Why I'm Not Ditching Cloudflare

ARPANET (the precursor to the internet) was built to connect scarce computing resources across the country to foster research and development. It’s designers say that it was never designed to survive a nuclear attack rather, it was built to work around flaky network links of its era. The Internet of today is powered by the Border Gateway Protocol (BGP) routing protocol. BGP is powerful as it shares information throughout myriad locations about how to send traffic from one part of the internet to another. I have seen this protocol work in war simulations with almost no service degradation of military networks during “catastrophic events”. The Internet, at its core, is designed to be decentralized, survivable, and accessible.

For a long time I have been preaching about diversity. Not only diversity in your staff but diversity in your service providers. Your registrar shouldn’t also house your DNS. Your CDN backend shouldn’t be in the same place as your front end. While this seems more complex, it’s simplified when using APIs. Managing resources with infrastructure as code concepts makes cloud diversity manageable. This is why my website’s code is on Github, has DNS at Cloudflare, is hosted through Netlify, and assets are in Google Cloud Storage distributed by Cloudflare. Why Cloudflare twice (DNS/CDN)? It’s free and utilizes Anycast (made possible by BGP) which is a very resilient way to build out Internet scale infrastructure and services.

If you weren’t aware, after the murder of Heather Hyer in Charlottesville, several neo-Nazi websites were kicked off various service providers. Neo-Nazis aren’t good at distributed systems. They created single points of failure across their platforms. This is good for their detractors and those that oppose hate (at first, I applauded the bans). But, as the EFF has warned, the tools used to ban unpopular opinion today could be the tools used to ban truth tomorrow. As much as I detest neo-Nazis, fascists, white supremacists, etc. having their right to be online revoked by a handful of major players in the tech space is a little troubling. Plus, I really like it when morons, hate-filled people, and racists self identify. It makes it very easy to avoid them once they do so.

What is even more troubling is the how and why a particular neo-Nazi/alt-right web site was punted off Cloudflare. As Matthew Prince, CEO, Cloudflare, so eloquently put it, “I woke up this morning in a bad mood and decided to kick them off the Internet… It was a decision I could make because I’m the CEO of a major Internet infrastructure company.

It’s important to recognize that Cloudflare has historically not caved into pressure to censor people that utilize their services. It’s part of their policy to NOT choose WHO can be protected by their services. Yet, I felt that if my name was in any way affiliated with a service also used by neo-Nazis it was my moral responsibility to break that affiliation. Cloudflare was under enormous pressure to do something. But, they’ve historically made the decision to not cave into pressure from outside entities to kick people off the Internet. I was going to migrate my DNS to Microsoft Azure and start paying Google more for traffic to Google Cloud Storage as a result of leaving Cloudflare.

I began to export DNS zone files from Cloudflare to push to Azure. When I went to use the Azure CLI tool something broke when importing the zone files. I reached out to Kris Nova for help and after some bandying about we concluded I found a bug in the Azure CLI tool. I decided it was worth waiting for the bug to get fixed to migrate away from Cloudflare. Then something happened; Cloudflare banned the neo-Nazis from their service.

I listened to Ben Thompson and James Allworth discuss Cloudflare’s decision on The Exponent Episode 121 and got a lot more of the back story than I originally had on the banning. Matthew Prince waking up in a bad mood and deciding to kick folks off the service he and his team built was something I did not see coming. His reluctance to do so and the explanation as to why doing it was actually a bad thing is well reasoned. For that reason, among many others (like their impeccable uptime record made possible by BGP), I am deciding to stay with Cloudflare. It wasn’t an easy decision but time, bugs, unprecedented events, and reason all played a factor.

See Also

comments powered by Disqus