Talk:CloudFlare

From Wikipedia, the free encyclopedia
Jump to: navigation, search
WikiProject United States (Rated Start-class, Low-importance)
WikiProject icon This article is within the scope of WikiProject United States, a collaborative effort to improve the coverage of topics relating to the United States of America on Wikipedia. If you would like to participate, please visit the project page, where you can join the ongoing discussions.
Start-Class article Start  This article has been rated as Start-Class on the project's quality scale.
 Low  This article has been rated as Low-importance on the project's importance scale.
 
WikiProject Companies (Rated Start-class, Low-importance)
WikiProject icon This article is within the scope of WikiProject Companies, a collaborative effort to improve the coverage of companies on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
Start-Class article Start  This article has been rated as Start-Class on the project's quality scale.
 Low  This article has been rated as Low-importance on the project's importance scale.
 
WikiProject Computer Security / Computing   
WikiProject icon This article is within the scope of WikiProject Computer Security, a collaborative effort to improve the coverage of computer security on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
 ???  This article has not yet received a rating on the project's quality scale.
 ???  This article has not yet received a rating on the project's importance scale.
Taskforce icon
This article is supported by WikiProject Computing.
 

CloudFlare Watch[edit]

Cryptome recently announced a new website called CloudFlare Watch -- see http://cryptome.org/2012/07/cloudflare-watch.htm Cryptome is often cited in Wikipedia, and this particular Cryptome announcement was also picked up by Google News. But there is no mention of this new website, which is critical of CloudFlare, in this Wikipedia article. 66.87.0.132 (talk) 14:25, 10 July 2012 (UTC)

I've added it to the external links section, but I don't believe that's notable enough to be mentioned in the main body of the article. In addition, Daniel Brandt made the announcement; Cryptome simply published the announcement. Cryptome doesn't write the contents; it published letters, documents, and such that other people send to it. WP:PRIMARY applies here, and there aren't any reliable secondary sources that mention CloudFlare Watch. --Michaeldsuarez (talk) 15:27, 10 July 2012 (UTC)
Removed. We need at least a modicum of notability for something like this, seeing how any Tom, Dick, or Dann Harry can start up a blog and critique away. Tarc (talk) 23:40, 10 July 2012 (UTC)
Lol, I thought CloudFlare Watch was a legitimate website with legitimate complaints until I actually visited it. — Preceding unsigned comment added by 108.185.88.189 (talk) 14:25, 19 May 2014 (UTC)
As CloudFlare Watch, aka CrimeFlare, conducts defacement attacks on websites that use CloudFlare, I don't think Wikipedia should include direct links to crimeflare.com. KiloByte (talk) 00:04, 29 October 2014 (UTC)

Blocking and Scope[edit]

Some browsers (Chromium under Linux) are receiving messages from websites "[This server running CloudFire] has banned your access based on your browser's signature (52201fa6-mh5)". No suitable explanation is given on their website or the web in general. Can anyone explain what this "feature" is?

On http://blog.cloudflare.com/?page=9 they claim to sit "in front of nearly a half a million websites" including "banks, national governments, Fortune 500 companies, universities, media publications, blogs, ecommerce companies" which is a pretty big responsibility. — Preceding unsigned comment added by 82.32.31.166 (talk) 20:14, 1 January 2013 (UTC)

I found this CloudFlare support document on the topic. I can't find any reliable sources explaining it more, so it sounds like this would be a good question to ask CloudFlare itself. Since there aren't any reliable sources (at least none that I can find), we can't add information about it to the article - see WP:V. Dreamyshade (talk) 20:30, 1 January 2013 (UTC)
I'm glad not to be the only one. The blocking of browser is stupid, so incredible stupid. They should rather block real attacks, not browsers. Are the engineers @Cloudflare insane? This is a serious question... --178.197.228.4 (talk) 18:15, 23 January 2014 (UTC)

"...not all of it positive..."[edit]

The article currently states "CloudFlare received media attention in June 2011, *not all of it positive*..." (emphasis mine). However the citations provides do not show any negative attention. Either a source for the negative attention should be given, or that phrase should be removed. 190.124.162.159 (talk) 20:46, 10 February 2013 (UTC)

Well, the hackers certainly don't like it since they can't attack websites anymore. No IP = no attack. --178.197.228.4 (talk) 18:12, 23 January 2014 (UTC)

Advertisement; article standards[edit]

This article is written like an advertisement. Does the article meet the required standards? — Preceding unsigned comment added by 131.137.247.10 (talk) 14:54, 19 March 2013 (UTC)

It's about DDOS and not blocking browsers, s....[edit]

On February 13, 2013, a comparative penetration testing analysis report was published by Zero Science Lab, showing that ModSecurity is more effective than CloudFlare and Incapsula. In fact, out of the three, CloudFlare was the least effective.

ModSecurity and CloudFlare actually both block valid browsers from accessing the website. Still, CloudFlare is more about protecting from DDOS, hiding server's IP behind a reverse proxy...and I don't think that ModSecurity can do that. However, I'm no CloudFlare fan, actually I hate it, since it blocks my favourite browser, like some ModSecurity configurations, too. I'd like to see that all the engineers responsible for this mess would use their brains again, let the information free flow and only block real attacks. Let's not kill the internet by only allowing a few handful browser to access a webpage, that wasn't the idea behind the internet. --178.197.228.4 (talk) 17:58, 23 January 2014 (UTC)

Semi-protected edit request on 10 April 2014[edit]

[1] Yoorshop (talk) 06:52, 10 April 2014 (UTC)

Where would the cite fit in? Sam Sailor Sing 11:00, 10 April 2014 (UTC)
Red question icon with gradient background.svg Not done: it's not clear what changes you want made. Please mention the specific changes in a "change X to Y" format. (tJosve05a (c) 13:34, 10 April 2014 (UTC)

References

  1. ^ Carnevali, Johann (10 april 2014). "Efficiency comparison report of an optimized website vs CDN : Optimized website vs CloudFlare vs CDN.net". Johann. Retrieved 10 April 2014.  Check date values in: |date= (help)

Correcting "advertisement" issue[edit]

Removing references to LulzSec and PopVote should in my opinion at least partially resolve any concern about this article being written like an advertisement. On a related note, CloudFlare's use of the term "datacenter" seems to be in a marketing context. To my knowledge CloudFlare does not operate any datacenters, rather has collocation agreements or partnerships that allow it to place content at global locations. Also, having the same "Key People" and "Founders" in the infobox seems redundant? Ddosguru (talk) 10:49, 3 August 2014 (UTC)

External links, impending edit war?[edit]

Silivalley (talk · contribs · deleted contribs · logs · edit filter log · block user · block log) , could you please discuss your decision to revert the changes by two different editors which removed your external links? These seem to be in violation of Wikipedia:External_links. Also, if any Wikipedia:Conflict_of_Interest exists could you please disclose here and on your user page? Ddosguru (talk) 02:13, 7 August 2014 (UTC)

Reputation[edit]

It doesn't seem to make sense trying to critique a CDN's reputation especially when it's of face value. Cloudflare is a CDN , not a host in the first place.

http://sitevet.com/db/asn/AS13335 http://www.crimeflare.com/target2.html http://docs.house.gov/meetings/FA/FA18/20150127/102855/HHRG-114-FA18-Wstate-KohlmannE-20150127.pdf — Preceding unsigned comment added by Gph004 (talkcontribs) 18:36, 27 February 2015 (UTC)

"Bad host" references[edit]

In the article, "SiteVet Beta" and "Host Exploit" is used as references to claims that CloudFlare is one of the world's worst hosts.

Firstly, the SiteVet "Beta" is still "Beta" and has no other data on its website other than March 2014. That data is taken directly from the "Host Exploit" website.

"Host Exploit" has not published data since March 2014 and seems all but convincing. Neither "SiteVet" nor "Host Exploit" has Wikipedia articles.

I propose to remove these sentences from the article: "As of March 2014, CloudFlare was ranked in the top 10 of the world's worst hosts and networks based on malicious traffic it hosts by SiteVet Beta.[29] It was also ranked in the 7th rank among the top 50 Bad Hosts by Host Exploit.[30]" Palelnan (talk) 10:42, 25 June 2015 (UTC)

Needs "How It Works" Section[edit]

The lede is probably technically correct but I don't understand a word of it, yet I think I know what a CDN does and how it works. What I think I know is that a CDN delivers usually static data (like images) to a website visitor's browser when they visit a web page. Say for example Visitor "A" visits website "B". While some, most or all of the data from the website might come from website "B" 's Server, some, or even most of that data might come from the CDN (Content Delivery Network), for example Cloudflare. So, data from both "B" (the website server) and "C" (the CDN) is being downloaded simultaneously to the visitor "A" 's browser. The visitor sees none of this, however they do notice a significant improvement in page load times, as the data is coming from multiple sources (B and C) instead of just one (B). Result: Faster page load times, better browser/User experience.

That's what I think I know, and I bet 90% of the internet population do not know this, so they are going to get even less meaning from the lede than I did. There may be other reasons why a website might use a CDN. Those should be described in layman's terms also.Jonny Quick (talk) 04:32, 12 July 2015 (UTC)

Cloudflare and Censorship[edit]

https://torrentfreak.com/cloudflare-forced-to-censor-anti-censorship-site-150710/

Recent article about a court ordering Cloudflare to either do or not-do "something" regarding a site "grooveshark". The article does not explain the legal theory of how or why a court could prevent a Content Delivery Network from delivering data to an "infringing" website. I fail to see a reasoned justification for the "censorship" and am concerned about what the court's limits are, or if it has any at all. At this point, it appears to me that the court is ordering Cloudflare to not deliver content to any domain name with the word(s) "Grooveshark" in it. If this is the case, what if I run a site "Groovesharksucks(dot com)", in the tradition of "walmartsucks (dot com)". This is where I (mentally) "go" when I read this torrentfreak article, and I wish Wikipedia would provide more substantive and encyclopedic information with regard to these questions and concerns.Jonny Quick (talk) 17:13, 12 July 2015 (UTC)

Wikipedia is not a place for legal questions. If some other sources publish information about that we might be able to update the article. The court did say that cloudflare should watch out for customers that use those terms in the domain name but left it up to the plaintiff to police for infringing content. The content of the domain is what would be used to consider whether the site infringes on trademark or copyright of which there articles that explain that, This incident by itself does not seem to be "encyclopedic. Jadeslair (talk) 17:36, 12 July 2015 (UTC)
Wikipedia is not a place for legal questions I just think that's a silly statement to make. There's no "legal question" here, and if there were a "legal question", there's no reason why wikipedia can't be used to lend some clarity in layman's terms. You've over-generalized the subject in order to dismiss it; making it sound like it's some kind of exotic and high-level legalistic concept that requires an advanced degree in order to understand well enough to add to wikipedia, and then understand as an average wikipedia reader. Both of those are wrong, your assertion is stupid and counter-productive. I shouldn't have to post these remarks because you shouldn't be here making them, so in case you are tempted to try to redefine the situation here, make sure you start out with the idea that you said something really stupid, take responsibility for that stupid remark, make a commitment to stop making stupid remarks in the future and also leave this article alone, as you clearly haven't the ability to do anything here but make a good article bad, instead of making a good article better.
The "legal theory" is absolutely relevant to both wikipedia (and this article), as well as cloudflare in general as the judge that issued the court order is holding a Content Delivery Network liable for the "content" that their subscribers are paying them to "deliver". Similar to a trucking company being held legally liable for what the newspapers it delivers have published. Of COURSE the "legal theory" that the plaintiff (and the judge) used to hold the trucking company responsible for what the newspaper publisher said is ABSOLUTELY relevant to this article. Duh. Maybe someday some judge will hold wikipedia responsible for the stupid things that you say online. Meanwhile, your retarded personality will still be advocating that wikipedia avoid delving into all those scary (to you) "legal issues". Maybe you should just shut down the computer have have some warm milk and cookies instead. This internet stuff seems to be WAY too much for you.Jonny Quick (talk) 06:04, 14 July 2015 (UTC)
oh, well I was trying to help. I gave you some good information. I think you got hung up on the first sentence. The information is only relevant if there are reliable sources about it. Provide some and I will edit the article or be bold and edit it yourself. In any case there is no need for personal attacks. Jadeslair (talk) 06:42, 14 July 2015 (UTC)

Controversy section and citations[edit]

Note: I work for CloudFlare & obviously wouldn't edit the page. I do, however, have concerns over some of the citations/content on the page.

"As of March 2014, CloudFlare was ranked in the top 10 of the world's worst hosts and networks based on malicious traffic it hosts by SiteVet Beta.[31]" This site hasn't been updated with any content since 2014. It also really seems to contradict what Google reports at: http://www.google.com/transparencyreport/safebrowsing/malware/#region=ALL&period=365&size=LARGEST&compromised&attack&asn=46844&aggregation=RATE&page=1

It does not matter when a site has been updated but you are right, it is not a reliable third party site. Jadeslair (talk) 01:05, 11 August 2015 (UTC)

And: http://www.google.com/transparencyreport/safebrowsing/malware/#region=ALL&period=365&size=LARGEST&compromised&attack&asn=46844&aggregation=RATE&page=1 (Google shows 1%). CloudFlare also proactively works with a number of providers to combat phishing and malware directly.

CloudFlare, (13335) 786,762 9,631 (1%) 11%

Damoncloudflare (talk) 21:51, 10 August 2015 (UTC)damoncloudflare

"The site protects a great many credit card fraud sites such as Rescator.[33]" Crimeflare.com is hardly a reliable third-party resource (fundamentally no different than pointing to something like Walmartsucks.com or Googlesucks.com). We don't host the content in question & we do follow legal processes for removing sites from our network.Damoncloudflare (talk) 21:51, 10 August 2015 (UTC)damoncloudflare

I wrote the wiki page on Rescator and found the page via this route, that's why it's mentioned. Due to your comment I've now added more sources on the Rescator / Cloudflare partnership. It does appear there is a systemic use of Cloudflare by crime forums, and given how relatively regularly they attack one another, it must be a popular service for them. I know there are always ongoing law enforcement operations within the major sites themselves to bring them down, and so there is little gain in disconnecting them. There are also so many that DDOSing one or two wouldn't affect the ecosystem as a whole. Anyhow, I have more work to do on the Carding (fraud) page so expect to see another cloudflare mention there. Deku-shrub (talk) 23:18, 10 August 2015 (UTC)
talk

Ok, but the edit to Rescator seems to indicate that we host the site. CloudFlare does not host content and/or websites for any site that happens to use our network. Damoncloudflare (talk) — Preceding unsigned comment added by 2400:CB00:F00D:5CA1:6526:6363:7337:49A2 (talk) 23:20, 13 August 2015 (UTC)

Amended Deku-shrub (talk) 00:27, 14 August 2015 (UTC)

You are not using valid sources in some cases, crimeflare is not a valid source. since there is a possible Wikipedia:Libel issue I am removing some of the bad sources. Blog posts are not appropriate in many cases, maybe the WSJ one is good. I am not saying you added all these, I have not gone through the diffs. If you try to restore them then I will just bring it to the Wikipedia:Reliable sources/Noticeboard

. The house doc is not a valid source unless it's information is published in the news, WP:SECONDARYJadeslair (talk) 01:04, 11 August 2015 (UTC)

"Two of ISIS' top three online chat forums are guarded by CloudFlare but U.S. law enforcement has not asked them to discontinue the service." CloudFlare provides website protection to websites, which is fundamentally no different than using something like mod_security or a security plugin on a site, and these topics have been covered at length in a variety of verifiable third-party resources (we will also gladly work with law enforcement that follows due process). We don't monitor content that flows through our network, but we do have processes for dealing with these items that follow the letter of the law.

https://www.techdirt.com/articles/20150411/06282330616/anonymous-targeting-cloudflare-seems-to-go-against-anonymous-history.shtml

Damoncloudflare (talk) 21:51, 10 August 2015 (UTC)damoncloudflare

The DDOS protection (and low price point) is a USP, even if the attack signature verification is fundamentally a mod_security implementation. These sites would have less stable uptime if not for the protection offered, though I don't know how distributed jihadist websites are or not. Deku-shrub (talk) 23:18, 10 August 2015 (UTC)
The uptime really isn't an issue. If CloudFlare simply removed the sites from our network, then the sites would still resolve online. Simply removing a site from our network wouldn't solve the problem that people think it will (the site would need to come down at the hosting provider & we don't host the websites). And, of course, people do need to consider the fact that law enforcement may actually want certain sites online for investigation.
While I wouldn't consider this for actual citation or publication on Wikipedia, we do cover a lot of the issues with controversial sites at: https://blog.cloudflare.com/cloudflare-and-free-speech/
Damoncloudflare (talk — Preceding unsigned comment added by 2400:CB00:F00D:5CA1:55B8:45CF:C9CD:8608 (talk) 22:59, 13 August 2015 (UTC)
It's like you didn't read my comment at all. By providing sites DDOS and hacking protection against their rivals, Cloudflare plays a part in stabilizing their ecosystem and improving their uptime Deku-shrub (talk) 00:31, 14 August 2015 (UTC)

Actually, I did read your comments.

Two things: 1. We don't host the website(s). Removing the site(s) would not impact their availability online (they just might be a little slower). They would still be there without CloudFlare. And, as I also mentioned, there is a process for working these issues for removal from our network that requires due process. If you read the article on our position on the internet, then it brings a little more clarity on where we sit in the internet ecosystem. If you want a private company deciding what content on the internet is good or not, then there are far larger issues to discuss.

2. Law enforcement may actually want sites online so they can do their investigation(s).

Damoncloudflare (talk

Damoncloudflare, I suggest you talk to whoever is in charge. You have a crisis management issue. If some more news sources pop up you will likely only have a criticism section. Credit card fraud is not free speach. I am not helping you, I am just trying to keep the article neutral and use valid sources. Jadeslair (talk) 02:57, 14 August 2015 (UTC)

We are not against having a criticism section and/or having a rational discussion about the issues at play. Given the size of the CloudFlare network & the number of sites on our network, there will be issues where some people don't like what is on the network. Having worked at PayPal, I am also not unfamiliar with issues related to credit card fraud and/or how law enforcement looks at carding sites. We will also gladly work with law enforcement requests that follows a particular process through our abuse and compliance teams.

Damoncloudflare (talk

Damon says, "1. We don't host the website(s). Removing the site(s) would not impact their availability online (they just might be a little slower). They would still be there without CloudFlare."

This is disinformation. The exact same line is frequently used by CloudFlare employees when contacted by the press; it must be a CEO-required mantra. The truth is that the site would be unreachable within minutes, because the default TTL (time-to-live) for CloudFlare's nameservers is a mere five minutes. Until the site owner arranges for a new DNS provider, that site is gone. And other DNS providers do not normally hide the original IP address where the site is located, which presents a huge problem for the criminals and misfits who love CloudFlare. See: http://www.crimeflare.com/damon.html for more info. Silivalley (talk) 14:07, 14 August 2015 (UTC)

unreliable source[edit]

I have posted one link used on here in the Reliable sources Noticeboard.Jadeslair (talk) 02:49, 14 August 2015 (UTC)