• joshAg 6 days ago

    I think the most impressive part is that they partnered with organizations for determining who to add to the project from the beginning instead of trying to do it in-house. That's kind of a pleasant surprise compared to typical attempts for projects like this where it feels like NIH syndrome applied to social sciences or philosophy.

  • legostormtroopr 5 days ago

    Reading this post just concerns me more than anything.

    DDoS protection is pretty much vital infrastructure for any web site, and Cloudflare is one of the first and largest organisations that provides this service. Infrastructure of this scale and this importance should be impartial, but this is more evidence that CloudFlare isn't.

    For example, Cloudflare at the whim of Mathew Prince pulled service for white supremacist site "Daily Stormer" [1] - because they made claims of support and their content "made him angry".

    The message is clear, if your content makes a CEO angry your site may be DDoS'd off the internet (eg. Daily Stormer), if your content getting DDoS'd off the internet makes a CEO "sick", then you'll get special treatment (eg. Ukranian Newspaper).

    Would this blog post be as warming to people, if Cloudflare didn't help the newspaper because it supported Russian claims over Crimea?

    Regardless of your content, if your content is legal, the political whims of tech CEOs shouldn't be what ensures you have consumer rights.

    [1] https://blog.cloudflare.com/why-we-terminated-daily-stormer/

  • Slippery_John 6 days ago

    I've been really impressed with Cloudflare lately between this, 1.1.1.1, and warp. It's nice to see a large company find ways build up their business by supporting the public good.

  • jgrahamc 6 days ago

    This Wired article has some good quotes from organizations using Project Galileo: https://www.wired.com/story/cloudflare-project-galileo-prote...

  • _wmd 6 days ago

    > He followed our run book and triggered a FINT — which stands for "Fail Internal" — directing traffic from the site directly back to its origin rather than passing through Cloudflare's protective edge. Instantly the site was overwhelmed by the attack and, effectively, fell off the Internet.

    So if I'm understanding this correctly, free users have their backend servers and hosting provider information exposed to an attacker right when that information needs to be kept secret the most? This is nuts. Can someone clarify whether CloudFlare still do this? I can think of 100 scenarios where it would be better to just pull the zone (or similar) and let the site go down instead

  • judge2020 6 days ago

    This stopped being the norm as Cloudflare's footprint grew, and formally stopped with this blog post https://blog.cloudflare.com/unmetered-mitigation/.

  • 292355744930110 6 days ago

    After reading that, I'm not sure what Galileo provides considering that don't FINT anyone.

  • eastdakota 6 days ago

    There are a lot more controls and features for our higher tier security services that Galileo participants get for free. And there are a lot of security threats we help protect them from that go beyond DDoS. But, you're correct, the experience of dealing with the nation state-level attacks that Galileo participants face on a regular basis was a big part of what encouraged us that we could make Unmetered DDoS Mitigation free to all Cloudflare users approximately 18 months ago.

  • twunde 6 days ago

    This was standard operating procedure for most colos/shared hosting companies even for paying customers. If the company didn't have enough resources to combat DDOS attacks, they'd shut you down to protect the rest of their customers. I think this is rarer now since there are a number of DDOS protection vendors that are relatively cheap

  • xxdesmus 6 days ago

    Has not been the case for several years now.

  • jlawson 6 days ago

    Serious question - Are they serious about being evenhanded? Or did they just handpick a list of organizations with the same politics as them to serve as cover?

    I guess this should be easy to tell. Are any of their partner organizations doing work to protect 2nd amendment rights, or supporting pro-life causes? I couldn't tell.

    From my priors my first guess would be that this is a left-activist effort masquerading as a universal protection. But I'd be pleasantly surprised to discover that they're serious.

  • eastdakota 6 days ago

    We worked hard to try and get conservative and libertarian organizations as partners including the CATO Institute and the Heritage Foundation. They originally objected because they couldn't understand what was in it for us (Cloudflare). I think over time we've proved that we're serious about the Project and the idea of having global, diverse partners with different perspectives.

    If there are potential partner organizations that you think represent a point of view, whether politically or geographically, that the current parters do not, I would encourage you to have them apply: https://www.cloudflare.com/galileo

  • ForHackernews 6 days ago

    > They originally objected because they couldn't understand what was in it for us (Cloudflare).

    This is hilariously libertarian.

  • Slippery_John 5 days ago

    If nothing else it's advertising. "We have the capability to regularly defend against attacks from state-level actors."

  • 292355744930110 5 days ago

    > CATO Institute and the Heritage Foundation

    Why aren't they mentioned on this blog post or the Galileo page?

  • microcolonel 6 days ago

    I think it looks pretty good; and in this case it's an inclusive effort: including more organizations doesn't harm anyone (well, except CloudFlare themselves). They have excluded some more sleazy organizations which tend to show up in lists like this, so I think they are paying attention to that.

    I guess we'll see, if SAF or some organization similarly alien to Californian progressives, comes under attack, whether it is as you would hope.

  • jpmattia 6 days ago

    I don't know if they are even-handed or not, but is there a reason they need to be?

  • iforgotpassword 6 days ago

    No there isn't, but the article is somewhat worded like they are. And as a US company at least if they were to protect someone like manning or Snowden they'd probably run into problems anyways.

  • scarejunba 6 days ago

    It’s not universal, dude. There are some 600 orgs on the list. I don’t see why it’s important to offer this to some antivaxxer as much as a citizen news source in Russia.

  • 292355744930110 6 days ago

    > We also worried that it was dangerous for an infrastructure provider like Cloudflare to start making decisions about what content was "good." Doing so inherently would imply that we were in a position to make decisions about what content was "bad." While moderating content and curating communities is appropriate for some more visible platforms, the deeper you go into Internet infrastructure, the less transparent, accountable, and consistent those decisions inherently become.

  • microcolonel 6 days ago

    That is, the position of a CDN is such that picking the winners and losers is more risky than not doing so.