but it can be attacked by both sides for being both to strict and not being strict enough.
I think if something is hosted in a different country, the laws of that country apply to that service. It's not under your jurisdiction, so you have no say in whether it's allowed to exist, nor should you.
You can, of course, pass a law making it illegal for your citizens to communicate with that service, but I think it's really important to understand that that's what's happening. You are passing a law which applies to your citizens and their right to communicate with people in other countries; it's their freedoms you are placing limits on, not the freedoms of the foreign website. Sometimes when you frame things that way, such restrictions stop making sense. (Though perhaps not always.)
Mmmmhhhhh… There is the problem of the middleman (the telcos): you are using them for communication.
I guess if the USPS/Fedex knew for a fact (such as your website request) that you were communicating CP, the. they should do something about it?
This is an honest question.
> I guess if the USPS/Fedex knew for a fact (such as your website request) that you were communicating CP, the. they should do something about it?
That is often the case, but it's also not the relevant part, because consider what happens if you do that. I mean it's the same thing that happens with parcel carriers -- everybody's package ends up in an opaque brown box and the carrier has no means to determine if it's contraband. They just weigh it and deliver it, which is what they're supposed to do, because they're not the police.
And so it is with ISPs. What happens if you make them block stuff people actually want? TLS, third party DNS, VPNs, etc.
At that point you have to answer a different question: Should they be obligated to open and censor your mail?
No. The answer is no.
You're missing one further step - you can also sanction a foreign business from doing business in your country. So, you can allow it to serve your citizens packets, but if you block it from collecting revenue, it will have little incentive to (unless it's a state-sponsored bad actor, then you can only lean on the two mechanisms you described).
All three prongs (ban hosting, ban access, ban revenue) can be used to keep foreign interference out of your country.
> but if you block it from collecting revenue
How is this not a trade barrier against foreign payment providers?
True, but I would still frame that as a restriction on your own citizen's freedom to buy services from foreign countries. Unless they're physically shipping stuff across your borders, a foreign website that accepts payment from your citizens isn't "doing business in your country" anymore than a hot dog vendor is by serving foreign tourists in my opinion.
> I think people have forgotten how extreme a position this is: the idea that once something is on the internet, national law simply ceases to apply and governments should have absolutely zero control over obscene material, IP infringment, harassment, libel, foreign propaganda, money laundering, fraudulent financial services, gambling, and so on - simply because it's hosted in a different country.
This has more or less been the default position of most internet users and developers since the beginning, until fairly recently. I’d even contend that it’s what drew many of us to the internet in the first place. If the internet ever becomes cable TV, fully regulated, controlled, and managed, it will have lost its purpose as a place for free and open exchange of information.
(Zero control is an exaggeration—the worst lawbreakers still face justice under the current system, and that seems ok. I just don’t think we should be tightening the screws any further.)
Well, yes. But then again, those beginners gave us unauthenticated TCP…
"Gave" is the key word. You got TCP for free. There were other competing network protocols. You might ask, why didn't those get used instead?
You are right, but I was referring to the fact that their ideas are not necessarily the best ones.
Edit: because they were too optimistic, they left the security problems behind. Same with this kind of problem.
Authenticated TCP wouldn’t have been feasible on early networks due to hardware limitations. But here in the present, you could certainly build it. As long as it works on top of IP, nothing is stopping you.
> Zero control is an exaggeration—the worst lawbreakers still face justice under the current system, and that seems ok.
Doesn’t scale.
Doesn’t need to. The optimum amount of lawbreaking is non-zero. As long as we are catching the worst criminals and creating reasonable incentives to avoid crime, we are doing enough. Some amount of lawbreaking is to be expected in a free society; it’s literally the price of freedom.
Nobody's saying the government shouldn't be able to go after the owner of the site and force them to shut it down. It definitely shouldn't be done by third parties though.
How does the US government, force a Russian website, hosted in Russia, for Russian people, following Russian laws, to shut down?
Same thing they do to every country, Pinky. Have a small team invade the country and disappear the people they don't like[1].
Or tap the fiber lines at the border and inject RST packets from off-path, which is something the Great Firewall of China does, and is ironically much more transparent than what they actually are doing.
Or cut the cables between the USA and Russia, or between the USA and any country that doesn't cut their own cables to Russia. The USA did this to Iran with the banking system and it worked: the USA cuts money transfers with any country that doesn't cut money transfers with Iran. I don't think it would necessarily go their way if they did it right now with the internet.
[1] https://en.wikipedia.org/wiki/Abu_Omar_case
Dove a bit into this topic superficially out of curiosity. Maybe not shut it down but greatly limit reach:
- Domain Name Seizures via ICANN and registrars
- Political/legal pressure on CDNs, SSL certificate providers, bandwidth providers.
