Cloudflare

From Wikipedia, the free encyclopedia

Cloudflare, Inc.
Company typePublic
IndustryInformation and communications technology
FoundedJuly 2009; 14 years ago (2009-07)
FounderLee Holloway
Matthew Prince
Michelle Zatlyn Edit this on Wikidata
HeadquartersSan Francisco, California, U.S.
Key people
Servicesreverse proxy, edge computing, streaming media, identity management, virtual private network
RevenueIncrease US$1.297 billion (2023)
Negative increase US$−185 million (2023)
Negative increase US$−184 million (2023)
Total assetsIncrease US$2.759 billion (2023)
Total equityIncrease US$763 million (2023)
Number of employees
3,682 (2023)
SubsidiariesArea 1 Security
ASN
  • 13335
Websitecloudflare.com
Footnotes / references
[1][2]

Cloudflare, Inc. is an American company that provides content delivery network services, cloud cybersecurity, DDoS mitigation, and ICANN-accredited[3] domain registration services.[4][5][6] Cloudflare's headquarters are in San Francisco, California.[4] According to The Hill, Cloudflare is used by more than 20 percent of the Internet for its web security services, as of 2022.[7]

History[edit]

Cloudflare was founded in July 2009 by Matthew Prince, Lee Holloway, and Michelle Zatlyn.[2][8][9] Prince and Holloway had previously collaborated on Project Honey Pot, a product of Unspam Technologies that served as some inspiration for the basis of Cloudflare.[10] From 2009, the company was venture-capital funded.[11] On August 15, 2019, Cloudflare submitted its S-1 filing for IPO on the New York Stock Exchange under the stock ticker NET.[12] It opened for public trading on September 13, 2019 at $15 per share.[13]

In 2020, Cloudflare co-founder and COO Michelle Zatlyn was named president, making her one of the few female presidents of a publicly traded technology company in the U.S.[14]

Cloudflare has acquired web-services and security companies, including StopTheHacker (Feb 2014),[15] CryptoSeal (June 2014),[16] Eager Platform Co. (December 2016),[17] Neumob (November 2017),[18] S2 Systems (January 2020),[19] Linc (December 2020),[20] Zaraz (December 2021),[21] Vectrix (February 2022),[22] and Area 1 Security (February 2022).[23]

Lava lamp wall in Cloudflare's San Francisco offices (2021)

Since at least 2017, Cloudflare has been using a wall of lava lamps in their San Francisco headquarters as a source of randomness for encryption keys, alongside double pendulums in its London offices and a geiger counter in its Singapore offices.[24] The lava lamp installation implements the Lavarand method, where a camera transforms the unpredictable shapes of the "lava" blobs into a digital image.[25][24]

In Q4 2022, Cloudflare provided paid services to 162,086 customers.[26]

Products[edit]

An example of public key certificate issued by Cloudflare

Cloudflare acts as a reverse proxy for web traffic. It supports web protocols including SPDY and HTTP/2, QUIC, and support for HTTP/2 Server Push.[27] As of 2023, Cloudflare handles an average of 45 million HTTP requests per second.[28]

Cloudflare provides DDoS mitigation services that protect customers from distributed denial of service (DDoS) attacks.

In 2010, Cloudflare launched a content distribution network (CDN) service. TechCrunch wrote that its goal was to be "a CDN for the masses".[29]

In 2017 Cloudflare launched Cloudflare Workers, a serverless computing platform for creating new applications, augmenting existing ones, without configuring or maintaining infrastructure. It has expanded to include Workers KV, a low-latency key-value data store; Cron Triggers, for scheduling Cron jobs; and additional tooling for developers to deploy and scale their code across the globe.[30]

On September 25, 2019, Cloudflare released a freemium VPN service for mobile devices called WARP.[31][32] A year later, beta support for macOS and Windows was released.[33]

In April 2020, Cloudflare announced it was moving away from using reCAPTCHA in favor of hCaptcha.[34]

Cloudflare One, the company's overarching SASE platform, debuted in October 2020.[35]

In November 2020, Cloudflare announced Cloudflare for Teams, consisting of a DNS resolver and web gateway called "Gateway," and a zero-trust authentication service called "Access."[36]

On May 11, 2022, Cloudflare announced its first SQL database, D1, which is built on SQLite.[37]

On September 26, 2022, Cloudflare announced Zero Trust SIM, an eSIM designed to secure mobile devices and prevent SIM-swapping attacks. The technology is based on the zero trust security model. According to Cloudflare, the secure eSIM can also be used as a second identification factor with 2FA verification protocols. The product will be first available in the United States, with a planned global rollout in the future.[38][39]

In September 2022, Cloudflare began to test Turnstile – an alternative to CAPTCHA. The product, instead of presenting a visual CAPTCHA for the user to solve, automatizes the verification process by conducting JavaScript-based checks inside the browser to determine whether the user is a real person or an automated entity. The algorithm reportedly uses machine learning to optimize the process.[40]

Through a contract with the Cybersecurity and Infrastructure Security Agency, Cloudflare provides registry and authoritative DNS services to the .gov top-level domain.[41]

Cloudflare announced a partnership with PhonePe in January 2023 to secure its mobile payment system.[42] In February, Cloudflare launched Wildebeest to allow Mastodon users to set up and run their own instances on Cloudflare's infrastructure.[43]

DDoS mitigation[edit]

Cloudflare received media attention in June 2011 for providing DDoS mitigation for the website of LulzSec, a black hat hacking group.[44]

In March 2013, The Spamhaus Project was targeted by a DDoS attack that Cloudflare reported exceeded 300 gigabits per second (Gbit/s).[45][46] Patrick Gilmore, of Akamai, stated that at the time it was "the largest publicly announced DDoS attack in the history of the Internet." While trying to defend Spamhaus against the DDoS attacks, Cloudflare ended up being attacked as well; Google and other companies eventually came to Spamhaus' defense and helped it to absorb the unprecedented amount of attack traffic.[47]

