(Reclaim The Net) Last week, internet infrastructure and security company Cloudflare deviated from its traditionally neutral stance of making its free security tools as widely available as possible when it blocked the online forum Kiwi Farms. The decision is the third time since 2017 that Cloudflare has terminated or blocked access to its services and reflects a growing and concerning trend of deplatforming campaigns going beyond where the content is hosted and targeting essential pieces of internet infrastructure such as security providers.
Defenders of Kiwi Farms argue that it’s one of the few sites that allows true free speech online. The most popular content on the site is usually discussions of online personalities such as commentators and streamers. However, critics of Kiwi Farms argue that it’s a hate site that enables harassment, doxxing, (the online publication of private personal information, such as personal addresses and phone numbers, without consent), and swatting (a harassment technique where false crime reports are made with the intent of eliciting an armed police response against an innocent target).
In the weeks leading up to Cloudflare blocking Kiwi Farms, criticism of the site had gone mainstream after transgender activist Keffals and Congresswoman Marjorie Taylor Greene blamed the site for targeting them with swattings. This culminated in a “#DropKiwiFarms” campaign which demanded that Cloudflare and other digital service providers cut off Kiwi Farms. Cloudflare initially resisted the pressure but ultimately blocked Kiwi Farms.
While deplatforming has become pervasive on social media, the unique position of Cloudflare’s security services in the internet infrastructure stack makes being blocked from these services much more consequential.
Cloudflare’s free security services protect more than 20% of the internet from distributed denial of service (DDoS) attacks and other types of cyberattacks. Without this protection, most of these sites would be targeted by activists, flooded with malicious traffic and quickly taken offline. This makes Cloudflare’s protection akin to an essential internet utility that’s necessary for sites to stay online.
Cloudflare has acknowledged this utility-like quality of its security services and stated that the power to terminate security services” is “not a power Cloudflare should hold.”
Cloudflare’s reasoning is based on its guiding principle that organizations that host content are closer to the content and therefore well positioned to make content moderation decisions. Security services, on the other hand, are much further away from the content and most closely resemble internet utilities which should remain neutral and follow legal and due process.
“Just as the telephone company doesn’t terminate your line if you say awful, racist, bigoted things, we have concluded in consultation with politicians, policy makers, and experts that turning off security services because we think what you publish is despicable is the wrong policy,” Cloudflare said in a recent blog post.
Cloudflare has said that cyberattacks are “not the appropriate mechanism for addressing problematic content online” and argued that selectively pulling its security services sets a dangerous precedent:
“Some argue that we should terminate these services to content we find reprehensible so that others can launch attacks to knock it offline. That is the equivalent argument in the physical world that the fire department shouldn’t respond to fires in the homes of people who do not possess sufficient moral character. Both in the physical world and online, that is a dangerous precedent, and one that is over the long term most likely to disproportionately harm vulnerable and marginalized communities.”