- Propaganda and legal labeling ("malicious actor", "foreign agent", "terrorist")
- There are technical workarounds to keep the page up within Russia's sovereign internet (Runet).
Other than labeling, aren't these just different ways to block foreign sites? Some of them are mentioned in the article.
> This blocking regulation requires network providers, including CDNs, to comply with blocking notices within 30 minutes.
> orders that go beyond regular Internet providers, requiring DNS resolvers and VPN services to take action as well.
And 3rd parrot parties with enough power, the ones doing the abuse, typically also have the ear of the government, so it becomes circular.
The US already deputizes third parties to enforce its laws. Banks are responsible for KYC / AML. Grocery stores must check ID when selling alcohol. This is nothing special.
It's accurate that the US already does it, but that doesn't tell you if we should be doing it.
It does, however, provide evidence that doing that is dumb.
KYC/AML have an effectiveness that rounds to zero while causing trouble for innocent people as the government pressures the banks to do something about problems the banks aren't in a position to actually solve, so instead the banks suspend the accounts of more innocent people because the government is pressuring them to suspend more accounts.
I wouldn't call legal force to be deputizing anybody. If those entities don't do as the law says they will be in trouble themselves. Deputies have authority. Banks and stores are just following the rules and report to authority when required.
> Infrastructure for blocking websites simply shouldn't exist.
Isn't that exactly what Cloudflare is, in part? They happily block "malicious" traffic
Part of the reason I don't like Cloudflare. Their "black hole the entire country" function is a function no company should provide.
On the contrary, if you don’t have business in a country and they just spam you or try to hack you why not block the whole IP range. China, India, Russia, Subsaharan Africa, SEA
you don't need cloudflare for that.
> Their "black hole the entire country" function is a function no company should provide.
If I can have that feature with an on-prem firewall or load balancer, why can't I ask the in-cloud equivalent to also have it?
Companies should have that option if they choose, to apply to themselves at will.
Why not? There’s no right to force everyone on the internet to interact with everyone else.
They block traffic reaching your website, not the other way around. For a poor, nitpickable analogy: they keep the bad guys out of your home, but they don't want to take away homes from the bad guys.
We all know the definition of "bad guy" shifts every four years or less
I get what you're saying (they're affording access to info, not access for people) but you can't have one without the other.
With your analogy, they aim to keep the "bad guys" out of all homes, which is the same thing as saying those guys can't have homes. Also the "bad guys" group you're referring to includes, like, my cousin Jake because he accidentally crashed his pushbike into a car once when he was 6, but doesn't include Adolf Hitler for some reason.
it's not so much the US Trade Office, but this needs to be considered in any international trade agreements.
blocking that interferes with access to legitimate sites that i might use to buy or sell products and communicate with potential customers should be a violation of these agreements.
And on the plus side, all those efforts to block AI-scraping bots will be deemed illegal trade barriers.
so for example Germany should not be allowed to block neo-nazi sites?
illegal gambling sites in country X must be allowed if they are legal in country Y - Y being America I guess.
>it ends up subsumed by political and corporate interests
I believe the term for this is legislated by the laws of particular lands and regions.
Essentially Cloudflare tells U.S Government to set the rules for rest of world please.
> If US Trade Office can be leveraged to destroy internet censorship efforts in other countries, then so be it.
So by implication you're actually completely fine with other countries pursuing their own objectives for businesses that choose to trade in their country.
Because you cannot, possibly, in 2025, be making an argument that the USA's interpretation of the way of things is unimpeachable. That would be absurd and laughable.
I look forward to you explaining to Germans and Israelis why Nazi symbols and Nazi websites should be legal because banning them hurts a US tech company's interests.
I'm pretty sure you will receive a variety of opinions, some of them in large fonts with an invitation to print them and roll them up for storage.
You are missing the point. Blocking a CDN providers IP range, means blocking all the websites using the CDN - not just the nazi-poster.com.
Well then perhaps the CDN shouldn’t be protecting those sites?
Different countries have different laws regarding what falls under freedom of speech. The CDN providers say they take a net-neutrality stance. If a court order from a specific country tells them to block certain sites, I'm pretty sure they will comply, but only for clients coming from within that country.
This is quite close to the whole Nazi bar analogy isn't it?
You run a bar. You let anyone in, and some of your customers are a bit edgy.
But one day, Nazis start using your bar for their regular gathering and you don't kick them out.
Congratulations: now you have a Nazi bar.
The obvious problem with this analogy is that the percentage of Cloudflare's traffic which could be Nazis even if they were hosting all the Nazis in the world would still start with a 0 followed by a decimal point.
That's a bit rich coming from Cloudflare, a company that routinely blocks access to important and legitimate websites to huge parts of the world. A huge part of Cloudflare's customers use them specifically to block users' access to websites.