In February 2014, Cloudflare claimed to have mitigated an NTP reflection attack against an unnamed European customer, which they stated peaked at 400 Gbit/s.[48][49] In November 2014, it reported a 500 Gbit/s DDoS attack in Hong Kong.[50] In July 2021, the company claimed to have absorbed a DDoS attack three times larger than any they'd previously recorded, which their corporate blog implied was over 1.2 Tbit/s in total.[51] In February 2023, Cloudflare reported blocking a 71 million request-per-second DDoS attack which "the company says was the largest HTTP DDoS attack on record."[52]

Free services[edit]

In 2014, Cloudflare began providing free DDoS mitigation for artists, activists, journalists, and human rights groups under the name "Project Galileo."[53] In 2017, they extended the service to electoral infrastructure and political campaigns under the name "Athenian Project."[54][55] By 2020, more than 1,000 users and organizations were participating in Project Galileo, including 31 states.[56][57]

Cloudflare released a beta Jamstack platform for front-end developers to deploy websites on Cloudflare's infrastructure in December 2020, under the name "Pages."[58] In January 2021, the company began providing its "Waiting Room" digital queue product for free for COVID-19 vaccination scheduling under the title "Project Fair Shot."[59] Project Fair Shot later won a Webby People's Choice Award in 2022 for Event Management under the Apps & Software category.[60]

In March 2023, Cloudflare announced post-quantum cryptography will be made freely and forever available to cloud services, applications and Internet connections.[61]

Security and privacy issues[edit]

Intrusions[edit]

On June 1, 2012, the hacker group UGNazi redirected visitors to the website 4chan to a Twitter account belonging to UGNazi. They allegedly used social engineering to trick AT&T support staff into giving them access to Cloudflare CEO Matthew Prince's voicemail, then exploited a vulnerability in Cloudflare's use of Google's two-factor authentication system. Once in control of Prince’s email account, UGNazi was able to redirect the 4chan domain through Cloudflare’s database.[62][63]

Data leaks[edit]

From September 2016 until February 2017, a major Cloudflare bug (nicknamed Cloudbleed) leaked sensitive data, including passwords and authentication tokens, from customer websites by sending extra data in response to web requests.[64] The leaks resulted from a buffer overflow which occurred, according to numbers provided by Cloudflare at the time, more than 18,000,000 times before the problem was corrected.[65][66]

In May 2017, ProPublica reported that Cloudflare routinely discloses the names and email addresses of persons complaining about hate sites to the operators of those sites, which has led to the complainants being harassed. In response, Cloudflare's CEO said the company would allow individuals in "certain instances to complain anonymously" and that Cloudflare "would be more selective in its decisions to share with its clients the personal information of people who reported objections."[67]

Service outages[edit]

In July 2019, there was a major outage lasting about 30 minutes that was attributed to bad software deployment.[68][69] In 2020, a misconfiguration of a router caused a data pileup and outage in major European cities.[70] Cloudflare experienced another outage in June 2022.[71]

Controversies[edit]

Cloudflare has said that it has a content neutrality policy and that it opposes the policing of its customers on free speech grounds, except in cases where the customers break the law.[72][73] The company has faced criticism for not banning hate speech websites and websites allegedly connected to terrorism groups,[74] but Cloudflare has maintained that no law enforcement agency has asked the company to discontinue these services and it closely monitors its obligations under U.S. laws.[75]

When asked about whether or not websites should be allowed on Cloudflare, and in response to Twitter remarks by someone from Anonymous, founder Matthew Prince said he'd "rather take advice from the police or the U.S. State Department (which is also a customer) than from some faceless Twitter user."[75] Because of its structure and policies, Cloudflare often has people from both sides of an argument asking for websites to be taken down. For example, Anonymous uses Cloudflare for some of its sites, but has pressured Cloudflare to drop other sites, and Cloudflare has also faced pressure from additional groups to take Anonymous sites offline.[75]

In 2022, a research paper by Stanford University found that Cloudflare was a prominent CDN provider among several other providers that are disproportionately responsible for serving misinformation websites.[76][77]

Service terminations[edit]

Co-founder and CEO of Cloudflare Matthew Prince

Cloudflare has come under pressure on multiple occasions due to its services being utilized to serve far-right content.[78][79][80] As Cloudflare is considered an infrastructure provider, rather than a hosting provider,[failed verification] they have broad legal immunity for the content created by their customers, even in cases of offensive content.[81]

The Daily Stormer[edit]

Cloudflare provided DNS routing and DDoS protection for the white supremacist and neo-Nazi website, The Daily Stormer. In 2017 Cloudflare stopped providing its services to The Daily Stormer after an announcement on the website asserted that the "upper echelons" of Cloudflare were "secretly supporters of their ideology".[82][83]

Previously Cloudflare had refused to take any action regarding The Daily Stormer.[81] Founder Matthew Prince said he found the website's content "vile", but regretted he alone could "decide its fate".[84] He told Business Insider, "The ability of somebody to single-handedly choose to knock content offline doesn’t align with core ideas of due process or justice. Whether that’s a national government launching attacks or an individual launching attacks."[84]

As a self-described "free speech absolutist", Prince, in a blog post, vowed never to succumb to external pressure again and sought to create a "political umbrella" for the future.[81] Prince further addressed the dangers of large companies deciding what is allowed to stay online, a concern that is shared by a number of civil liberties groups and privacy experts.[85][86][87] The Electronic Frontier Foundation, a US digital rights group, said that services such as Cloudflare "should not be adjudicating what speech is acceptable", adding that "when illegal activity, like inciting violence or defamation, occurs, the proper channel to deal with it is the legal system."[82]

Mass shootings and 8chan[edit]

In 2019, Cloudflare was criticized for providing services to the far-right[88] discussion and imageboard 8chan. The message board has been linked to mass shootings in the United States and the Christchurch mosque shootings in New Zealand.[88][89][90] In addition, a number of news organizations including The Washington Post and The Daily Dot have reported on the existence of child pornography and child sexual abuse discussion boards.[91][92][93]

A Cloudflare representative said that the platform "does not host the referenced websites, cannot block websites, and is not in the business of hiding companies that host illegal content".[94] Cloudflare did not terminate service to 8chan until public and legal pressure mounted in the wake of the 2019 El Paso shooting, in which the associated manifesto was published to 8chan.[95][96][97] In an interview with The Guardian immediately after the shooting, CEO Matthew Prince defended Cloudflare's support of 8chan, saying that he had a "moral obligation" to keep 8chan online.[98]

On August 5, 2019, Cloudflare terminated service to 8chan.[99] Following this, 8chan moved its forums from the clearnet to the dark web.[100] Cloudflare explained that 8chan "have proven themselves to be lawless and that lawlessness has caused multiple tragic deaths. Even if 8chan may not have violated the letter of the law in refusing to moderate their hate-filled community, they have created an environment that revels in violating its spirit."[101] Prince said that what happened in El Paso was "abhorrent in every possible way", removing 8chan from the Internet was "the right thing to do".[102][98]

Kiwi Farms[edit]

Cloudflare provided DDoS mitigation and acted as a reverse proxy for Kiwi Farms, a far-right[103][104] Internet forum dedicated to discussion and trolling of online figures or communities. The site often engages in harassment and doxxing of targets[105] and has been implicated in the suicides of at least three people.[106][107][108][109][110] Kiwi Farms also has a reputation for transphobic content, and its users have been accused of swatting vulnerable individuals.[111][112][113][114] Although Cloudflare was not the primary website host, they did perform critical services to keep Kiwi Farms on-line, both protecting the site from denial-of-service attacks and optimizing content delivery.[115][5][116][117]

In 2022, a campaign was launched by transgender activist Clara Sorrenti, who has previously been targeted by the forum, to pressure Cloudflare into terminating service for Kiwi Farms.[118][119] Cloudflare responded by issuing a statement on its abuse policies and saying it didn't want to set precedent for speech on the internet with its "extraordinary" decision.[120]

The company also released a blog post[121] and likened their services to that of a public utility, stating that "Just as the telephone company doesn't terminate your line if you say awful, racist, bigoted things, we have concluded ... that turning off security services because we think what you publish is despicable is the wrong policy", but that it would certainly be the "popular choice" to drop sites that the Cloudflare team "personally feels [are] disgusting and immoral".[122][123] The company also defended their decision by saying that "where they had provided DDoS protection services to an anti-LGBTIQ+ website, they donated 100% of the fees earned to an organisation fighting for LGBTIQ+ rights".[124] The blog post mentioned Cloudflare's terms of use agreement, which allows them to terminate service due to "content that discloses sensitive personal information, [and] incites or exploits violence against people" but, according to The Guardian, the statement "did not specifically address how Kiwi Farms users doxxing people did not fall foul of these terms".[124]

On September 3, 2022, Cloudflare blocked Kiwi Farms, citing urgent escalating rhetoric against targets of Kiwi Farms, stating that there is an "unprecedented emergency and immediate threat to human life". According to The Washington Post, there was a "surge in credible violent threats stemming from the site" and CEO Matthew Prince said that Cloudflare believes "there is an imminent danger, and the pace at which law enforcement is able to respond to those threats we don't think is fast enough to keep up."[125][126][127]

Switter[edit]

Switter was a social media network for the sex worker community, built by Australia-based company Assembly Four on Mastodon's open-source software, before Cloudflare dropped Switter as a client and ceased services in April 2018, citing terms of service violations.[128][129] This occurred shortly after the passage of FOSTA/SESTA, a set of bills criminalizing websites that "facilitate or support sex trafficking" in 2018. SESTA weakened protections for Internet infrastructure companies and was criticized on free speech grounds due to concerns about disproportionate impact and disruptions to the lives of sex workers.[130][131][132]

Cloudflare said the move was "related to our attempts to understand FOSTA, which is a very bad law and [sets] a very dangerous precedent".[133] Assembly Four said that "Given Cloudflare's previous stances of privacy and freedom, as well as fighting alongside the EFF, we had hoped they would take a stand against FOSTA/SESTA".[128]

Terrorism[edit]

In 2015 testimony to the United States House Committee on Foreign Affairs, it was reported that two of the top three online chat forums and nearly forty other web sites belonging to the Islamic State of Iraq and the Levant (ISIL) were guarded by Cloudflare.[134]

In 2018, The Huffington Post documented that Cloudflare provided services for "at least 7 terrorist groups," as designated by the United States Department of State including Al-Shabaab, the Taliban, the Popular Front for the Liberation of Palestine, the al-Quds Brigades, the Kurdistan Workers' Party (PKK), the al-Aqsa Martyrs' Brigades, and Hamas.[135][108] At the time, Cloudflare’s general counsel, Doug Kramer, told The Huffington Post that he couldn't comment on specific cases in which Cloudflare was told about possible terrorist organizations using its services, but that Cloudflare does work with government agencies to be in compliance with its legal obligations.[108]

In September 2019, Cloudflare reported in their Form S-1 filing that their technology was "used by, or for the benefit of, certain individuals or entities" that were blacklisted due to United States economic and trade sanctions regulations,"[136] including "entities identified in OFAC’s counter-terrorism and counter-narcotics trafficking sanctions programs, or affiliated with governments currently subject to comprehensive U.S. sanctions."[137]

Crime[edit]

Cloudflare has been cited in reports by The Spamhaus Project, an international spam tracking organization, for the high numbers of cybercriminal botnet operations hosted by Cloudflare.[138][139][140] An October 2015 report found that Cloudflare provisioned 40% of the SSL certificates used by typosquatting phishing sites, which use deceptive domain names resembling those of banks and payment processors to compromise Internet users' banking and other transactions.[141] Cloudflare has been criticized for having a conflict of interest by providing DDoS protection to both the operators and victims of "stresser" services.[142][143]

In 2018, Cloudflare was identified by the European Union's Counterfeit and Piracy Watch List as a "notorious market" which engages in, facilitates, or benefits from counterfeiting and piracy. The report noted that Cloudflare hides and anonymizes the operators of 40% of the world's pirate sites, and 62% of the 500 largest such sites, and "does not follow due diligence when opening accounts for websites to prevent illegal sites from using its services."[144][145]

In 2020, an Italian court ruled Cloudflare had to block current and future domain names and IP addresses of the pirate IPTV service "IPTV THE BEST" for infringing on Lega Serie A intellectual property.[146] At the time, Cloudflare was already blocking 22 domain names in Italy.[147] German courts have similarly found that "Cloudflare and its anonymization services attract structurally copyright infringing websites."[148]

Response to the Russian invasion of Ukraine[edit]

