I quite like the status quo. I don't want Cloudflare or Google to block the files I'm trying to download just because they got a bunch of reports from clueless people or bots.
I want both to behave like dumb pipes. They don't have enough context to make any decisions like the ones you described. Ideally everything would be end to end encrypted so it'd be impossible for them to make the decision for me.
> I don't want Cloudflare or Google to block the files I'm trying to download just because they got a bunch of reports from clueless people or bots.
Lots of scammers don't want Cloudflare or Google to block the files they're trying to trick people into downloading either. There are people who feel the same way about spam, that no service provider should have right to block or even flag messages as spam for anyone else. Thankfully, most people disagree and want service providers to act on abuse complaints instead of acting as safe-havens for criminals.
Even dumb pipes need to be maintained when they start carrying something toxic/harmful that isn't supposed to be there. These are nothing like dumb pipes though. They're watching everything you and everyone else does with the service and logging it all. They're collecting every scrap of data they can while we interact with these services and they're happy to use that data when they think it'll put money in their pocket, but much less interested in using it to prevent the harm being done.
It isn't hard to find this stuff. These types of scammers are not usually very subtle. In this case they're linking to .LNK and .VBS, but scammers using these kinds of services are doing things like repeatedly uploading the exact same malware infected file, or not even bothering to modify their phishing sites each time they reupload them, or using the same keywords/broken english in their spam, etc.
These companies could automate checking to see what's at the other end of a generated link, or run a quick AV scan on an uploaded file, or to look for domains that are registered with misspellings of banks and online shopping companies, or to see if the hash of recently uploaded content matches something they recently had to take down because it violated the law and/or their own ToS/AUP.
I'm not even suggesting that they take something offline immediately if they find something, just flag it for review by an actual human with eyes and a brain and have enough humans available that it doesn't take long before that review happens. Make it easy for people to send reports of internet abuse. It's not hard to act like responsible members of the internet community, it's just takes work.
> In this case they're linking to .LNK and .VBS, but scammers using these kinds of services are doing things like repeatedly uploading the exact same malware infected file
It sounds like you advocate for proxy servers to inspect traffic at the application layer. Is that right?
In the OSI reference model, the communications between systems are split into seven different abstraction layers: Physical, Data Link, Network, Transport, Session, Presentation, and Application.
> It sounds like you advocate for proxy servers to inspect traffic at the application layer. Is that right?
In most cases you wouldn't need one. a URL shortener service can see what people are linking to. A webhosting company can see everything on their own servers. In the specific case of cloudflare and this particular product they may or may not need to. I notice that they do reserve the right to monitor and inspect any traffic on the Cloudflare network.
This text is non-responsive to the question. Maybe your purpose is to practice typing? Just because a company "can" do something doesn't mean that they will devote the resources to perform it.
I want both to behave like dumb pipes. They don't have enough context to make any decisions like the ones you described. Ideally everything would be end to end encrypted so it'd be impossible for them to make the decision for me.