There's a big difference between a company making that decision (an edge provider) vs a country doing that at the network level.
The rub comes in that nations, including the U.S., have laws about what they seem illegal content or services and reserve the right to force those to be blocked.
In Thailand that might be criticism of the king; in the U.S., pirated TV streams; in another country, that could be gambling sites.
Cloudflare seems to be trying to stop blocking that is trade protectionism, but is blocking overseas gambling sites trade protection or a legit state interest in protecting its citizens?
Why is there a “big difference”?
Cloudflare has a significant enough marketshare it doesn’t seem to make a meaningful difference whether it’s blocked at this or that level, for the vast majority of end users.
As someone who has had to implement these blocks, it’s not generally done because anyone wants to, it’s because someone passed a law that requires us to do it. I don’t get to override the ITAR or Entities list just because I don’t feel it’s fair someone is on it.
Gotta take your wins when you can get them.
> If US Trade Office can be leveraged to destroy internet censorship efforts in other countries, then so be it.
...But, of course, US corporations enforcing the same kind of censoring is a-OK, because corporations are people and their censorship is free speech.
I'll be open to your posititon the day Boticelli's Venus doesn't get censored on FB because there's a pair of tits somewhere on the painting.
Facebook is a single website. Other websites can host it just fine.
This is the same as blocking content on your own forum or comment section on your blog. Yes fb is huge, but still just a website, and one with fading popularity.
Blocking ips on a network level is different.
Facebook isn’t just a website. Like whatsapp isn’t just a messaging app and visa/mastercard aren’t just some of the credit card companies.
I see the comparison you're trying to draw, and I don't agree.
People use FB because other people use it. There's a lot more complexity, and algorithm fuled habits. But in the end, FB provides the service of communication and content recommendations. Using that attention, it can sell ads. Without that willingness to give attention, they can't sell ads. There are no significant hurdles to starting a social media site.
Credit card processors facilitate payments from one group to a different group. They aren't an endpoint, they are middle men. They don't need to court the attention of users, they are in a position of power it where they can interfere with the lives of others, and have formed a coalition with a total monopoly over the digital trade of money. Good luck starting a competitor while attempting to shun PCI compliance.
If I never use FB, I can still interact with friends, family, buy and sell ads. If I never use a credit card... I've been cut off from the vast majority of the things that I would buy.
It's reasonable for different rules to apply to groups with vastly different powers. I wouldn't expect Google to be held to the same standard that I hold PG&E. Nor would I hold PG&E to the same restrictions I'd place on Google.
> fading popularity
You made that up, or you checked stats?
A quick Google says that Facebook is still growing at about 5% and that Meta revenue is up a lot.
Facebook MAU is down from 3.65 B to 3.06 B in the last year
Not to mention that several US states have various sorts of adult content bans.
Whataboutism. I am no fan of CF or current US trade policy, but I’ll take whatever wins we can get when it comes to internet freedom.
There is no win in using this administration to strong-arm other countries into giving tech corps some sort of extraterritoriality.
Yes, Spain is screwing up. But it is the responsibility of Spanish electors to fix the mess. Any alternative involving the US department of State should be fought.
I'm not sure the US wants to bring attention to its massive trade surplus in services
if I was the EU I would have responded to the threats of goods tariffs with a threat of service tariffs that will start off slow and increase every month that tariffs remain in effect
initially 0% tax on Office 365/AWS/facebook+google ad sales, then after a year it's 20%, and so-on
That's exactly what they did. They didn't want to escalate the conflict, so they didn't end up using it. It's what they refer to as their "trade bazooka", and it's still around ready to be used.
it's not exactly what they did, because a "bazooka" is easy defeated by the same ratchet mechanism
the other side will never push enough at once to make bazooka style retaliation the correct strategy
> because a "bazooka" is easy defeated by the same ratchet mechanism
That's an argument for capitulation in general: it's not an argument specifically against extending the field of scope to include services.
It is a trade barrier... For services.
And that's the ciritical bit of information.
Most international trade agreements don't cover services in in a comprehensive manner. Because they are so varied and difficult to regulate. E.g. banking, sales, advice, software.
For Cloudflare it's obviously of commerical interest to establish a world wide level playing field.
I don't see it happening. Certainly not because of US trade interests. Because there is a serious lack of good will towards the USA, basically anywhere in the (rest of the) world right now, and services are a much bigger part of the economy than manufacted produce.
The trend I see is to decouple from the US, and China.
I genuinely couldn't reccomend my own country to make a deal with the USA on services. Because we already have a serious issue with the dominance of US cloud tech.