After Russia invaded Ukraine in late February 2022 Ukrainian Vice Prime Minister, Minister of Digital Transformation Mykhailo Fedorov[149] and others[150] called on Cloudflare to stop providing its services in the Russian market amidst reports that Russia-linked websites spreading disinformation were using the company’s content delivery network services.[151] Cloudflare CEO Matthew Prince responded that the company decided to remain providing services to Russian people to counter Russia's attempts to raise a 'digital iron curtain'.[152][153] Prince shared that "[i]ndiscriminately terminating service would do little to harm the Russian government but would both limit [Russian citizens'] access to information outside the country and make significantly more vulnerable those who have used us to shield themselves as they have criticized the government."[154] The company later said it had minimal sales and commercial activity in Russia and had "terminated any customers we have identified as tied to sanctioned entities."[155]

Cloudflare's project Galileo, launched in 2014, offers NGOs DDoS protection for free. In 2022, they extended free protection to Ukrainian government and telecoms.[156][157]

References[edit]

  1. ^ "Cloudflare, Inc. 2023 Annual Report (Form 10-K)". U.S. Securities and Exchange Commission. February 21, 2023. pp. 17, 95–96.
  2. ^ a b "S-1 Filing". US SEC. Retrieved December 2, 2022.
  3. ^ "List of Accredited Registrars". www.icann.org. Retrieved April 25, 2023.
  4. ^ a b Clifford, Tyler (October 6, 2020). "Cloudflare CEO: Dozens of U.S. states are using Athenian Project for election security". CNBC. Retrieved January 25, 2021.
  5. ^ a b Durant, Richard (May 19, 2020). "Cloudflare: Thinking Big". Seeking Alpha. Retrieved January 25, 2021.
  6. ^ Lardinois, Frederic (September 27, 2018). "Cloudflare launches a low-cost domain registrar". TechCrunch. Retrieved April 25, 2023.
  7. ^ Dress, Brad (September 4, 2022). "Web security firm Cloudflare drops anti-trans website over 'threat to human life'". The Hill. Retrieved September 4, 2022.
  8. ^ Lagorio-Chafkin, Christine (November 6, 2020). "Why the CEO of a $350 Million Internet Security Company Practices Radical Transparency". Inc.
  9. ^ "Cloudflare, in its IPO filing, thanks a third co-founder: Lee Holloway". TechCrunch. August 15, 2019. Retrieved May 6, 2021.
  10. ^ Kleinman, Zoe (September 25, 2016). "The firm that protects both banks and the Eurovision Song contest". BBC News. Retrieved September 4, 2022.
  11. ^ Kawamoto, Dawn (March 12, 2019). "Cloudflare's $150 million funding round puts its IPO plans in question". San Francisco Business Times. Retrieved March 12, 2019. (Subscription required.)
  12. ^ Shieber, Jonathan (August 15, 2019). "Cloudflare files for initial public offering". TechCrunch. Retrieved August 22, 2019.
  13. ^ Loizos, Connie (September 13, 2019). "Cloudflare co-founder Michelle Zatlyn on the company's IPO today, its unique dual class structure, and what's next". TechCrunch. Retrieved September 16, 2019.
  14. ^ Mehta, Stephanie (December 17, 2020). "Exclusive: Cloudflare promotes Michelle Zatlyn to president, a gain for women in tech". Fast Company. Retrieved December 20, 2020.
  15. ^ "Fresh off IPO, this high-profile Bay Area cloud company just snapped up a browser isolation company". bizjournals.com. January 7, 2020. Retrieved May 12, 2021.
  16. ^ Tung, Liam (June 19, 2014). "CloudFlare acquires VPN service CryptoSeal, shuts it down". ZDNet.
  17. ^ "Cloudflare acquires app platform Eager, will sunset service in Q1 2017". VentureBeat. December 13, 2016. Retrieved May 12, 2021.
  18. ^ Miller, Ron (November 14, 2017). "Neumob acquisition gives Cloudflare missing mobile component – TechCrunch". TechCrunch. Retrieved September 18, 2020.
  19. ^ Miller, Ron (January 7, 2020). "Cloudflare acquires stealthy startup S2 Systems, announces Cloudflare for Teams – TechCrunch". TechCrunch. Retrieved September 17, 2020.
  20. ^ Wiggers, Kyle (December 22, 2020). "Cloudflare acquires Linc to automate web app deployment". VentureBeat. Retrieved December 22, 2020.
  21. ^ Sawers, Paul (December 8, 2021). "Cloudflare acquires Zaraz to speed up websites and solve third-party bloat". VentureBeat.
  22. ^ "Cloudflare Acquires Vectrix to Help Businesses Gain Visibility and Control of Their Applications". ITSecurityWire. February 11, 2022. Retrieved February 11, 2022.
  23. ^ Charlotte Trueman (March 23, 2022). "Noteworthy tech acquisitions 2022". Computerworld. Retrieved March 25, 2022.
  24. ^ a b Schwab, Katharine (August 18, 2017). "The Hardest Working Office Design In America Encrypts Your Data–With Lava Lamps". Fast Company. Retrieved April 16, 2022.
  25. ^ "LavaRand in Production: The Nitty-Gritty Technical Details". The Cloudflare Blog. November 6, 2017. Retrieved April 16, 2022.
  26. ^ Palumbo, Angela (February 10, 2023). "Cloudflare Sales Guidance Looks Good. But It's Still Contending With a Spending Slowdown". Barron's. Archived from the original on February 11, 2023. Retrieved October 15, 2023.
  27. ^ Osborne, Charlie (April 28, 2016). "Cloudflare figured out how to make the Web one second faster". ZDNet. Retrieved May 17, 2016.
  28. ^ Kerner, Sean Michael (March 14, 2023). "Attackers Target Microsoft Exchange, According to Cloudflare Application Security Report". SDX Central. Retrieved March 30, 2023.
  29. ^ Kincaid, Jason (September 27, 2010). "Cloudflare Wants To Be A CDN For The Masses (And Takes Five Minutes To Set Up)". TechCrunch. Retrieved September 26, 2020.
