isn't it wild that not once in this article do they talk about working with governments to handle blocking in cloudflare's proxy layer? they go on and on about why ip blocking sucks, but don't actually propose anything better, especially to improve the situation for customers behind cloudflare who become collateral damage.
And even if they did agree to block e.g., Austrians from accessing some webpages of some Cloudflare costumers, they would have to base it on some geolocation, which is just one more can of worms.
They should block their own crooked customers because the alternative of being belligerent with the authorities will deal exactly to the outcome they're whining about: the only option available is to block IPs leading to their more legit customers being caught in the blast radius. That should, ultimately, lead to the legit sites taking their business elsewhere.
As for doing legal content blocks based on geo-location, that is not a can of worms. It's table stakes, and I find it hard to believe they wouldn't already have that capability.
Because their customers are breaking the law? I agree that there's an issue with how to handle jurisdiction, but you can hardly ignore a court and then get mad when they take action against you.
Just because someone is setting up blocking does not mean that a law has been broken.
Blocking is often used as an easy alternative to prove in courts that laws has been broken.
For example considering the list mentioned in the article (and I do not know which ones affected cloudflare):
http://netzsperre.liwest.at/
Why should a US company censor a Russian website (rt.com) because it is on a Austrian list because of a EU regulation? Austrian citizens reading rt.com are not breaking the law.
And I better add, that I am not claiming that the content of those sites are trustworthy, but I do feel insulted that they do not trust me to read if I want to.
im older than dirt, so there wasa time when IPs were closer to 1:1 with domain name; DNS was a snazzy way of using WWW, but we would since inception, memorize or rolodex [1] the IP like a phone number.
Yes, it occured to me that the "obvious" answer is that instead of a court order for ISPs to block the IP addresses, there would be a court order for CloudFlare to drop the customer. The intended effect of the court is the same -- the customer is blocked unless/until they move to a different provider (this was true anyway already), but without the collateral damage.
In an essay that seems to be a sober technical analysis of the issue, it's noticeable that they didn't even bring up this solution. I guess they don't want that solution either, so don't want to bring it up, not even to explain why they don't want it, it would only confuse things. But, I mean, we're going to think of it anyway...
I think there's a jurisdictional issue for Austria to get Cloudflare to do anything at all.
So the court says "fine, just block Cloudflare's servers at all Austrian ISPs. Perhaps that will get their attention."
See, Cloudflare wants it both ways: They don't want to have to tell rights-holders who their free-tier, movie-thieving customers are, but hey, that doesn't mean you should block their servers. Right?
The "obvious" answer (which Cloudflare does not like for "obvious" reasons) is for them to just say: Sure, Austria, if you give us a court order to remove/block a certain customer identified by hostname, we will do so, no need to block the entire IP.
But yes, they want to have it both ways -- the only way available to you to block is an overreach that harms the internet, and we are not interested in providing you other ways to block.