Previously the WTO ruled that USA had imposed illegal trade barriers against Antigua that violate the GATS treaty by attempting to criminalise any website in any country that takes wagers from Americans[0]. I'm pretty sure any site blocking effort would violate the same treaty, but those cases can't be taken to the WTO due to the USA blocking appointments to the WTO appellate body since 2019 [1]
[0]https://en.wikipedia.org/wiki/Antigua#Online_gambling
[1]https://en.wikipedia.org/wiki/Appellate_Body
The US lost in the gambling case because their restrictions on foreign websites were stricter than those on domestic ones. The GATS doesn't prohibit countries from regulating trade, they only have to do so in a non-discriminatory manner. Spain isn't blocking foreign websites for copyright infringement that would be legal domestically, so they're in compliance with their obligations.
i havent been in a tier 1 ISP in 20 years. can anyone who is in that life give a little summary of how much infrastructure we have in the united states to implement the same level of control as what china has available for walling its garden?
like, if the direction came down from on high, to copy it ... how few things would have to get flipped on to have roughly the same thing in the united states?
i'd really appreciate an insider's summary. a lot has changed since 2004. probably.
There are actually two part of mechanisms in China to wall its garden.
The first part is GFW, with which people outside of China is more familiar. It operates at every international internet cable, analyzing and dynamically blocks traffic in realtime. China only have few sites that connects to international internet, with very limited bandwidth (few Tbps in total), so it's more feasible. But overall speaking, this is the easy part.
The second part of walling a garden is about controlling what's inside the garden. Every website running in China mainland needs an ICP license from the government, which can take weeks. ISPs must be state-owned (there are 4 of them in total, no local small ISPs whatsoever). Residential IPs cannot be used for serving websites because the inbound traffic of well-known ports are blocked, which is required by the law. VPN apps are illegal. etc. These are things that are much harder to do in other countries.
> how few things would have to get flipped on to have roughly the same thing in the united states?
I'd argue it's already been flipped on. Our system just works a little bit differently. Nothing is strictly prohibited via some grand theatrical firewall. Things that are "undesirable" simply meet an information theoretical death sooner than they otherwise should. We've got mountains of tools like DMCA that can precision strike anything naughty while still preserving an illusion of freedom.
Data hoarders are the American version of climbing over the GFW. The strategy of relying on entropy to kill off bad narratives seems to be quite effective. Social media platforms, cloud storage, et. al., are dramatically accelerating this pressure.
> Things that are "undesirable" simply meet an information theoretical death sooner than they otherwise should.
A good example is how payment processors (mainly the major credit card companies) police adult sites, forcing them to ban certain keywords. It's a weird situation in which the role of morality police is played at the point where control can naturally be exercised in a capitalist economy.
As we'd expect, that same pattern is repeated elsewhere, e.g. in social networks that censor in all sorts of ways, many of them explicitly intended to reinforce the status quo and neutralize or undermine dissent.
When you have an authoritarian government, all of this tends to happen more centrally. But democracies tend to distribute this function throughout the economy and society.
> I'd argue it's already been flipped on.
The Great Firewall is, among various other things, an attempt to create a single historical narrative for the PRC by blocking out reference to things like Tiananmen, discussions of early twentieth-century China suggesting that China could have gone a different way than the Communist Party and prospered, etc. The USA has absolutely nothing like that, people can readily find open-web and social-media content taking every possible position on American history, both staid academic content and wacko conspiracy theory stuff.
When it all comes down to it, the USA just isn’t as hung up on social harmony and narrative control as the PRC. That’s why there isn’t a comparable system in place, and claiming that the odious DMCA is anywhere close, is hyperbole.
This is changing, because the ruling class of politicians and billionaires is discovering that things can actually change if they don’t control the narrative, especially in the age of social media.
Read up on the motivations behind the TikTok acquisition, or the attempts to legislatively censor certain topics on Wikipedia, or the myriad of knobs used by social media “content review” teams etc, or Chat Control in the EU, or going back further, the surveillance systems detailed in the Snowden leaks (why surveil if censorship isn’t the goal?).
It’s ultimately exactly the same reasoning as that used by the CCP, but in a more subtle and gradual manner. Yes, right now, the GFW is a different beast, but if we do nothing, I would wager that the solutions will converge.
It's not totally comparable, but if you went against the approved covid narrative a few years ago, you would absolutely get shut down by the big players for "misinformation". Same with the 2020 US election results. And in many cases they acted on behalf of the goverment:
https://time.com/7015026/meta-facebook-zuckerberg-covid-bide...
Misinformation or not, I like form my opinions myself, rather than have the government do it for me. There was absolutely a lot of nonsense[1] going around during covid, but constantly being told what to believe felt extremely irksome.
[1] https://youtu.be/sSkFyNVtNh8
We have a technical mechanism now to be able to disambiguate the reputations of customers behind a single network - ASNs.
Why doesn't cloudflare require its more difficult customers to have an ASN - then their reputation and cloudflares can be more easily separated. This wouldn't have to rely on flimsy static IP lists either.
