Juha Saarinen: Cloudflare caught in Kiwi Farms controversy

Cloudflare has pulled the plug on Kiwi Farms' site. Photo / Getty Images

OPINION:

You may have seen the name Kiwi Farms pop up on social media and in the news recently.

It's a horrible story of internet-borne abuse by people at a vile troll site that has led to suicides, people having to go into hiding, and being "swatted" or armed police falsely being called out, which can be lethal in trigger-happy United States.

Kiwi Farms is the troll site in question, run by an American man who uses a Russian top-level domain and was originally called CWCki Forums. It's been frequented for years by stalkers, doxxers (people posting sensitive private information on others online), white supremacists and other abusers.

Tech giant Cloudflare which operates the network that sat in front of Kiwi Farms' servers to protect them, has now pulled the plug on the abusers' site, despite initially not wanting to be seen as censoring them.

What is Cloudflare you might ask, and why did it not act sooner?

The US company is part of the Internet's backbone, and chances are that you will access its network, because Cloudflare operates globally.

Estimates suggest that up to a fifth of Internet traffic traverses through Cloudflare's network; yes, they are present in New Zealand, and in more than 100 countries.

Technically speaking, Cloudflare's service is excellent. The big 155 terabit per second capacity makes it hard to overwhelm Cloudflare to knock out sites protected by its network, which can also filter out and block malware threats.

In simple terms, using a large reverse proxy and content delivery network like Cloudflare for protection means much smaller networks can host legitimate sites without getting swamped with distributed denial of service attack traffic that costs a bomb to absorb.

That protection cuts both ways though and you don't need to look hard to find unsavoury and extremist sites sitting behind Cloudflare.

When the company stopped providing services for Kiwi Farm operator Joshua Moon's 1776 Hosting company, it also blocked access to the neo-nazi Action New Zealandia site which now comes up with a Cloudflare error message.

Likewise, the Voices for Freedom website is protected by Cloudflare, and it remains up.

Dark corners of the Internet apart, information security people have long vented their spleen at Cloudflare for allowing its free service to protect what they say are purely malicious, criminal and damaging sites.

Take booters and stressers as an example: they are sites that let you buy vast amounts of meaningless traffic cheaply, and direct it to networks that people have a beef with. Online gaming sites and forums are often subject to booter attacks by furious people being banned for abusive behaviour on them.

Ironically, booters also try to eliminate their competition with DDoS attacks. As infosec journalist Brian Krebs noted in 2015, most booter sites would've been dead and gone by now, because defending against large DDoS attacks is very expensive.

Now, a reformed booter service operator, Sergyi Usatyuk, alleges that he ran his sites behind Cloudflare, which as it happens is in the business of providing protection against DDoS attacks.

Usatyuk pleaded guilty in the United States to running what he calls "the world's largest DDoS for hire empire" as a teenager. That was in 2019, and Usatyuk was sentenced to 13 months in prison for what he did.

As Usatyuk says, there are no free speech or human rights considerations when it comes to taking down booter services.

"Cloudflare is responsible for keeping booter websites online and operating, the very same websites whose sole purpose is to fuel Cloudflare's very own business model, selling DDoS protection. Dear reader, please take a moment to reflect upon the last sentence," Usatyuk wrote.

To a degree, it's understandable that Cloudflare has taken the common carrier position, not wanting to interfere or censor what its customers do and say. Every other telco in the world is on board with that, unless they operate in authoritarian nations.

Holding on to absolutist principles can rapidly become indefensible however as abusers ramp up activities that really, truly hurt people.

The stance has however led to critics labelling Cloudflare chief executive and co-founder Matthew Prince, currently visiting Australia, a nazi and criminal himself because his company hasn't taken action against abusive customers fast enough.

After the latest set of events, Cloudflare will most likely have to rethink its service provision policies. Otherwise, legitimate Cloudflare customers might feel they have to vote with their feet to avoid being tarred with the same brush.

As for Kiwi Farms, it comes as no surprise that they've moved to a Russian provider, DDoS-Guard, on where they'll enjoy the company of terrorist group Hamas, rightwing chat app Parler, credit card fraudsters and other criminals.

You can access DDoS-Guard's network from New Zealand. Not that you should, and we probably don't need to be able to reach it from here.

Update: Kiwi Farms didn't last long on DDoS-Guard, and the troll forum has now been removed from the Russian provider.