Cloudflare Blocks Kiwi Farms
For years, Cloudflare had a policy not to remove any accounts without a court order, so when it kicked out Daily Stormer and later 8Chan as well, eyebrows were raised. For example, copyright holders wondered why the company could terminate these accounts but not those of the most notorious pirate sites.
Cloudflare’s seemingly arbitrary termination choices were repeatedly cited in policy discussions and copyright litigation. In addition, it triggered an ongoing wave of termination requests.
Over the past few days, Cloudflare found itself in the midst of a ‘cancel’ discussion again, with people calling on the company to disconnect the harassment-linked forum Kiwi Farms.
Some argue that we should terminate these services to content we find reprehensible so that others can launch attacks to knock it offline. That is the equivalent argument in the physical world that the fire department shouldn’t respond to fires in the homes of people who do not possess sufficient moral character. Both in the physical world and online, that is a dangerous precedent, and one that is over the long term most likely to disproportionately harm vulnerable and marginalized communities.
[…]
Since those decisions, we have had significant discussions with policy makers worldwide. From those discussions we concluded that the power to terminate security services for the sites was not a power Cloudflare should hold. Not because the content of those sites wasn’t abhorrent — it was — but because security services most closely resemble Internet utilities.
[…]
While we believe we have an obligation to restrict the content that we host ourselves, we do not believe we have the political legitimacy to determine generally what is and is not online by restricting security or core Internet services. If that content is harmful, the right place to restrict it is legislatively.
We have blocked Kiwifarms.
[…]
This is an extraordinary decision for us to make and, given Cloudflare’s role as an Internet infrastructure provider, a dangerous one that we are not comfortable with. However, the rhetoric on the Kiwifarms site and specific, targeted threats have escalated over the last 48 hours to the point that we believe there is an unprecedented emergency and immediate threat to human life unlike we have previously seen from Kiwifarms or any other customer before.
[…]
While law enforcement in these areas are working to investigate what we and others reported, unfortunately the process is moving more slowly than the escalating risk.
[…]
Hard cases make bad law. This is a hard case and we would caution anyone from seeing it as setting precedent. The policies we articulated last Wednesday remain our policies. For an infrastructure provider like Cloudflare, legal process is still the correct way to deal with revolting and potentially illegal content online.
Previously:
Update (2022-09-04): Nick Heer:
It is unclear to me what threats, specifically, prompted Cloudflare to reverse its de facto support of Kiwi Farms’ worldwide availability.
Cloudflare’s decision to block the site was done without any discussion. The message I’ve received is a vague suspension notice. The message from Matthew Prince is unclear. If there is any threat to life on the site, I have received no communication from any law enforcement.
Josh Moon, Kiwi Farms owner (via Hacker News):
This seems to be based off one of two things[…] A post made on 4chan’s /pol/ with a picture taken outside an apartment in Ireland which references the forum.
[…]
This means that a community with 16,000 daily sign-ins is being punished for the behavior of a single user, or a person not even on our website.
[…]
The post by @Washizu Iwao was posted at 9:42pm EU time. It was reported seven times. The user was also banned. […] The user deleted the post himself with the reason “retarded” 14 minutes after it had been posted, and 2 minutes after #DropKiwiFarms tweeted about it, as outlined here.
[…]
This person is not an active member of the community. This appears to be a sleeper account someone had gotten access to in July, and kept on hand to use like this.
Given that Cloudflare made this decision because they believed there to be an imminent threat and the seeming reluctance they had in doing so, I’m curious if this is even a permanent suspension. It isn’t mentioned as such in Cloudflare’s statement, they only refer to this move as “blocking”. If the illegal content is removed from the forum and Kiwi Farms cooperates with law enforcement — at least to the extent required by law — will the suspension be lifted?
Update (2022-09-09): Emma Roth (Slashdot):
Concerns about Kiwi Farms grew after transgender YouTuber and Twitch streamer, Clara Sorrenti (Keffals), had been targeted by a dangerous harassment campaign by users from the site. Last month, Kiwi Farms users waged a swatting attack against Sorrenti, otherwise known as the act of providing a false tip to police that someone’s planning on carrying out a violent crime, resulting in police swarming the victim’s home.
Sorrenti later went into hiding and started a #DropKiwifarms campaign that urged Cloudflare to stop serving Kiwi Farms. Users across Twitter shared the hashtag, also with some revealing the harassment they’ve experienced at the hand of Kiwi Farms’ users.
[…]
A report from New York Magazine called Kiwi Farms “the biggest community of stalkers,” with harassment so severe that the site has been blamed for the deaths of several victims.
Kevin Beaumont (via Hacker News):
Kiwi Farms is down across all domains as their Russian DDoS provider terminated them as a customer.
Keffals (via Hacker News):
Kiwi Farms has been removed from the Internet Archive.
And so Cloudflare, inconvenient as it is for the company, has become a legitimate pressure point in the effort to stop these harassers from threatening or committing acts of violence. Yes, Kiwi Farms could conceivably find other security providers. But there aren’t that many of them, and Cloudflare’s decision to stop services for the Daily Stormer and 8chan really did force both operations further underground and out of the mainstream.
[…]
And while we’re on the subject of complicity, it’s notable that for all its claims about wanting to bring about an end to cyberattacks, Cloudflare provides security services to … makers of cyberattack software!
It appears that, for now, it has found a home with VanwaTech, which also provided services to Daily Stormer and 8kun (formerly 8chan) after their respective Cloudflare bans.
Sorrenti acknowledged that Kiwi Farms may never fully be offline, in the same way that 8chan and Daily Stormer have persisted. But she notes that once a site loses the ability to purchase basic web services from content delivery networks and web security companies, they become “completely impotent” in spite of the extreme lengths they can go to in order to nominally stick around. Whether or not Kiwi Farms has been completely removed, Sorrenti said, “is irrelevant to the fact that the goals of our campaign have not only been achieved, but have achieved more than we could have ever expected.” Kiwi Farms has lost its access in the visible parts of the web.