Cloudflare is right. But, it's a pretty typical EU play. Protecting more established interests but kneecapping progress.
In this case, hitting a massive number of small sites, which aren't engaged in piracy, to protect a few large entities from some other small piracy sites. It's what's happening in both Italy and Spain.
> But, it's a pretty typical EU play. Protecting more established interests but kneecapping progress.
It's funny that as soon as anything European (not even related to EU one bit) is mentioned, people find a way of pinning it on the European Union. The article has literally nothing to do with EU, and everything to do with individual European countries, yet you somehow found a way of blaming EU for it :)
Sincerely, Spanish internet user who gets blocked from half the internet every time a semi-popular football match is played in this country.
I was actually like 30 years old when I realized "EU" meant "European Union" and wasn't a 2 letter abbreviation for the continent of Europe. In the US, we call states by their two letter abbreviations (IL, NY, CA, etc), often call countries by 2 letter abbreviations too (depends on the country, but JP, AR, CR come to mind as common examples), so it's a pretty natural assumption to think of 'EU' as 'all of the continent Europe, independent of whether they participate in the governing body known as the European Union'
If you substitute the GP for 'pretty typical European play' it makes plenty of sense.
Yeah, similarly, growing up as a European, I thought "America" was "the USA", but turns out it's the entire continent, and even "North America" isn't just the US, but the two neighbors too! I don't think it's too bad to be confused about something, we can't be expected to know it all, every time. We learn and move past it :)
> If you substitute the GP for 'pretty typical European play' it makes plenty of sense.
Not sure even this makes sense, it's not something that is happening Europe wide, and it seems like there is only two countries so far that been engaging in this, with another one thinking about it. For something to be a "pretty typical European play" I'd probably say it has to have happened more times than "twice".
> It's funny that as soon as anything European (not even related to EU one bit)
Living in the US, I've noticed many Americans don't really make distinctions like that. They see "EU" as a kind of shorthand for "Europe", or something along those lines. Even the fact that the UK is no longer in the EU doesn't affect this - it's still part of what Americans think of as "the EU".
Probably because most adults in the US grew up and were educated at a time when the EU was, comparative to today, insignificant in # of countries, population, GDP, and general importance, and so very little talked about in either news or text books compared to Europe as an economic and political block. And since Europe was abbreviated 'Eur' well, easy to see how dropping the 'r' hasn't resulted in universal US intuition that it's not the same thing. In general though it does seem pretty understandable to think something calling itself "The European Union" is comprised of just about all of Europe. Especially back with the expanded in '93 countries it was a little presumptuous at only a small fraction of the continent getting together and calling itself that? I do remember learning something about it in school at the time, under the EEC name.
Want to avoid confusion? Call it something like "United Nations", 'UN'. Confusion solved, Americans happy, call off the tariffs, peace, etc.
Hell, watch an American's face when you explain to them that "America" doesn't ONLY refer to the united states.
See the gears grind to a halt when they are reeducated on the concepts of "Central AMERICA" and "South AMERICA".
In the United States, "North America" and "South America" are generally treated as separate continents, so therefore as a whole are called "the Americas". This frees up the singular "America" to refer to the US without too much risk of ambiguity. My understanding is that in some places, especially non-English speaking, is that North and South America are treated as a single continent called "America", which adds ambiguity.
People often get confused by divisions like this because they feel like they should be real in an objective sense, but continents are almost entirely social constructs. (There is a North American tectonic plate, and that's real, but it doesn't quite line up with the continent)
Be that as it may, the thing that sounds odd (and a bit arrogant) to most "outsiders" is using the name of a whole continent for a single country and its citizens. I (from Europe) would definitely consider a Canadian, Mexican or Columbian citizen as an "American" too, not only a citizen of the United States. BTW, I'm really curious what Trump thinks the "America" in his "Gulf of America" stands for - the whole continent or only the US?
Okay, maybe arrogant, but still, it's the only country in the continent to contain the word America, no?
Trump's definitely referring to the United States with his pointless renaming attempt because it's singular and not plural, but I'd be careful accusing him of thinking about anything. I doubt he does that very often.
I guess the Organization of American States exists. But usually it's pretty unambiguous which sense is being used; like, I guess you could call Mark Carney an American head of government but it's basically just being obtuse, unless it was in the context of, say, a meeting of Carney with other heads of government in the hemisphere, and then it'd be unambiguous what was meant.
Even "United States of America" is not unambiguous in the most pathological case; Mexico is also a country consisting of united states existing in the Americas.
US education covers that much pretty well. Just not so much the geography of specific countries that belong to south america, europe, asia, and africa.
That would be the same grind to a halt you'd get on just about anyone's face when they have a random stranger try to explain something obvious in a rude and condescending way. The inside voice goes something like: "Do I walk by, is this person sane, or maybe say something equally condescending like 'Hey buddy, with the bombs we have it will be called whatever we want.'"
