Dan GoodinI'm looking for recent examples of Cloudflare not responding to verified complaints of abuse by customers using its service, particularly its pass-through service. Additionally, how does Cloudflare's abuse policy compare with those of competitors such as Fastly? Please text me on Signal at DanArs.82 or DM me here.
Bob Roberts@dangoodin Does this have to do with Encrypted Client Hello since non-decrypting middle boxes won't know the real destination?
Not specifically. My inquiry is mainly related to a post Spamhaus published yesterday:
Blog | Too big to care? - Our disappointment with Cloudflare’s anti-abuse posture | Resources
We're deeply concerned about the abuse management and prevention policies of Cloudflare, read the full article to understand what we're seeing, the critical issues, and our recommendations for change.
@dangoodin Now imagine that those millions of websites all look exactly the same on the wire, so any network-level controls are useless unless they're decrypting. If Cloudflare isn't taking down malicious sites it's front-ending, it's a huge threat vector for companies.
It's awesome for personal privacy tho!