New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
No, they only reveal this in a subpoena, and even then it's just subscriber information by default, no technical details like A records. They have to be specifically requested and courts can refuse to issue something so broad (if the subpoena is to identify someone for civil prosecution versus a criminal investigation).
Ironically when you send a DMCA your full contact info is sent to the target. Or if you legally counter-claim.
If you're the target of a subpoena then you have bigger problems.
For DMCA they will forward to your backend host's abuse email. Then it's up to your host. If you host user-generated content these automated abuse systems can be a bit of a pain even though you may be protected legally should you remove the content once notified. This is why CF does not usually suspend - a very good % of DMCA complaints are from user generated content rather than the host breaking the law - and the host may be legally protected in those cases.
Cloudflare doesn’t give you immunity, it just sits in front as a CDN and forwards complaints to the actual host. If someone really pushes it legally, your origin or registrar is still where action usually happens. Cloudflare can suspend services in some cases, but they don’t typically hand over info unless required legally. Using it vs going fully offshore is more about performance and convenience than hiding completely
This is correct, but with law enforcement they do divulge and I know this because what they will do is send to the law enforcement what the IP is and then they come to us. Regarding Cloudflare suspending services, this I have never seen. I mean that has to be extremely rare, I could only see this being the case of CSAM because we all agree as a unit on planet earth that CSAM has only one solution to it, terminate.
No, not really. For most serious hosts, the solution is to ask the customer to delete the content, and only terminate if:
For customers with larger projects, they usually give an API to the host that lets the host perform deletions themselves without having to wait on the customer to reply. For smaller customers, they'll often temporarily suspend the network until they get an explanation and confirmation that the content has been removed.
It's generally only smaller or less professional hosts that have never hosted any large projects with user-submitted content that believe that termination is always the first option. It's hosts like that where you can't even host a blog or a forum without the risk that some rando can get your whole service terminated with little effort.
Based on experience they only forward complaints to your origin provider.
Agreed, my wording was a bit harsh regarding CSAM I may have taken that a bit personally as I have had to deal with this kind of content coming up every month throughout my career which spans about 2 decades. It is always going to hit you, at least me.
I did not mean by my words that a let say forum project vBulletin board where someone shares a CSAM related material in a thread, it does not automatically mean termination, it was a bit harshly worded, it is always based on due diligence which will reveal what it is.
Having said that, one has to disconnect the access to it swiftly even if it's just a temporary suspension until the client has the time to look into the case.
It's a bit of a case by case basis, sometimes you are forced by the upstream provider when the law enforcement has opened a case above you. That can also be a factor in the decision per location.
I did not intend it so that an innocent client who has a project with users who abuse their platform, that its an automated termination just to make that clear. If that were the case, many good and respectful clients over my period in the industry would have been kicked.
Just wanted to share my two cents since I didn't intend for my post to come off like that.
Exactly, when it comes to DMCA I have always only received the complaint, and nothing else not even if no action is taken.
Yes I agree, especially if it's confirmed or publicly visible. If a customer has a big enough site that that might happen from time to time and they can't tolerate the downtime of a temporary suspension, they could always give you an API to delete the stuff from your side upon receiving a report.
That's fair! I'm glad you aren't one of those hosts that punishes genuine customers for what 3rd parties do. Providers who do that actually reward the posting of illegal images by trolls because it becomes a weapon to take down almost any site and so paradoxically increases its spread.
Sometimes I suspect the vast majority of DMCA complaints are baseless...
In their responses, they always explain that the website is not actually hosted on their servers, because they only act as a proxy/CDN service.
As for the account, you can create a new email address anywhere and register on Cloudflare using a VPN for additional security.
EDIT:
I once did a test and reported myself to Cloudflare just to see what would happen. What happened was that they sent me an email with the name of the hosting company that hosts my website, along with an explanation that the website is not hosted on their servers and that they only act as a proxy/CDN.
Exactly, I feel often like DMCA is just a weapon, thankfully this is a US law and does not apply to where we locate, and most of my servers (private ones) are not where this is applicable in general. However, there are other laws that may be similar to DMCA that apply in any given region, but yes they are in my opinion so many of them baseless.
Exactly, then it's very simple as you stated to get taken down, you have to do this on a case-by-case basis, this is where I like the idea of staying human, review it with your eyes, see how it came about, is this a forum post by @someone123 which is just a user on the site or is this a site dedicated to breaking the law and sharing the material. Also I like the idea that we may receive an API to run to delete the content if the website is big enough and they would like our assistance to keep it clean on complaint that warrants it.
That is interesting, I had done long time ago, many moons ago, and I mean many of them, and my return back then was they forwarded the complaint to the hosting provider (me) about me, but they did not give the complainer (me) the IP of the host, maybe they now give you the Host in general so you can contact them, which in itself is not an issue really. CloudFlare isn't meant as some form of "safe haven" its a CDN/Proxy, the service is not thought off as "hide me from the law".
Overall CloudFlare is awesome, but I can confirm that when law enforcement in the jurisdiction the website is in contacts them through law.enforcement@ channel they get much more details, that I can confirm.
When I submitted the CSAM abuse report, they just forward it the same as the DMCA.
I wonder if other CDN/WAF/Reverse Proxy providers also behave like this abuse-friendly.
That's not abuse-friendly, it's responsible. Cloudflare is just being a "dumb pipe" as they should be. They aren't in the position to be judging whether or not material is legal. It was completely right of them to just forward your report rather than blindly believing it.
They will claim that Cloudflare is merely a data pipe.
Typically, they will forward DMCA notices—originating from major companies or those that have been verified—to your VPS provider.
However, if they receive too many complaints within a short period, they may suspend your account, and you will have to contact the Support Team.
Proxy Chain? Multiple providers over multiple locations that rotate. DMCA notices are likely sent to a cheap VPS that is a just proxy. Swap VPS out if notice is received. Yes, you probably can trace every hop but is anyone going to that much effort?