The Flipside To Figuring Out What Content Do You Block: Cloudflare's Project Galileo Focuses On Who It Should Protect

from the case-studies dept

There has been so much discussion lately about the impossibility of doing content moderation well, but it’s notable that the vast majority of that discussion focuses on what content to ban or to block entirely. I do wish there was more talk about alternatives, some of which already exist (from things like demonetization to refusing to algorithmically promote — though, for the most part, these solutions just seem to annoy people even more). But there is something of a flipside to this debate which applies in perhaps somewhat more rare circumstances: what content or speakers to specifically protect.

I’m thinking of this, in particular, as Cloudflare has announced the 5th anniversary of its (until now, mostly secretive) Project Galileo offering, in which the company provides free security to around 600 organizations which are likely targets of attacks from well resourced attackers:

Through the Project, Cloudflare protects?at no cost?nearly 600 organizations around the world engaged in some of the most politically and artistically important work online. Because of their work, these organizations are attacked frequently, often with some of the fiercest cyber attacks we?ve seen.

Since it launched in 2014, we haven’t talked about Galileo much externally because we worry that drawing more attention to these organizations may put them at increased risk. Internally, however, it’s a source of pride for our whole team and is something we dedicate significant resources to. And, for me personally, many of the moments that mark my most meaningful accomplishments were born from our work protecting Project Galileo recipients.

The promise of Project Galileo is simple: Cloudflare will provide our full set of security services to any politically or artistically important organizations at no cost so long as they are either non-profits or small commercial entities. I’m still on the distribution list that receives an email whenever someone applies to be a Project Galileo participant, and those emails remain the first I open every morning.

At a first glance, this might not seem like much of a story at all: internet company does something good to protect those at risk doesn’t necessarily seem that interesting at first, especially during a moment in time when everyone is so focused on attacking every internet company for bringing about all the evils of the world. However, I do think there are some very important lessons to be learned here, and some of them very much apply to the debates about content moderation. In some sense, Project Galileo is like the usual content moderation debates, but in reverse.

I was particularly interested in how Cloudflare chose which organizations to protect, and spoke with the company’s CEO, Matthew Prince last week to get a more in-depth explanation. As he explained, they partnered up with a wide variety of trustworthy organizations (including EFF, Open Technology Institute, the ACLU, Access Now, CDT, Mozilla, Committee to Protect Journalists and the Freedom of the Press Foundation, among others), and would let those organizations nominate organizations which might be at risk or if organizations approached Cloudflare about being included in Project Galileo, Cloudflare could run their application by those trusted partners. What started with 15 partner organizations has now nearly doubled to 28.

Of course, such a system likely wouldn’t work well in the other direction (figuring out what accounts to ban or otherwise punish) as people would undoubtedly flip out and attack them — as many did a few years ago when Twitter announced its Trust and Safety Council of partner organizations that it relied on for advice on how it handled its trust and safety questions. Many critics of Twitter and its policies have continued to falsely insist that the organizations in this list are some sort of Star Chamber making decisions on who is allowed to use Twitter and who is not — so any move to actually have such a system in place would likely be met with resistance.

However, there is something interesting about having a more thorough process involving outside experts, than just trusting a company to make these decisions entirely internally. It’s obviously somewhat different with Cloudflare, in part because it’s providing underlying security services that are not as upfront as the various social media sites, and also because it’s about picking out who to “protect” rather than who to block. But it is worth looking at and thinking about all of the different challenges there are when it comes to content moderation that go beyond what most people normally talk about.

For what it’s worth, this is also quite important as more and more politicians around the globe are gearing up to “regulate” content moderation in one way or another. It’s one thing to say that social media sites should be required by law to block certain accounts (or to not block certain accounts), but think about how any of those laws might also apply to services like Project Galileo, and you can see why there should be caution in rushing in with regulatory solutions. The approach taken with something like Project Galileo ought to be entirely different than the process of determining whether or not a platform has decided to remove Nazi propagandists. But it’s doubtful that those proposing new regulations are thinking that far ahead, and I worry that some new proposals may sweep up Project Galileo in a manner where it may become more difficult for Cloudflare to continue to run such a program.

Still, in this era when everyone is so focused on the bad stuff online and how to stop it, it’s at least worth acknowledging a cool project from Cloudflare to note the good stuff online and how to protect it.

