So far most conversations about privacy and rights to privacy, have addressed the personal information of individuals; that is, persons. Even people with criminal convictions have, as it turns out, rights too. What’s good for the goose, is good for the gander, so the saying goes, and it came to mind that while we have been looking at the user end of the connection and the personal information for the user, the other end at the web server, can also raise its own set of privacy concerns.
Cloudflare is a CDN (content distribution network service), similar to Amazon’s CloudFront and one you already know: Akamai. CDN’s site between the public internet and your real server, so if your videos get as popular as the Victoria’s Secret Fashion Show, your one server won’t get slammed with having to serve up millions of copies; the distribution network makes local copies near the requests, and everyone is happy. Certain types of malicious or attack traffic can be filtered out by the service and won’t even make it to your real server (it does not protect everything – your mail servers, or if you use database servers, or others require separate protections outside CDN). All of this is nice, and works well for nice people. Who would not want protection for their web servers?
If however, criminals and terrorists such as ISIS purchase such protective services, the ethical reasoning for protecting all web servers needs a lot more discussion so we are clear on what is acceptable or not. Without making any conclusions about the specific claims on sites critical of cloudflare, if indeed criminals and terrorists hide behind these protections, perhaps we need to rethink how comfortable everyone is with such protections.
Combinations of good, bad, and ugly all party together. “Free Speech” (a la First Amendment) is tempered by limits such as prohibitions of “falsely yelling FIRE in a crowded theater“. It is sometimes uncomfortable that rights organizations such as ACLU will protect the rights of hate groups. It appears that cloudflare rationalizes their protection of users of their services in a similar line of explanation.
CDN’s are complex services and there are many other security and privacy issues to be covered; those will wait for another day. For now, the topic is limited to the equal treatment of goose and gander (you have to decide which you are).