> Protecting more established interests but kneecapping progress.
I assume you must be American. I always find it funny that there is that US belief that Europe is "old-fashioned" with "old tech" and "old progress". I never encountered anyone yet to tell me what progress wasn't in Europe that was in the US.
I actually think this is a bit backward, with US lack of transportation funding, more people struggling with poverty, backward ecological measures, and missing health care with lower life expectancy.
I'm European too, while I second what you say, I also think that Europe is old: demographically, politically and we're very risk adverse.
Does not have anything to do with EU. But nice try.
But, it's a pretty typical EU play. Protecting more established interests but kneecapping progress.
You mean like that nasty EU law called the DMCA?
</s> (just in case)
That's actually an interesting take. I have not thought about it from that point of view. It's kind of strange how people in the same government come up with orthogonal decisions - the left hand doesn't know what the right hand does and vice versa.
Clouflare actually does have a point. If you censor xyz, then you may also censor some businesses that are legitimate and pay taxes.
US Cloud Act is a trade barrier too.
It's sad to see Spain and Italy disrupt the Internet so badly over copyright/IP stuff, of all things.
For God's sake, Cloudflare is the last effin company to speak about site blocking. I can only quote myself from https://news.ycombinator.com/item?id=45059003 :
> In my opinion, Cloudflare does a lot more censoring than all state actors combined, because they singlehandedly decide if the IP you use is "trustworthy" or "not", and if they decided it is not, you're cut off from like half of the Internet, and the only thing you can do is to look for another one. I'd really like if their engineers understood what Orwellian mammoth have they created and resign, but for now they're only bragging without the realization. Or at least if any sane antitrust or comms agency shred their business in pieces.
I hosted a website on Cloudflare and I sent a link to it to a friend on a Sunday.
The friend told me the website was down.
Turns out Spain blocks IP addresses belonging to Cloudflare during big football matches because some pirate streaming websites are hosted on Cloudflare.
https://www.reddit.com/r/europe/comments/1nm80wz/trying_to_u...
I decided to go back to AWS.
Frankly Cloudflare is choosing the wrong battle on defending pirate streaming websites.
There are other gray areas that I apprecciate Cloudflare defending freedom of speech online, but pirate streaming websites aren't one of those.
That's Spains issue. Spaniards should encourage their government to eliminate whatever nonsensical provision in the law that allows ranges of IPs to be blocked at the service provider level for soccer matches.
Also people in Spain are learning to use VPNs.
It can be thought of in reverse, that they are letting the traffic in when there isn't a soccer match, so as to let the public temporarily use things that might eventually be fully blocked, and thus be able to conduct business on non-compliant sites.
Regardless of my opinion of soccer pirates, I still hate copyright clowns more.
Cloudflare isn't defending the pirate streaming sites, they are simply living their principles of being neutral.
As much as I'm skeptical of Cloudflare's dominant role, the problem here is not with Cloudflare but the politicians in Spain catering to LaLiga the football league. They're disrupting their country's public web infrastructure in favor of private money interests.
I'm still kinda confused as to how this works. Doesn't every cloud connected or IoT device just die during a football game in Spain?
Yes. And, who cares really? Maybe the users do, but the Spanish government certainly doesn't!
How cheap, I wonder, does a government have to be to sell itself out over ball game broadcasting rights? Could someone like Elon Musk just fly in there and acquire the entire government with some pocket change?
OK - well thanks for explaining that. Maybe this will motivate digital sovereignty at a personal level?
It's literally the mafia. Not metaphorically - I'm told the actual mafia basically owns football in Spain and Italy, which is why the government doesn't do anything about this stupidity.
At first they came for the 4k bluray rips
Then they came for the Linux ISOs
I don't even think that case was from Cloudflare hosting, just providing DDOS protection.
And it wasn't a Spanish government policy, but rather a single judge's order.
judges are giving orders based on the law/policy of the country. so if a judge gives a bad order, then the cause is a bad policy/law, and the fix is not to replace the judge, but to change the law.
This is like suggesting the policy of the United States is set by "just a panel of less than 10 judges" and not the Federal government. Not only is SCOTUS part of the US government, it may actually be the most powerful part of the Federal government
"Major consequences M, because of an order by judge J" is not a situation which lasts...unless the government is relatively happy with M.
"Trade barriers" - mmm, I wonder who's attention they are trying to get.
Imagine the bureaucracy, trying to manage IPv6-based blocking.
MPAA: "Yeah, we're going to need to you to add eighteen quintillion more addresses to the block list..."
Unfortunately the US government is also considering site blocking with the Block BEARD Act. Which means if USTR actually gets anything to stop the foreign blocking, their efforts will just turn into "well, it's OK when we do it, but you're a pseudocolony of America so you don't get to do it".
