CloudFlare is a venture-funded startup that routes around Internet abuse by
acting as a reverse proxy. They also encourage illegality by allowing hackers,
DDoSers, cyberbullies, and copyright pirates to hide behind their servers.
CloudFlare seeks riches through anarchy
Uncovering bad guys hiding behind CloudFlare
CloudFlare's customers: Same old power law
Spamhaus blocks CloudFlare's IP ranges
Some domains that recently used CloudFlare
Those laughable CloudFlare terms of service
Dear Damon Billian: We're not as stupid as you think!
Where in the world are those CloudFlare domains?
CloudFlare attracts "repeat infringers"
"The LulzSec hacker group, which used CloudFlare's service to protect a website where it boasted of its exploits, praised CloudFlare after the service successfully fended off a barrage of attacks designed to bring down the site." — Wall Street Journal
A quotation from CEO Matthew Prince
From the University of Chicago law school journal:
"Back in 2003, Lee Holloway and I started Project Honey Pot as an open-source project to track online fraud and abuse. The Project allowed anyone with a website to install a piece of code and track hackers and spammers. We ran it as a hobby and didn't think much about it until, in 2008, the Department of Homeland Security called and said, 'Do you have any idea how valuable the data you have is?' That started us thinking about how we could effectively deploy the data from Project Honey Pot, as well as other sources, in order to protect websites online. That turned into the initial impetus for CloudFlare."
When you fetch a page from a website that is served from CloudFlare, Javascript has been inserted into that page by CloudFlare, and they also plant a cookie that brands your browser with a globally-unique ID.
We don't know if CloudFlare is tracking you. We do know that they are perfectly positioned to immediately begin tracking web surfers who visit selected sites hosted by CloudFlare. Is this why they proxy so many dodgy sites? Are they trying to jack up their stats and hype their way into another round of venture funding, or are they getting black-budget bucks from the feds? Or both?
It is clear that Homeland Security admires the Honey Pot technique.
A better question might be this: If Homeland Security approached CloudFlare with checkbook in hand, would CloudFlare take the money and keep quiet?
Prince gave a presentation in 2005 at a conference in Vienna. And even today,
LinkedIn brags of his "substantial work with government and law enforcement."
Public Information Research
