Why LulzSec Was Un-Hackable, And Why That's A Good Thing

from the neutrality,-naturally dept

UPDATE: As several people have pointed out, the news broke that several LulzSec members were arrested this morning, and that the leader of the group had been working as an FBI informant. We'll have more commentary on this later.

The question of service provider neutrality is central to every debate about internet policy. From PayPal cutting off Wikileaks to Twitter pushing back against the feds to the new Righthaven's "spineful" hosting, the responsibility of companies to neutrally protect their customers is a contentious topic.

New Scientist has an interview with Matthew Prince, the CEO of CloudFlare, a network security/performance service for websites. One of their recent high-profile customers was LulzSec, the controversial hacker group that executed a string of takedowns and data breaches last year, but whose own website proved impervious to constant hacking attempts because of CloudFlare. Prince talks about their decision to treat LulzSec the same as any other client:

Internally, we had a debate about the right thing to do. It's important to note that because of the way CloudFlare works, no hacking activity was launched from our network – it was simply a matter of publishing information. So hacking happened in other places and then when they published the information about their exploits it would pass through the CloudFlare network.

So in that sense we're more akin to network provider than a hosting provider. If we were to terminate Lulz Security as a client that wouldn't make the content go away, it wouldn't take it off the internet, it would just make it slow and more vulnerable to attacks. Our goal is to power a better internet. There are a lot of things on the internet that I personally find quite troubling and the list of those things is maybe very different from yours, but our role as a company wasn't to play internet censor.

It's good to see companies standing firm on this point. Anyone who understands the internet knows that it runs on fundamental principles of neutrality. Similarly, anyone who understands innovation online knows how vital it is that companies are able to build off the services of others without fear of discrimination. Sometimes this puts service providers in a tough spot, because the pressure placed on them can be intense—but the ones who navigate the situation without betraying their customers send a powerful message about their commitment to internet ideals.

Interestingly, Prince also explains that because of the way CloudFlare security works, the aggression from the white-hat hacker community (Update: a commenter raised the question: is this really white-hat? That's a great point, and also a separate debate, so I'll just call them 'hackers' for now) against LulzSec actually helped improve security online:

... the attacks against their website just went through the roof. We were actually able to track what those attacks were and provide better and better security over time to help everyone who was on our network.

CloudFlare's core value comes from the fact that every website that is part of our system helps contribute data in order to better protect other websites. As one website gets attacked, the knowledge about that attack is immediately shared with the rest of the websites, so that the system gets smarter and smarter over time.

Stories like this also show that while net neutrality is an important concept, regulating it is ultimately less than ideal. When permitted to function without interference, the nature of the internet already encourages and rewards neutrality, with everyone benefiting the most when nobody discriminates.

Filed Under: security, service
Companies: cloudflare, lulzsec

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    Anonymous Coward, 6 Mar 2012 @ 9:43pm

    Re: Re: Re: Re:

    Mike, rather than get all uppity and mad, why not apply your own general standards of "investigative blogging" to my comments?

    "You are aware that Techdirt is now using the service, right?"

    When was the last time you were on cloudflare? A couple of weeks ago? I don't check your network status every day. Last I saw, you were on Cloudflare (and floundering badly). Since I didn't see any public post about changing hosting since our last discussion, it is a fair assumption that you are still with them. Congrats on changing hosts (again!).

    Would you care to point out your post about changing hosts?

    "It's dishonest for there not be a clear disclaimer about the business arrangements between Techdirt and Cloudflare."

    The type of disclosure you made earlier "We did test Cloudflare briefly a couple weeks ago." is the sort of thing that should have been in the original article. It would provide context for Marcus's rah-rah post (a poorly timed one too, I might add). It would clear up any potential for misunderstanding. Clearly, Techdirt has used Cloudflare services, and positive articles have been posted about them. Why not just say it, get it out there, and make it clear that you no longer have any business dealings with them?

    You have used much flimsier material to try to discredit or slam other groups on your site over the years. Don't you think that you should be working to more clearly explain your business relationships with the companies that you blog about? This is especially true when the stories read almost more like press releases?

    I think the FTC already has a file on you. You might want to try a FOIA to see... :)

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Insider Shop - Show Your Support!

Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.