Cloudflare Says It Won’t Ban 8chan, a Hotbed for Terrorist Manifestos

Update: After a decision from its CEO, Cloudflare has decided to boot 8chan as a customer. The original article from earlier in the day follows below.

Over the weekend, a white supremacist killed 20 people in an El Paso Walmart. Before the terrorist attack, he posted a so-called manifesto to the anonymous message board 8chan. He was the third shooter to do so recently; the others were the Christchurch and Poway synagogue attackers. In response, internet infrastructure company Cloudflare is facing renewed pressure to stop providing their services to 8chan, which if removed, would likely make it harder for the site administrators to keep the message board online.

Sunday, Cloudflare reiterated it is not planning to stop providing cybersecurity protection to 8chan.

"I'm not aware of an argument," that would make Cloudflare legally obligated to stop giving services to 8chan, Cloudflare's general counsel Doug Kramer told Motherboard on Sunday.

Cloudflare provides mitigation against distributed-denial-of-service (DDoS) attacks and other services. Essentially, Cloudflare sits in between the website and computers trying to access it. The company describes itself as different in substance, and in turn, responsibility, from companies such as Facebook and Google, which can delete content from their own websites. Cloudflare can't delete 8chan, as it isn't hosting the site. Its services do allow sites to stay online however, protecting their servers from attack.

"We sit in between. We don't analyze the content; we don't change the content; we don't host it. We're largely a neutral utility service," Kramer said in a separate, earlier interview last month also discussing Cloudflare's stance on booting customers.

When it comes to kicking certain users, including sites that facilitate white supremacy, "These are very important conversations that should be grappled with in a very transparent way, in a very organized way, preferably by governments, and not so much by private companies, and even less so by private companies that sit deep in the stack, see a lot of this stuff go through, but don't really have the tools or the expertise to be making judgements on it," he added. Stack refers to the various layers of infrastructure and applications that make up the web.

Cloudflare has made judgements though. Cloudflare's CEO Matthew Prince told the Guardian that keeping "bad" sites such as 8chan in the company's network means they can be monitored by law enforcement. He added that he believes Cloudflare has a "moral obligation" to keep 8chan within its customer base.

In 2017, after a white supremacist killed a counter-protester in Charlottesville, Prince made the decision to stop providing services to white supremacist site the Daily Stormer. In his Guardian interview, Prince said the Daily Stormer is still accessible today.

"We know our primary effects are not significant," Kramer told Motherboard, referring to what might happen if Cloudflare did stop providing protection to 8chan. "If we discontinued services, it probably doesn't mean the content goes away."

Cloudflare's separation with the Daily Stormer happened as part of a cascading series of various companies also deciding to stop working with the site, however. For a time, the site was being booted from company to company, and had a hard time staying online, so much so that it set up a Tor hidden service to remain accessible. Someone appeared to DDoS that site, making it harder to reach, too.

Subscribe to our new cybersecurity podcast, CYBER.