[190885] in North American Network Operators' Group
Re: Cloudflare, dirty networks and politricks
daemon@ATHENA.MIT.EDU (Owen DeLong)
Sat Jul 30 13:52:21 2016
X-Original-To: nanog@nanog.org
From: Owen DeLong <owen@delong.com>
In-Reply-To: <22427.45091.239632.929005@gargle.gargle.HOWL>
Date: Sat, 30 Jul 2016 10:51:54 -0700
To: bzs@theworld.com
Cc: nanog@nanog.org, Rich Kulawiec <rsk@gsp.org>
Errors-To: nanog-bounces@nanog.org
If they are using a website hosted or accelerated by your CDN to =
advertise
an illegal activity or an activity in violation of your ToS, then if you
have written your ToS properly, you are free to shut down said site (or
at least your portions of it) based on their violation of your ToS.
That=E2=80=99s not a business boycott because you didn=E2=80=99t =
conspire with their other
providers to shut it down, you took an independent action based on your
own ToS.
There=E2=80=99s fairly wide latitude to =E2=80=9Creserve the right to =
refuse service to
anyone=E2=80=9D, especially if you can show that their use of said =
service is
in violation of the contract(s) applicable to that service.
Owen
> On Jul 29, 2016, at 12:36 , bzs@theworld.com wrote:
>=20
>=20
> Unfortunately that raises the issue of what's generally termed in law
> a "business boycott" which is at least tortiable if not illegal.
>=20
> The grocer can't agree with your landlord not to sell you food until
> you catch up on the rent.
>=20
> They can agree to use this information to refuse you credit but even
> that's quite constrained by law even if often done anyhow. And that's
> a credit relationship so different.
>=20
> I went over this with my attorney when another ISP asked me to shut a
> customer's account down because they were spamming them from a third
> ISP's account.
>=20
> I asked to look at the emails (spam) in question and none originated
> at our site. The acct in question on my site didn't do anything
> problematic that I could find.
>=20
> My lawyer explained the above to me: You can't do that, business
> boycott.
>=20
> The other ISP (specifically a sysadmin) who'd asked me to shut the
> acct got so angry at this response, he took it all very personally and
> unprofessionally, that I had to bring in his own legal dept to explain
> this to him which he of course took as a further affront. It got ugly
> but you don't need the details.
>=20
> That's the problem with all this folksy armchair "law", it's often
> very bad advice and based on the assumption that the law must agree
> with one's emotional feelings. Good luck with that.
>=20
> On July 29, 2016 at 08:08 rsk@gsp.org (Rich Kulawiec) wrote:
>> On Thu, Jul 28, 2016 at 11:30:12PM +0000, Donn Lasher via NANOG =
wrote:
>>> If we want to be accurate about it, Cloudflare doesn???t host the =
DDoS,
>>> they protect the website of seller of the product. We shouldn???t be
>>> de-peering Cloud Flare over sites they protect any more than we =
would
>>> de-peer GoDaddy over sites they host, some of which, no doubt, sell
>>> gray/black market/illegal items/services.
>>=20
>> This strategy fails for two reasons.
>>=20
>> First, nobody gets a pass. Anybody providing services to abusers
>> needs to cut them off, whether it's a registrar, a web host, an email
>> provider, a DNS provider, or anything else. Nobody gets to shrug it
>> off with "Well, but..."
>>=20
>> Second, nobody *can* get a pass, because the people behind these =
operations
>> have long since learned to distribute their assets widely -- in an =
attempt
>> to avoid exactly the actions in the first point. And you know what?
>> It works. "We're just hosting their email", says X, and "We're just
>> hosting their DNS", says Y, and "We're just hosting their web site",
>> says Z, and none of them do anything, and nothing gets done.=20
>>=20
>> The only way to make action against them effective is to do it =
broadly,
>> do it swiftly, and do it permanently.
>>=20
>> ---rsk
>=20
> --=20
> -Barry Shein
>=20
> Software Tool & Die | bzs@TheWorld.com | =
http://www.TheWorld.com
> Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD
> The World: Since 1989 | A Public Information Utility | *oo*