  30. ^ "Cloudflare creates Workers Unbound platform for serverless development". datacenternews.asia. Retrieved May 26, 2021.
  31. ^ Humphries, Matthew (September 26, 2019). "Cloudflare Finally Launches WARP, But It's Not a Mobile VPN". PCMag. Retrieved September 27, 2019.
  32. ^ Wagenseil, Paul (September 26, 2019). "WARP Promises Faster Speeds on Your Phone Without 5G, but Doesn't Quite Deliver Yet". Tom's Guide. Retrieved September 27, 2019.
  33. ^ Henshaw, Jon (September 2020). "Cloudflare launches beta of 1.1.1.1 VPN with WARP for macOS and Windows". Coywolf.
  34. ^ "Cloudflare moves from reCAPTCHA to hCaptcha". Thank You Robot. January 8, 2020. Retrieved February 11, 2021.
  35. ^ Alspach, Kyle. "Cloudflare expanding into zero-trust network security - Protocol". www.protocol.com. Retrieved May 22, 2023.
  36. ^ "Cloudflare for Teams: Protecting corporations without sacrificing performance". Help Net Security. January 8, 2020. Retrieved February 11, 2021.
  37. ^ "Cloudflare gets serious about infrastructure services". TechCrunch. May 11, 2022. Retrieved May 12, 2022.
  38. ^ Wiggers, Kyle (September 26, 2022). "Cloudflare launches an eSIM to secure mobile devices". TechCrunch. Retrieved September 26, 2022.
  39. ^ McCurdy, Will (September 27, 2022). "Cloudflare launches eSim to protect mobile devices". Tech Radar. Archived from the original on September 28, 2022. Retrieved September 28, 2022.
  40. ^ Shakir, Umar. "Turnstile is Cloudflare's latest attempt to rid the web of CAPTCHAs". The Verge. Retrieved September 28, 2022.
  41. ^ Kass, D. Howard (January 17, 2023). "Cloudflare Lands $7.2M Project from CISA for Registry, DNS Services". MSSP Alert. Retrieved April 12, 2023.
  42. ^ "Digital payments leader partners with Cloudflare to accelerate, secure monthly mobile payments". VentureBeat. January 20, 2023. Retrieved May 8, 2023.
  43. ^ Porter, Jon (February 10, 2023). "Cloudflare wants to help you set up your own Mastodon-compatible server in 'minutes'". The Verge. Retrieved July 5, 2023.
  44. ^ Hesseldahl, Arik (June 10, 2011). "Web Security Start-Up Cloudflare Gets Buzz, Courtesy of LulzSec Hackers". All Things Digital. Archived from the original on June 12, 2011. Retrieved August 15, 2011.
  45. ^ Storm, Darlene (March 27, 2013). "Biggest DDoS attack in history slows Internet, breaks record at 300 Gbps". Computerworld. Retrieved August 22, 2019.
  46. ^ Markoff, John; Perlroth, Nicole (March 26, 2013). "Online Dispute Becomes Internet-Snarling Attack". The New York Times. Retrieved August 22, 2019.
  47. ^ Gayomali, Chris (January 9, 2015). "The biggest cyberattack in Internet history is happening right now". The Week.
  48. ^ Musil, Steven (February 11, 2014). "Record-breaking DDoS attack in Europe hits 400 Gbit/s". CNET.
  49. ^ Gallagher, Sean (February 11, 2014). "Biggest DDoS ever aimed at Cloudflare's content delivery network". Ars Technica. Retrieved May 17, 2016.
  50. ^ Olson, Parmy (November 20, 2014). "The Largest Cyber Attack in History Has Been Hitting Hong Kong Sites". Forbes. Retrieved August 22, 2019.
  51. ^ Greig, Jonathan. "Cloudflare says it stopped the largest DDoS attack ever reported". ZDNet. Retrieved November 19, 2021.
  52. ^ Arghire, Ionut (February 14, 2023). "Record-Breaking 71 Million RPS DDoS Attack Seen by Cloudflare". SecurityWeek. Retrieved February 18, 2023.
  53. ^ Newman, Lily Hay (June 12, 2019). "Cloudflare's Five-Year Project to Protect Nonprofits Online". Wired. ISSN 1059-1028. Retrieved August 5, 2019.
  54. ^ Melendez, Steven (June 11, 2020). "Amid pandemic and protests, Cloudflare is defending vulnerable websites". Fast Company. Retrieved February 3, 2021.
  55. ^ Hatmaker, Taylor (July 19, 2018). "Cloudflare Recruits State and Local Governments for Free Election Site Security Programs". TechCrunch. Retrieved January 28, 2021.
  56. ^ Melendez, Steven (June 11, 2020). "Amid pandemic and protests, Cloudflare is defending vulnerable websites". Fast Company. Retrieved May 12, 2021.
  57. ^ "After a series of cyberattacks, states look to secure election results websites". NBC News. November 3, 2022. Retrieved August 9, 2023.
  58. ^ Dillet, Romain (December 17, 2020). "Cloudflare launches Cloudflare Pages, a platform to deploy and host JAMstack sites". TechCrunch. Retrieved May 26, 2021.
  59. ^ Etherington, Darrell (January 22, 2021). "Cloudflare introduces free digital waiting rooms for any organizations distributing COVID-19 vaccines". TechCrunch. Retrieved May 12, 2021.
  60. ^ "Cloudflare's Project Fair Shot". Webby Awards. Retrieved May 26, 2022.
  61. ^ "Post-quantum crypto should be free, so we're including it for free, forever". March 16, 2023.
  62. ^ Simcoe, Luke (June 14, 2012). "The 4chan breach: How hackers got a password through voicemail". Maclean's. Archived from the original on January 15, 2014. Retrieved August 22, 2019.
  63. ^ Smith, Ms. (June 3, 2012). "Hacktivists UGNazi attack 4chan, Cloudflare and Wounded Warrior Project". Privacy and Security Fanatic. NetworkWorld. Archived from the original on November 12, 2013. Retrieved August 22, 2019.
  64. ^ Conger, Kate (February 23, 2017). "Major Cloudflare bug leaked sensitive data from customers' websites". TechCrunch. Retrieved August 22, 2019.
  65. ^ Steinberg, Joseph (February 24, 2017). "Why You Can Ignore Calls To Change Your Passwords After Today's Massive Password Leak Announcement". Inc. Retrieved February 24, 2017.
