On Cloudflare's decision to not forward abuse reports


#1

My websites are frequent victims of abusive reports that intend to intimidate my hosts. Cloudflare’s recent decision to not forward me these complaints directly completely prevents me from being able to reach out or deal with these complainees proactively. I am forced to rely on my host to send this information to me and then I am at their mercy on if they want to deal with future complaints as intermediaries.

This decision was done without any concern for the Cloudflare clientele and is entirely a PR move to appease the worst kind of user. The “can I speak to your managers?” of the Internet.

Cloudflare’s original intent to protect services has been completely undermined by its own maneuvers recently, streamlining complaints directly to datacenters and VPS providers that really don’t want to play customer service for your website. I feel I would be better off just not hosting with Cloudflare because the average ‘crybully’ cannot figure out how to retrieve ARIN abuse information.


#2

No? You can still report content to the police and Cloudflare will respond to warrants and discovery inquiries. I know this first hand.

It used to be that this was all Cloudflare would do. They would do their job. Now, Cloudflare will no longer forward complainee information to the service provider, and will instead forward it to the host. If someone opts to abuse the system you aren’t even aware of it until your host is bothered by the emails and contacts you themselves.

The service quality has seriously declined to the point where Cloudflare has become yet another webservice only for websites that are boring, standard, and inoffensive. Sites like 4chan could never have gotten started if Cloudflare was operating like this. They run their own hosting now but in days prior they relied on even host-level obfuscation to survive.


#5

Hello Josh,

Cloudflare’s underlying principle with regard to processing abuse has largely been “what would happen if Cloudflare was not involved with the website?”. This principle continues with the changes we made in May 2017. If someone would like to file an anonymous abuse report about a website that was not using Cloudflare they would be fully capable of doing so – and as such they should be able to do the same thing even if the website is using Cloudflare. Similarly, if the website was not using Cloudflare then it would be plainly obvious who is hosting the website, and the complainant could then simply email the hosting provider directly. We added this option in May 2017 as well, as this option should be available even if the website happens to be using Cloudflare. Also to add – Cloudflare has never claimed to provide a service to hide a website or their hosting provider from receiving abuse reports. That is not a service we provide.

Regards,
Justin
Head of Trust & Safety


#6

It seems to me that Cloudflare don´t do anything with the abusereport and protect anonymous people to make their protected websites that can be illegal.

The don´t give out the IP or any contact information (sometimes a broken email) to the service cloudflare is protecting. Cloudflare call them host provider.


#7

The actual hosting provider is made aware of the abuse reports so they can address the content they are hosting. As Cloudflare is not a hosting provider we have no capacity to remove content we do not host.

As for the abuse email address being sometimes broken – that is an issue to address with the hosting provider. You can visit their website which is often very obvious based on their abuse email address. Cloudflare provides the email address that the hosting provider publishes – we make no claims as to the accuracy of the email the hosting provider makes available.


#10

Thanks @Josh . It looks like that is the only solution right now.