Filed Under: , , , ,
Companies: cloudflare

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “The Flipside To Figuring Out What Content Do You Block: Cloudflare's Project Galileo Focuses On Who It Should Protect”

Subscribe: RSS Leave a comment
Anonymous Coward says:

Re: Re: Re: Or we could just call you an ignorant motherfucker

And you ment to write:
I am an easily offended shitheel who lacks basic pattern recognition skills and lack the mental stability to understand that I have major mental health issues that I should be taking care of instead of obsessing over a site for over a decade that I claim no one reads but has nearly unlimited power and influence and I also love run on sentences because I am in addition to everything else a massive twat.

Anonymous Coward says:

Re: Re: Re:

Cloudflare is listed as the HOST SERVER for websites, which makes them a proxy, not just a conduit.

Some of the content they enable is downright disgusting, and if legal for them to publish, only because they think Section 230 can save them. That’s a big bet they’re making.

They’re a good poster child for why 230 needs to go.

PaulT (profile) says:

Re: Re: Re: Re:

“Cloudflare is listed as the HOST SERVER for websites, which makes them a proxy, not just a conduit”

No, they’re listed as the dns target. Also proxyband hoy are not the same thing.

Holding them liable for the content they provide service for won’t change a damn thing btw. They simply provide services to enable sites to be more resilient to ddos attacks and local internet issues. Get rid of them, and you will just end up with the same end content being a bit less reliable. Hardly worth the millions of jobs you’d risk in the process of holding people responsible for things they haven’t done.

Sok Puppette (profile) says:

Re: Re: Re:3 Re:

I know that tech inside and out from about 30(!) years’ experience (OK, only 25 for HTTP). And I have to say that the difference between a caching proxy and a host is pretty tenuous… and probably completely irrelevant from an ethical point of view.

If you’re deliberately participating in delivering specific content, having chosen that particular content at least to the level that you know this or that site is controversial for this or that reason, then what difference does it make?

I could equally apply your argument to paid hosting. If a better host won’t carry some content, then it’ll still find hosting on a worse one. And , "btw", for controversial content, Cloudflare isn’t about "a bit less reliable". It can be the difference between "reasonably available" and "essentially unavailable".

The difference between me and the grandparent is that I believe Cloudflare, and paid hosts, and whoever else, probably including large social media platforms, should NOT discriminate on content at all.

Stephen T. Stone (profile) says:

Re: Re: Re:4

Cloudflare, and paid hosts, and whoever else, probably including large social media platforms, should NOT discriminate on content at all.

Hi. You’ve expressed the opinion that a service such as Twitter or a paid content host should carry content its admins may not want to host. Please provide the reasoning behind this opinion so I can better understand it.

Suspicious Doesn't Begin To Describe says:

KNEW you'd defend CrimeFlare some day!

I found out some time back why Techdirt uses Cloudflare: it’s phony security (not secure from Cloudflare to client, still allows MITM attack) and a tool for pirates and scammers to obscure location.

Note the clue in site name. At top is: "In other words, nothing can be done about the ISIS sites, carders, booters, gamblers, escorts, phishers, malware, and copyright infringers that CloudFlare protects."

Also answers a question that I posed (and ignored) in 2015: on page says that an "ssl" certificate # means Techdirt pays Cloudflare. — Yup, there it is! ssl392180 (page says current May 27, 2017)

Cloudflare is not only accused of helping pirates, there’s a court ruling:

Cloudflare’s Cache Can `Substantially Assist’ Copyright Infringers, Court Rules

"[I]f Cloudflare’s logic were accepted, there would be no web content too illegal, or dangerous, to justify termination of its services. While Cloudflare may do amazing things for internet security, the Court would have a hard time accepting that Cloudflare’s security features give it license to assist in any online activity," Judge Wu writes.

TFG says:

Re: KNEW you'd defend CrimeFlare some day!

First link is to a site that is … barely better than Time Cube. I have zero reason to take it seriously, as, like you, it fails to provide substantive evidence to support its wild assertions.

Second link is valid, though worth noting that the case it references never went to trial. It got settled, instead, and honestly we’re better off for it. We don’t need the grossly long arm of copyright maximalists extending into shutting down security features.

None of which has any relevance to Project Galileo or the principles of content moderation. You had a chance to be relevant to an article topic, but you’ve once again fucked it all up.

PaulT (profile) says:

Re: Re: KNEW you'd defend CrimeFlare some day!

