When should a cloud service provider take responsibility for the actions of its users? In the United States, Internet Service Providers are protected under Section 230 of the Communications Decency Act (CDA) from any liability that may arise from their users’ online statements. But even if a company’s hands-off policy is protected by law, hosting controversial material can end up impacting its reputation, not to mention its revenue stream.
Popular caching provider Cloudflare has come under increasing criticism for its support of Kiwi Farms, a malicious US far-right internet forum dedicated to mocking and harassing prominent figures online, including those in the trans and LGBTQ community. One of those harassed is Liz-Fong Jones, a respected engineer in the cloud-native computing community, who shared her frustrations with Cloudflare in a series of live Twitch videos. Cloudflare offers caching and denial of service prevention services to Kiwi. (Disclosure: Cloudflare has also hosted sites that unlawfully republish TNS copyrighted material.)
In these videos, she accuses Cloudflare of disrupting her own life, and that of many others, by willfully ignoring complaints submitted to Cloudflare about the many forms of harassment coming from Kiwi Farms, which she describes as “a point of water for sadistic individuals who want to get reactions from marginalized people Attacks are not just verbal, vicious as they are, but also often use personal identifying data to harass individuals with food delivery orders unwanted calls and even calls from the police to the victim’s home.This has triggered, in some cases, traumatic responses.
There is no business case for continuing to provide services to KiwiFarms. This is an explicitly political decision, and one that should be seen as a moral stain on the industry.https://t.co/dARZKlQe0e
— Emily G (@EmilyGorcenski) August 23, 2022
Cloudflare did not respond to our request by the deadline for publishing this article. But company executives have responded in the past that they see Cloudflare as a champion of internet equality — that everyone should have the right to an online forum, where issues can be discussed.
“I’m almost a free speech absolutist,” Cloudflare CEO Matthew Prince had told Ars Technica, explaining his libertarian reluctance to drop support for his most infamous client, the neo-Nazi site Daily Stormer ( which the company eventually did amid public outcry).
But Fong-Jones argues that in cases like Kiwi Farms, such equality is anything but equal, because people have to defend themselves against large-scale attacks, in which they had no interest in participating.
“If you work at Cloudflare, this is the result of your technical work: you block a system designed to, by policy, harm marginalized groups.” — @lizthegrey on @Cloudflarethe support of KiwiFarms. https://t.co/byqydu9WVA #DropKiwifarms
—Joab Jackson (@Joab_Jackson) August 25, 2022
And, as Fong-Jones pointed out, there is no government mandate that everyone should have access to a caching service. It is entirely Cloudflare’s choice to do business with Kiwi Farms. “Cloudflare is not a monopoly,” she said. “There is competition. If Cloudflare chooses not to do business with a particular origin server, that origin server may choose to do business with other providers.
It looks like Fong-Jones is continuing with their campaign as long as Cloudflare supports the online forum. She plans to post another live/video stream on Friday at 6:00 PM PT that will offer plans for how other customers can exit the Cloudflare service. The idea is to “hit Cloudflare in the wallet where it hurts,” Fong-Jones said.
And if this problem continues to draw public attention, it will not just be Cloudflare’s problem, but also other Cloudflare customers, who may have to explain why they continue to use the service.
when you have a “garbage in” problem, the correct solution is not to make the garbage unalterable via an add-only database
– cathode ray theory (@said_mitch) August 22, 2022
This week in programming
- Oven in the Hotseat: As soon as the Bun Oven provider announced its own existence, via Twitter, it was met with heavy criticism. Given Bun’s still nascent stage of development, the company is hiring engineers, of course, warned that “Oven is going to be a hassle, especially the first nine months or so. such obsessive rock star programming was the norm a decade ago, the cultural norms around development are currently undergoing a shift, towards a more balanced work-life balance.And so, no surprise, this Tweet got pretty badly spread , garnering far more critical responses than hearts. For our money, the most succinct answer came from CompSci Honored Elder Grady Booch: “It is neither a mark of honor nor good software development practice to formalize the idea of software development death marches.” Heed Grady’s wisdom.
- Discover the new Kubernetes: The Cloud Native Computing Foundation’s favorite open-source container orchestration tool has been updated. Kubernetes version 1.25, dubbed Combiner after its many contributors, consists of 46 enhancements. Fifteen of these enhancements have moved to stable, 15 enhancements are moving into beta, and 13 enhancements are entering alpha. Ephemeral containers – very handy for debugging – have also moved to Stable. Ephemeral containers were made possible by Linux’s v2 cgroups, which Kubernetes now supports, bringing a sigh of relief to K8 admins everywhere.
- …And that’s not all for the K8s: Another big selling point for Kubernetes 1.25 is that the messy and cumbersome PodSecurityPolicy has been removed, with pod security admission taking its place. This new admission controller can enforce pod security standards at the namespace level when creating pods. PodSecurityPolicy had serious issues that “couldn’t be fixed without making drastic changes, and that’s why we implemented a replacement,” Cici Huang, Google software engineer and core Kubernetes contributor, told TNS. In particular, it was too easy for users to apply a broader set of access rights than intended, leading to security issues. And the previous controller couldn’t use audit mode either. The new Security Admission Pod makes it “much easier for users to apply security best practices without going overboard in understanding product specifications.”
CDC says you can use log4j again.
— Vicky (@vboykis) August 11, 2022
The owner of TNS, Insight Partners, is an investor in: Deno.