  66. ^ Molina, Brett (February 28, 2017). "Cloudfare bug: Yes, you should change your passwords". USA Today. Retrieved March 1, 2017.
  67. ^ Schwencke, Ken (May 10, 2017). "Internet Company That Does Business With Hate Sites Alters Complaint Policies". ProPublica. Retrieved March 4, 2023.
  68. ^ Heater, Brian (July 2, 2019). "Cloudflare blames 'bad software' deployment for today's outage". TechCrunch. Retrieved August 13, 2021.
  69. ^ Villas-Boas, Antonio (July 2, 2019). "Major websites and services across the internet went down Tuesday because of a cloud network outage". Business Insider. Retrieved August 13, 2021.
  70. ^ Woods, Ben (June 9, 2021). "How a tiny US firm caused world's biggest websites to crash in a day of chaos". The Daily Telegraph. Archived from the original on January 12, 2022. Retrieved August 13, 2021.
  71. ^ Porter, Jon (June 21, 2022). "Cloudflare outage breaks large swathes of the internet". The Verge. Archived from the original on June 21, 2022. Retrieved June 21, 2022.
  72. ^ Hill, Kashmir (August 17, 2014). "The Company Keeping Your Favorite (And Least Favorite) Websites Online". Forbes. Retrieved September 15, 2021.
  73. ^ Peterson, Becky (August 17, 2017). "Cloudflare CEO explains his emotional decision to punt The Daily Stormer and subject it to hackers: I woke up 'in a bad mood and decided to kick them off the Internet'". Business Insider. Retrieved September 15, 2021.
  74. ^ "Web services firm CloudFlare accused by Anonymous of helping Isis". The Guardian. November 19, 2015. Retrieved September 15, 2021. The week before the Paris attacks, Ghost Security counted almost 40 ISIS websites that use Cloudflare's services.
  75. ^ a b c "CloudFlare CEO blasts Anonymous claims of ISIS terrorist support". The Register. November 18, 2015. Retrieved September 16, 2021.
  76. ^ Han, Catherine; Kumar, Deepak; Durumeric, Zakir (May 31, 2022). "On the Infrastructure Providers That Support Misinformation Websites". Proceedings of the International AAAI Conference on Web and Social Media. 16: 287–298. doi:10.1609/icwsm.v16i1.19292. S2CID 237300450. Retrieved August 27, 2022.
  77. ^ Stokel-Walker, Chris (August 26, 2022). "Cloudflare Is One of the Companies That Quietly Powers the Internet. Researchers Say It's a Haven for Misinformation". Time. Retrieved August 27, 2022.
  78. ^ Lee, Timothy B. (August 31, 2017). "Tech companies declare war on hate speech—and conservatives are worried". Ars Technica. Retrieved August 6, 2019.
  79. ^ Wong, Julia Carrie (August 28, 2017). "The far right is losing its ability to speak freely online. Should the left defend it?". The Guardian. London. Retrieved August 22, 2019.
  80. ^ Captain, Sean (February 27, 2019). "Is Cloudflare a privacy champion or hate speech enabler? Depends who you ask". Fast Company. Retrieved August 5, 2019.
  81. ^ a b c Lee, Timothy B. (December 4, 2017). "Cloudflare's CEO has a plan to never censor hate speech again". Ars Technica. Retrieved August 5, 2019.
  82. ^ a b Johnson, Steven (January 16, 2018). "Inside Cloudflare's Decision to Let an Extremist Stronghold Burn". Wired. ISSN 1059-1028. Retrieved August 5, 2019.
  83. ^ Peterson, Becky (August 17, 2017). "Cloudflare CEO explains his emotional decision to punt The Daily Stormer and subject it to hackers: I woke up 'in a bad mood and decided to kick them off the Internet'". Business Insider. Retrieved August 17, 2017.
  84. ^ a b Peterson, Becky. "Cloudflare CEO explains his emotional decision to punt The Daily Stormer and subject it to hackers: I woke up 'in a bad mood and decided to kick them off the Internet'". Business Insider. Retrieved May 15, 2023.
  85. ^ Citron, Danielle Keats (November 28, 2017). "What to Do about the Emerging Threat of Censorship Creep on the Internet" (PDF). Cato Institute. 282: 3–4 – via Cato.org.
  86. ^ Keller, Daphne (August 15, 2017). "The Daily Stormer, Online Speech, and Internet Registrars". Stanford Center for Internet and Society. Stanford Law School. Retrieved August 6, 2019.
  87. ^ Shaban, Hamza (August 18, 2017). "Banning neo-Nazis online may be slippery slope, tech group warns Silicon Valley". The Washington Post. Retrieved August 6, 2019.
  88. ^ a b Wong, Julia Carrie (August 4, 2019). "8chan: the far-right website linked to the rise in hate crimes". The Guardian. Retrieved August 5, 2019.
  89. ^ Mezzofiore, Gianluca; O'Sullivan, Donie (August 5, 2019). "El Paso shooting is at least the third atrocity linked to 8chan this year". CNN. Retrieved August 5, 2019.
  90. ^ Roose, Kevin (August 4, 2019). "8chan Is a Megaphone for Gunmen. 'Shut the Site Down,' Says Its Creator". The New York Times. Retrieved August 5, 2019.
  91. ^ O'Neill, Patrick Howell (November 17, 2014). "8chan, the central hive of Gamergate, is also an active pedophile network". The Daily Dot. Retrieved August 5, 2019.
  92. ^ Machkovech, Sam (August 17, 2015). "8chan-hosted content disappears from Google searches: Domain-specific searches contain warning about "suspected child abuse content."". Ars Technica. Retrieved August 5, 2019.
  93. ^ Dewey, Caitlin (January 13, 2015). "This is what happens when you create an online community without any rules". The Washington Post. Retrieved August 22, 2019.
  94. ^ "Cloudflare embroiled in child abuse row". BBC News. October 22, 2019. Retrieved November 15, 2019.