"First link is to a site that is … barely better than Time Cube"

I’ll take your word for it, I bet it’s fun though. But, I’ll repeat what I just said – port 82? I don’t think I’ve ever seen a site not hosted on ports 80, 443 or 8080. Is the guy that paranoid about CDN that he refuses to use the agreed standards that have existed since the web was invented?

nae such says:

Re: Re: Re: KNEW you'd defend CrimeFlare some day!

the port is really just arbitrary. it is convention to use port 80 etc. for web traffic, but you can run it on any port you want. this can cause various issues such as harder discovery, local or isp firewall blocking, and misfired traffic, but is perfectly feasible. i generally only do this when testing proxies or developing multiple sites and languages, and then just listening to local host, but it should likely be obvious that people do all kinds of strange things for innumerable reasons.

PaulT (profile) says:

Re: Re: Re:2 KNEW you'd defend CrimeFlare some day!

Well… the port is technically arbitrary, as in you can use any port you want in your config. But, if you don’t adopt agreed standards it can cause all sorts of problems in production.

"this can cause various issues such as harder discovery, local or isp firewall blocking, and misfired traffic"

Exactly. So, why would someone wish to put a public website on ports outside of the accepted standards for web traffic. Especially since the point of the site is apparently to whine about a particular company. Wouldn’t someone trying to get word out about whatever "crimes" are being committed want to make their site more and not less available?

EDIT: I thought I’d do a quick check in case there was anything normally used on that port and apparently it’s something to do with a TOR browser. So, in other words, our paranoid local nutjob has been hanging around on sites operated by other paranoid nutjobs and, thinks he’s scored a coup by finding something that’s still fully visible on the standard public web. Never mind…

PaulT (profile) says:

Re: KNEW you'd defend CrimeFlare some day!

Erm.. you’re always full of shit as ever and I’m not going to click on random sites but… why has the person who runs whatever insane conspiracy site you links to first chosen to specifically host his website on port 82 rather than the standard 80? Are web standards evil now or something?

"on page says that an "ssl" certificate # means Techdirt pays Cloudflare"

Yes, as ever you’re a genius. You found publicly available information provided by Techdirt and that means you’re now some kind of sleuth and deserve a cookie. Go get it while the adults talk.

"Cloudflare’s Cache Can `Substantially Assist’ Copyright Infringers, Court Rules"

Yeah, judges can sometimes be as technically ignorant as you, it’s a real problem.

Anonymous Coward says:

Remember those internet lawyers who said calling someone "racist" wasn’t defamatory but opinion?

Tell that to Oberlin college, who just lost $11 million (and might lose $33 million) over the same thing. If they say that’s a tortious-interference judgment, well tortious-interference doesn’t apply without an underlying tort violation, such as defamation.

trollificus (profile) says:

Re: Re: Re:

No, it was a well-deserved verdict that will stand appeal (though they might get damages reduced by an amount greater than the legal fees to appeal it). In a gross example of "punching down", ridiculous accusations and threats were supported by the university, assuming the "free speech" of the students would protect any action they took. But not in a case of defamation, which seems pretty clear here.

Or maybe the jury was just a bunch of unenlightened rubes who think there’s a difference between "speech" and "raging mobs of protesters, death and arson threats and interference with business operations".

As a practical matter, whatever you think of the members of the jury (who should, probably, be doxxed, threatened and have their employers and relatives called), it should not be hard to empanel a jury of people willing to make a like distinction anywhere in the country.

That One Guy (profile) says:

Re: Re: Re: Re:

As a practical matter, whatever you think of the members of the jury (who should, probably, be doxxed, threatened and have their employers and relatives called)

Or, and I’m just spitballing here, suggestions like that could not be made, as crossing well over the line of acceptable behavior.

Already got one nut in the comment sections making ‘vague’ totally-not-threats, don’t need more of the same.

Anonymous Coward says:

"Cloudflare, as I reference below, actually does protect pirates and other questionable sites."
They do, because they’re neutral platform with no editorial control over the content of the sites they provide services for.

They have editorial control to the extent they allow the site to run through their servers. They just THINK they’re immune to this under Section 230.

Those who can’t find justice via libel laws have other alternatives if push comes to shove, and no this is not advocating breaking the law.

PaulT (profile) says:

Re: Re:

They have editorial control the same way the post office have control over what’s sent in a parcel. Are you arguing that the post office need to screen every parcel before they deliver it? Last time I checked that’s actually illegal

Also I don’t give a shit if libel laws fail. Not finding the justice you think you deserve does not mean you get to attack people who had no part in creating the content you oppose

Anonymous Coward says:

Re: Re:

They have editorial control to the extent they allow the site to run through their servers.

