The Wikipedia article says Cloudflare has been used to host hate speech, websites with illegal content and forums connected to all sorts of illegal activities. And I see them being used by a lot of decent webservices but shady ones as well.
So my question, can Cloudflare be used for something alike “bulletproof hosting”? Does anyone know if they collaborate with law enforcement or care once someone sends a mail to the abuse contact? Or if there’s a way to find information about a Cloudflare protected server for the public?
Hypothetical question, I’m just curious and I thought maybe someone here has first-hand experience with getting their account terminated or reporting content or doing piracy via them or whatever…
I have experience working in large data centers that provide hosting. What I can tell you is that various government agencies do and will randomly come by the data center with warrants and court orders for things. I’ve literally had NASA show up (wtf?) and have to pull a server offline while they mirror the hard disk. All very hush hush make excuses to the customer when they open a ticket. Another thing that happens is that the FBI has placed their servers within internal spaces of the network. When they get a court order they can open a ticket with our abuse department and whatever switch port the feds are interested in can be mirrored and sent to their packet capture servers.
NASA doesn’t make sense NSA?
Yea that’s the point it didn’t make sense. The literal “national aeronautics and space adminiatraton” sent tech and security people to a physical data center to copy a hard drive.
NASA or NSA?
They wanted their space back
Both
I’ll add to this that I’m old - these days in a cloud environment they don’t even have to come to the data center to image the hard drive.
Exactly. Most cloud virtualization providers you just take a snapshot of the virtual disk and provide that when requested and the customer never has a clue that is happened. I’d get contacted by our legal department, told that my boss was only to be told that I was working for them for now and no other details, and then directed on what they needed a copy of and how to send it to them.
Thanks for your insight. Reading these stories always makes me feel data should stay on own premises with extra security measures. And yes, on my VPS, imaging the storage is one click and I believe it’s done online without any interruption of service. Not that I do a lot of illegal stuff on the internet. But with the current situation in the US and the general overboarding surveillance, I think i’d like to keep their government and agencies out of my emails and personal stuff… (And maybe even what I do publicly and within legal limits.)
Though I didn’t ask about privacy here, but anonymity. And I guess selfhosting stuff at home isn’t an option either. Everyone can tell my ISP and location to like 30km with that. And link the IP to other activities.
Email? Lol good luck keeping that secure.
Sure, email is bad and we don’t have any worthy successor. I can only deal with the most problematic aspects. Keep my inbox stored somewhere where people can’t just easily go through all my stored mails and I guess it’s transport encrypted more often than it’s not… But yeah, it’s only a little bit and “secure” shouldn’t be in one sentence with email, I guess 😟