Remember when countries had borders and sovereignty before the internet?
If you want the benefits of the internet you must open your country for foreign influence and destabilizing rot!
I think the idea that we need to take or leave the whole internet without compromise is flawed.
So what? the US should impose more of them? What a tone-deaf statement to make when the American electorate elected Mr trade barrier.
This comes from the dated perspective that free trade is universally good. Nations create their own trade rules and they ought to be able to enforce them. I consider that far preferable than attempts to exert extraterritorial control over services from other countries.
If, say, Uruguay doesn't like content on Facebook, they are free to block it. In their opinion, they are protecting their citizens and that's ok. It should not produce legal action that could result in least common denominator style global content censorship.
In an ideal world, there would be no country level blocking but invariably laws will differ.
> This comes from the dated perspective that free trade is universally good.
lol, ok, I'll bite. Other than one side might try to change the rules; why should I believe is free trade is no longer universally good? What is the specific argument?
Because if the argument is that one side might impose taxes, duh? But that's no longer free trade is it?
If both sides were willing to play fair, why wouldn't that be better? And why shouldn't we all be trying to "encourage" everyone to play fair?
There are many arguments but the most straightforward one is that a country may decide that preserving particular industries is in their security interest. That can be extended to culture as well.
Japan closed itself off from the world for centuries during the Edo period. One could say that they suffered economically due to that, but on the other hand, they ended up creating one of the more unique cultures in the world, developing in ways very different from others. It's an interesting kind of diversity.
Backbone operators in the US should not be allowed to connect to networks that connect to low trust countries.
This boneheaded idea of "just block the Bad Countries from our Good Web" needs to die a miserable death.
Countries like Russia or China spend billions on controlling the flow of information on their own land. Countries like Iran go out of their way to blackhole the traffic whenever any disruptions or political violence happens in the country, and for every Nepal, where this backfired terribly, there's a dozen cases of countries doing that and getting away with it. And you're proposing we just help the authoritarians out by doing their dirty work for them.
Sure, let's do that! Give their propagandists a win, leave everyone who's in those countries now hang out to dry in an information black hole! Let the abuses perpetuated by their own governments go unseen and unheard! All to preserve the Good Web, For Good People Only.
I find the notion that propagandists only control the flow of information in countries like Russia, China, Iran - but they don't in the West - misguided at best.
I think that is the point.
I doubt this would be legal unless proven to be a national security issue (1st amendment grounds).
The First Amendment doesn't apply to non-citizens in foreign countries.
Wow, coming on to HN to demand the end of the Internet.
I've often wondered if that is even possible (whether it is good policy or not is another question entirely). Could we disconnect Russia from the Internet effectively? Let's say that Europe could be pressured to cooperate, what then? Well, here a couple of years ago I finally got the answer I wanted: we can't. China would never abide any such sanction, and there must be a few overland backbones connecting the two (even if I'm wrong here, wouldn't take decades for those to be built).
Likely, the country that wanted to do this finds themselves isolated on their own network, not their target isolated from the internet. Even if that country as is large and powerful as the United States. Perhaps the answer might have been different, 20 years ago or even 15, but everything has changed and there's no going back.
Exactly, this would just result in a global game of whack-a-mole. It is possible in autocracies that are mostly excluded from global trade, like North Korea, but China for example can’t afford to cut itself off without collapsing its economy. (It has the Great Firewall, but that does not block entire countries, and is often quite leaky.)
It would be easy. Require the backbone CEO's to certify that their networks don't connect to networks that connect to China, Russia, Nigeria, etc. The burden would then shift to them. If they couldn't get a guarantee from a peer or customer, they would have to disconnect them.
Nigeria really?
Don't use that brain to cross the road
>It would be easy. Require the backbone CEO's to certify that their networks don't connect to networks that connect to China, Russia, Nigeria, etc.
And when other countries don't play ball? Then we shut down those backbones, and it's the United States that is isolate, not Russia (though please feel free to pick another target if you don't like Russia). No one's cutting off China, not without their economy dropping dead. Sure, maybe there's some country that you could do this to... but that country is so unimportant that they're probably already almost-cut-off anyway. You don't even get to to do this to a Brazil or Indonesia, let alone any country that matters.
Yeah, exactly. They were cut off from SWIFT and yet they do ample international trade. These think tank ideas from "domain experts" and political types rarely work in the real world. Russia, China and others do the same, block stuff - but people get the content, products, etc anyways.
On the one hand, Cloudflare crying crocodile tears for their policy decisions isn’t remotely moving. If anything, their plea for US intervention feels incredibly insincere given that their business has been to defend literal Nazis and Pirates alike for decades, and if you’re going to build a business out of defending bad actors, well, you best be prepared for the consequences.