  95. ^ Kelly, Makena (August 4, 2019). "Cloudflare to revoke 8chan's service, opening the fringe website up for DDoS attacks". The Verge. Archived from the original on August 5, 2019. Retrieved August 5, 2019.
  96. ^ Uebele, Hannah (August 6, 2019). "El Paso: When Freedom Of Speech Turns Violent". WGBH. Retrieved June 6, 2021.
  97. ^ Collins, Ben (August 4, 2019). "Investigators 'reasonably confident' Texas suspect left anti-immigrant screed". NBC News. Retrieved August 22, 2019.
  98. ^ a b Wong, Julia Carrie (August 3, 2019). "8chan: the far-right website linked to the rise in hate crimes". The Guardian. London. Retrieved August 3, 2019.
  99. ^ "Terminating Service for 8Chan". August 5, 2019.
  100. ^ "8chan goes dark after hardware provider discontinues service". The Verge. August 5, 2019.
  101. ^ Wong, Julia Carrie (August 5, 2019). "8chan: the far-right website linked to the rise in hate crimes". The Guardian. ISSN 0261-3077. Retrieved April 30, 2023.
  102. ^ Kelly, Makena (August 5, 2019). "Cloudflare to revoke 8chan's service, opening the fringe website up for DDoS attacks". The Verge. Retrieved June 16, 2023.
  103. ^ "Inside Keffals' Battle to Bring Down Kiwi Farms". September 7, 2022.
  104. ^ "TechScape: How Kiwi Farms, the worst place on the web, was shut down". TheGuardian.com. September 7, 2022.
  105. ^ Pless, Margaret (July 19, 2016). "Kiwi Farms, the Web's Biggest Community of Stalkers". Intelligencer. New York Magazine. Archived from the original on August 31, 2022. Retrieved August 31, 2022.
  106. ^ Baj, Lavender (July 13, 2021). "Kiwi Farms Has 14 Days To Find A New Domain Host After Being Booted Off DreamHost". Kotaku Australia. Archived from the original on October 1, 2021. Retrieved July 13, 2021.
  107. ^ Wodinsky, Shashona (June 29, 2021). "The Worst Site on the Web Gets DDoS'd After Being Connected to Prominent Developer's Suicide". Gizmodo. Archived from the original on June 29, 2021. Retrieved August 31, 2022.
  108. ^ a b c Cook, Jesselyn (December 14, 2018). "U.S. Tech Giant Cloudflare Provides Cybersecurity For at Least 7 Terror Groups: Among its customers are the Taliban, al-Shabab and Hamas". HuffPost. Retrieved August 5, 2019.
  109. ^ Kotaku Staff (June 28, 2021). "The Brilliant SNES Emulator Author Known As Near Has Died". Kotaku. Archived from the original on June 27, 2021. Retrieved June 28, 2021.
  110. ^ Colombo, Charlotte (August 3, 2021). "Kiwi Farms, the forum that has been linked to 3 suicides, was made to troll Chris Chan years before she was arrested on an incest charge". Insider. Archived from the original on October 1, 2021. Retrieved August 31, 2022.
  111. ^ Goforth, Claire (August 22, 2022). "Pressure grows on Cloudflare to drop Kiwi Farms after latest doxing campaign". The Daily Dot. Retrieved August 23, 2022.
  112. ^ Cole, Samantha (August 23, 2022). "People Are Demanding That Cloudflare Drop Kiwi Farms". Vice. Retrieved August 24, 2022.
  113. ^ Rosenberg, Scott (August 25, 2022). "Campaign pushes Cloudflare to drop trans hate site". Axios. Archived from the original on August 25, 2022. Retrieved August 25, 2022.
  114. ^ Bardhan, Ashley (August 25, 2022). "As Twitch Streamer Flees, Pressure Mounts On Cloudflare To Stop Protecting Controversial Kiwi Farms Site". Kotaku. Retrieved August 26, 2022.
  115. ^ "What is a reverse proxy? Proxy servers explained". Cloudflare. Retrieved September 2, 2022. A reverse proxy is a server that sits in front of web servers ... typically implemented to help increase security, performance, and reliability.
  116. ^ Czachor, Emily Mae (September 1, 2022). "Cloudflare indicates services will continue for controversial website Kiwi Farms". CBS News. Archived from the original on September 2, 2022. Retrieved September 2, 2022.
  117. ^ Claburn, Thomas (August 31, 2022). "Cloudflare tries to explain why it protects far-right forums that stalk and harass victims". The Register. Archived from the original on September 2, 2022. Retrieved September 2, 2022. ... the company continues to provide security – its reverse proxy service – that helps Kiwi Farms defend against denial of service attacks and keeps the web forum online.
  118. ^ D'Anastasio, Cecilia (August 30, 2022). "Cloudflare Urged to Cut Ties to Site That Promotes Harassment". Bloomberg. Archived from the original on September 3, 2022. Retrieved August 30, 2022.{{cite web}}: CS1 maint: bot: original URL status unknown (link)
  119. ^ Gilbert, David (September 7, 2022). "Inside Keffals' Battle to Bring Down Kiwi Farms". Vice News. Archived from the original on September 8, 2022. Retrieved September 8, 2022.
  120. ^ Tenbarge, Kat; Abbruzzese, Jason; Collins, Ben (September 3, 2022). "Internet services company Cloudflare blocks Kiwi Farms citing 'targeted threats'". NBC News. NBC. Retrieved July 24, 2023.
  121. ^ "Cloudflare's abuse policies & approach". The Cloudflare Blog. Cloudflare. August 31, 2022. Retrieved February 21, 2023.
  122. ^ Alspach, Kyle (August 31, 2022). "Cloudflare probably won't terminate services for 'despicable' sites". Protocol. Archived from the original on August 31, 2022. Retrieved August 31, 2022.
  123. ^ D'Anastasio, Cecilia (August 31, 2022). "Cloudflare Hints It Won't Cut Ties to Site Linked to Harassment". BNN Bloomberg. Archived from the original on August 31, 2022. Retrieved August 31, 2022.
  124. ^ a b Taylor, Josh (September 1, 2022). "Cloudflare defends providing security services to trans trolling website Kiwi Farms". The Guardian. Archived from the original on September 2, 2022. Retrieved September 2, 2022.