They have the same editorial control as the mobile phone companies do over text messages, and that is none as they provide a paid for service, and do not look at the content.

According to your demands, neither you or anybody should be able to be able to communicate unless some third party looks at and approves all communication.

PaulT (profile) says:

Re: Re: Re:

To extend the post office analogy – his hate boner is for PO Boxes. He seems to think that not only should the box owners be directly liable for the contents of those boxes, but that stopping those boxes from existing means that no objectionable material will ever be sent by post.

I just hope that people with actual power realise he’s as stupid as the rest of us understand he is.

That One Guy (profile) says:

Re: Re: Re: Re:

Oh not at all, he doesn’t have the spine for that. He wouldn’t say that people should do it, just that someone could do it and probably get away with it, and then when he found someone dumber than him who actually did do it he’d play innocent and say that despite his words he’d never suggested that someone actually do it.

Honestly, his latest pathetic passive-aggressive shtick of ‘I’m not saying I would do it, just pointing out someone could do it…’ isn’t fooling anyone, and if he was actually capable of more than laughably empty threats it might be worth concern. He isn’t though, so laughs and flags are all he gets.

Stephen T. Stone (profile) says:

Re: Re: Re:2

He wouldn’t say that people should do it, just that someone could do it and probably get away with it, and then when he found someone dumber than him who actually did do it he’d play innocent and say that despite his words he’d never suggested that someone actually do it.

stochastic terrorism — noun — the use of mass communications to incite random actors to carry out violent or terrorist acts that are statistically predictable but individually unpredictable

ECA (profile) says:


Stick to the SUBJECT.

For all the comments, I would say about 1/4 dont stick to the subject. Even if you have something to say about someone, Explain to them whats the difference..

THe Internet started with no rules, and it was pretty good, Except for the idea of BUYER BEWARE. Its not that you Cant see the product, its that you Cant handle it, feel it, test it.. And know that you can return it. Get it fixed if needed.

Having Forums, isnt easy, and even a comment site as this has its problems, Sometimes.
I suggest/warn persons that THIS isnt heaven, and neither is our world. Dont expect to make this WHAT IS NOT in the world. It is a representation Of ourselves.
The net Only brings out WHAT is here, what we have buried into our society.. What we HIDE from ourselves, its a GIANT MIRROR..
But the big problem is those that want to Make the world better, but (I THINK) those persons have dreams and fantasy of what they THINK the world should be. And NOT what the world is.

The battles here, are the battles we have in our own world..
From the Corps, that take advantage of us tot he Governments that want to Control us. and restrict us.
the Internet if Left to its OWN, can become wonderful and Drastic..Full of all the Good and BAD in the world.
If you want protection, you will PAY for it. IF you want the GOV. to protect you, you better be willing to GIVE UP your rights and the Temptations you may enjoy.
I will not go into those that enjoy religion, as to many think that they SHOULD be My brothers/sisters/mothers/fathers/Aunts/uncles/… keeper. And I love Christians that dont know that there are over 40 diff groups of Christians..

to many want to change things, but Cant see the trees. Cant see what CAN be done with what is happening. ‘Backpage’ was one of the casualties., and many others are in the middle of this and so are some that Just want to give Information, that MIGHT make lives better..

There will only be 1 recourse. That the internet, creates its own NAtion and works as one. Or all these groups and Ideals will start to TRY and take advantage.

Thad (profile) says:

Re: Re:

Which is a cute soundbite, but meaningless until you quantify it.

Are spam filters a form of censorship?

If an account is a bot that just writes a post consisting of the word "COCK" every thirty seconds, is banning that account censorship?

What if it’s not a bot? What if it’s an army of individual shitposters, each individually copy-pasting "COCK" and posting every thirty seconds? If a moderator bans all those accounts, is that censorship?

I think those are all pretty clear examples of reasonable moderation. No content is being censored; only spam and disruptive, off-topic shitposting.

Those are examples I think most people can probably agree on. But they’re intentionally extreme examples. Other examples are less black-and-white, much more subjective and open to interpretation.

What if, instead of "COCK", there’s a network of dudes posting "MAGA" every thirty seconds? Is that disruptive shitposting, or does the political content change its value? Does it depend on the topic of the conversation? Should it, say, be allowed in a political conversation but not a conversation describing the specs of AMD’s new graphics cards? Should there be a time limit? If somebody posts "MAGA" once, should that be treated differently than if they post it repeatedly every thirty seconds?

Each of those questions implies a subjective value judgement. And I’m still positing some pretty simple cases here.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...