That being said, they’re absolutely right that these broad, automated blocks aren’t acceptable for the internet as a whole - especially when a ruling is applicable regionally or globally. Blocking an entire IP range or service provider because of a handful of bad actors on their service is incredibly excessive, akin to barricading off an entire neighborhood because one apartment is a crack den, i.e. stupidly disproportionate. If countries are having an issue with a company routinely and willfully allowing bad actors to prosper, the solution is simply to bar that company from operating within their jurisdiction commercially.
Yet the IT dinosaur in me reads that statement above, and I ultimately find myself back at where I’ve been for years: for a globally distributed network, the only way to effectively punish an operator like Cloudflare is to block its entire IP range, despite the harms innocent customers and users will incur. And I can’t quite figure out a way past that under the current piecemeal system of the internet and the financial incentives for consolidation and centralization.
We have to punish bad actors, but when said actor commands a significant swath of the legitimate internet, you either have to harm a disproportionate amount of legitimate traffic in blocking them, or admit they’re too big and important for a government to intervene against. The former is bad, but the latter is infinitely worse.
The courts can absolutely get Cloudflare to comply with orders. The only reason this doesn't happen is that the people asking for the blocking come with a list of IPs.
You’re eSplaining my own argument back to me. Cloudflare’s whinging is they shouldn’t be required to block entire swaths of IP ranges because they have legitimate customer traffic there; their opponents (rightly) state that because of how Cloudflare and the internet works, the only real way to stop these piracy streams are wholesale service blocks, because of how easily specific IP or domain blocks can be bypassed.
The centralization of power is the problem, and as I say near the end:
> …I can’t quite figure out a way past that under the current piecemeal system of the internet and the financial incentives for consolidation and centralization.
Cloudflare could be told to kick the streams off and they would stop
"Defend literal pirates" - imagine if it was the opposite; if the only way to keep a site on the internet without being ddosed into oblivion was to use Cloudflare but also they only permit sites which are approved of by corporate interests. That would be very dystopian.
The root problem of course is their de facto monopoly status, as gatekeepers of the internet (if they aren't secretly an NSA run company, the NSA is probably very jealous of what they've done), but this would be so much worse if they decided to play internet editor.
Akamai, CloudFront, whatever Googles service is, a bunch of other ones I can't think of compete in the same market. Cloudflare obviously is good at what they do but there decently are many fine CDN/DDOs prevention companies.
If we are considering the social implications of Cloudflare being pressured to deplatform anybody who disrespects intellectual property, then why should we simultaneously assume that the other handful of companies offering a comparable service wouldn't be similarly pressured?
Cloudflare does not have a monopoly on internet hosting, or even just web application firewalls or DDoS protection. The only thing different about them is that:
1. They have a moderately generous free tier, which they'll aggressively try to upsell you out of the moment they smell money in your wallet.
2. They have an anti-censorship policy that is indistinguishable from the policies of a "bulletproof" hosting company, which means all the DDoS vendors they protect you from are also paying Cloudflare.
This leads me to believe that Cloudflare's protection is less "stringent defense of free speech" and more "you wouldn't want something to happen to that precious website of yours, right?" Like, there's no free speech argument for keeping DDoS vendors online - it's a patently obvious own goal. If someone is selling censorship as a service, then it's obvious, at least to me, that silencing them and them alone would actually make others more free to speak.
…I find it interesting that you edited the quote to remove their defense of Nazis. Like, that’s just a very odd decision to make when quoting somebody.
And you’re covering the ground I already laid in the original comment:
> …the only way to effectively punish an operator like Cloudflare is to block its entire IP range, despite the harms innocent customers and users will incur. And I can’t quite figure out a way past that under the current piecemeal system of the internet and the financial incentives for consolidation and centralization.
I don’t need eSplaining of my own argument.
Taylor Swift is now on so...
If you can't defend the premise of knocking Anna's Archive off the internet without hiding behind the tarpit of demanding the conversation be about Nazis, that is extremely telling.
I knew about the Nazis, but I wasn't aware Cloudflare defended literal sea pirates? When did that happen? I guess the US Navy?
I had missed this and find it deeply hilarious that actual meatspace pirates raided a company’s datacenter that protects digital pirates.
Also, just for folks seemingly confused by my words in the original post: I got no beef with digital piracy myself, just more pointing out that if your company is willfully protecting hate speech (like Nazis) and piracy sites, well, you’re courting a very specific kind of response, and whining about receiving that response after the fact is not exactly sympathetic.
Folks keep confusing where I used the term “literal” in that sentence. I said “literal Nazis and pirates”, not Nazis and literal pirates.
It’s why I staunchly refuse to touch Cloudflare for fucking anything. When your company defends a group whose ethos is genocide, you’ve lost me forever, free speech be damned.