  125. ^ Menn, Joseph; Lorenz, Taylor (September 3, 2022). "Under pressure, security firm Cloudflare drops Kiwi Farms website". The Washington Post. Archived from the original on September 3, 2022. Retrieved September 3, 2022.
  126. ^ Prince, Matthew (September 3, 2022). "Blocking Kiwifarms". Cloudflare. Archived from the original on September 3, 2022. Retrieved September 3, 2022.
  127. ^ Tenbarge, Kat; Abbruzzese, Jason; Collins, Ben (September 3, 2022). "Internet services company Cloudflare blocks fringe message board Kiwi Farms citing 'targeted threats'". NBC News. Archived from the original on September 4, 2022. Retrieved September 4, 2022.
  128. ^ a b Cole, Samantha (April 19, 2018). "Cloudflare: FOSTA Was a 'Very Bad Bill' That's Left the Internet's Infrastructure Hanging". Vice News. Archived from the original on September 2, 2022. Retrieved September 2, 2022.
  129. ^ O'Donovan, Caroline (April 16, 2018). "Trump Just Signed A Law That Helped Create A New Twitter For Sex Workers". BuzzFeed News. BuzzFeed. Archived from the original on September 2, 2022. Retrieved September 2, 2022.
  130. ^ "Cloudflare Just Banned a Social Media Refuge for Thousands of Sex Workers". Vice News. April 19, 2018.
  131. ^ Romano, Aja (July 2, 2018). "A new law intended to curb sex trafficking threatens the future of the internet as we know it". Vox. Retrieved September 1, 2022.
  132. ^ McSherry, Corynne; York, Jillian C. (October 13, 2022). "The Internet Is Not Facebook: Why Infrastructure Providers Should Stay Out of Content Policing". Electronic Frontier Foundation. Retrieved August 16, 2023.
  133. ^ "Cloudflare and FOSTA/SESTA". Assembly Four. April 18, 2018.
  134. ^ Kohlmann, Evan F. (January 27, 2015). "Charlie Hebdo and the Jihadi Online Network: Assessing the Role of American Commercial Social Media Platforms" (PDF). United States House of Representatives. Retrieved August 22, 2019.
  135. ^ Jones, Rhett (December 14, 2018). "Cloudflare Under Fire for Allegedly Providing DDoS Protection for Terrorist Websites". Gizmodo. Retrieved August 5, 2019.
  136. ^ Sun, Mengqi (September 10, 2019). "Cloud-Services Company Cloudflare Discloses Potential Sanctions Violations". Wall Street Journal. Retrieved March 4, 2023.
  137. ^ Stone, Jeff (September 11, 2019). "Cloudflare may have provided service to terrorists, drug traffickers in violation of U.S. sanctions". CyberScoop. Retrieved March 4, 2023.
  138. ^ "Spamhaus Botnet Threat Report Q1-2020, ISPs hosting botnet C&Cs". The Spamhaus Project. Retrieved May 1, 2020.
  139. ^ "Cloudflare and Spamhaus". Word to the Wise. July 16, 2017. Retrieved February 28, 2017.
  140. ^ "The Spamhaus Project". The Spamhaus Project. Retrieved September 30, 2019.
  141. ^ Edgecombe, Graham (October 12, 2015). "Certificate authorities issue SSL certificates to fraudsters". Netcraft. Retrieved October 14, 2015.
  142. ^ Krebs, Brian (October 20, 2016). "Spreading the DDoS Disease and Selling the Cure – Krebs on Security". Retrieved October 11, 2023.
  143. ^ Team, SecureWorld News (May 3, 2018). "Is this OK? DDoS Defense Vendor Protected World's Largest DDoS-for-Hire Site". www.secureworld.io. Retrieved October 11, 2023.
  144. ^ "Counterfeit and Piracy Watch List" (PDF). European Commission. December 7, 2018. Retrieved July 16, 2021.
  145. ^ Maxwell, Andy (December 10, 2018). "New EU Piracy Watchlist Targets Key Pirate Sites and Cloudflare". TorrentFreak. Retrieved July 16, 2021.
  146. ^ Pekic, Branislav (February 17, 2021). "Court orders CloudFlare to stop hosting illegal IPTVs". Retrieved June 2, 2023.
  147. ^ Van der Sar, Ernesto (October 14, 2020). "Italian Court Orders Cloudflare to Block a Pirate IPTV Service". TorrentFreak. Retrieved July 16, 2021.
  148. ^ Nordemann, Jan Bernd (July 12, 2021). "Duties of DNS resolvers and CDN providers – the CoA Cologne finds Cloudflare accountable". Wolters Kluwer. Retrieved July 16, 2021.
  149. ^ Timberg, Craig; Zakrzewski, Cat; Menn, Joseph (March 4, 2022). "A new iron curtain is descending across Russia's Internet". The Washington Post. Retrieved May 11, 2022.
  150. ^ Moore, Logan; Vanjani, Karishma (March 25, 2022). "These Companies Haven't Left Russia. Behind Their Decisions to Stay". Barron's. Retrieved May 17, 2022.
  151. ^ Stone, Jeff; Gallagher, Ryan (March 8, 2022). "Cloudflare Rebuffs Ukraine Requests to Stop Working With Russia". Bloomberg. Retrieved May 11, 2022.
  152. ^ Brodkin, Jon (March 8, 2022). "Cloudflare refuses to pull out of Russia, says Putin would celebrate shutoff". Ars Technica. Retrieved July 5, 2023.
  153. ^ "Disrupters and Defenders: What the Ukraine War Has Taught Us About the Power of Global Tech Companies". www.institute.global. Retrieved July 5, 2023.
  154. ^ Brodkin, Jon (March 8, 2022). "Cloudflare refuses to pull out of Russia, says Putin would celebrate shutoff". Ars Technica. Retrieved April 19, 2022.
  155. ^ Morrow, Allison (May 26, 2022). "Crypto is dead. Long live crypto: Davos Dispatch". CNN. Retrieved May 26, 2022.
  156. ^ "CloudFlare Teams Up With 15 NGOs To Protect Citizen Journalists And Activists From DDoS Attacks". TechCrunch. June 12, 2014. Retrieved June 26, 2022.
  157. ^ Garson, Melanie; Furlong, Pete (May 2022). "Disrupters and Defenders: What the Ukraine War Has Taught Us About the Power of Global Tech Companies". Tony Blair Institute for Global Change.

External links[edit]

  • Official website
  • Business data for Cloudflare, Inc.: