Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I think we both know that bad actors can spin up new Cloudflare accounts a few order of magnitudes faster than the courts can take action against just one.

It's not much of an ask to at least keep DDoS providers out, even from a free speech absolutist position it's a stretch to say that DDoS should be protected speech.



DDoS isn't protected by Cloudflare and is already illegal, hence the court orders which get them to act.

What you are asking for is KYC to be implemented.


Is that so unreasonable? If I agree to forward someone's mail you would probably expect me to do some basic sanity checks in order to establish whether I am likely to be forwarding IRS documentation or anthrax. Why does the internet always get a pass on established societal norms?


Depends on if you're ok with the tradeoffs of KYC as they require comprehensive identity verification, and depending on service changes to structure to adhere to a per-person account model.


I think the suggestion in the parent comment leaves room for a court order that bars providing service to certain individuals/organizations.


That would require Cloudflare to have a KYC policy which exposes the individual/organization behind an account, and they don't do that either.

If DDoS4U gets banned they can just rebrand as DDoS4Less and CF is (willingly?) none the wiser that it's the same people behind it.


Malicious actors could spin up new accounts whether or not CF bans malicious accounts without a court order. Requiring a court order would have no bearing on CF's ability to prevent duplicate accounts.


KYC := know your customer


aka get their real id


That sort of court order would end this entire product feature. You can't have accountless tunnels if you have to be able to bar specific individuals or organizations.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: