1248
submitted 6 months ago* (last edited 6 months ago) by starman@programming.dev to c/technology@lemmy.world

Also, interesting comment I found on HackerNews (HN):

This post was definitely demoted by HN. It stayed in the first position for less than 5 minutes and, as it quickly gathered upvotes, it jumped straight into 24th and quickly fell off the first page as it got 200 or so more points in less than an hour.

I'm 80% confident HN tried to hide this link. It's the fastest downhill I've noticed on here, and I've been lurking and commenting for longer than 10 years.

you are viewing a single comment's thread
view the rest of the comments
[-] VantaBrandon@lemmy.world 85 points 6 months ago

The tl;dr seems to be this was a money losing account for Cloudflare, and they couldn't squeeze them so they weaseled out with some TOS violation to prevent losing money on what was promised to be unlimited traffic, they have better lawyers so they're not worried.

Cloudflare 100% in the wrong here, they are closing accounts for TOS violations when they are just unprofitable, I would very strongly consider how tightly to couple with them knowing how cavalier they are about squashing small businesses.

If enough of these happen though, they'll get destroyed by a class action lawsuit, and they'd deserve every bit of it

[-] daq@lemmy.sdf.org 83 points 6 months ago

CF doesn't give a fuck about 80tb of traffic. These guys were in severe TOS violation that could affect all CF customers if CF IPs got blocked. Given 48 hours to bring their own IPs and switch to (expensive AF anywhere) enterprise account and finally shut down TWO WEEKS later after trying to weasel their way out of this instead of accepting they need to pay to play this stupid game.

We've been CF customers forever and enshitification is definitely affecting all of their services and mostly customer support, but in this instance I'm 100% on the side of CF.

[-] merc@sh.itjust.works 49 points 6 months ago

I’m 100% on the side of CF.

100%?

We scheduled a call with their “Business Development” department. Turns out the meeting was with their Sales team,

...

So we scheduled another call, now with their "Trust and Safety" team. But it turns out, we were actually talking to Sales again.

This is the part that's ridiculous to me. If CloudFlare thinks they're violating TOS that's fine. If they're willing to let them continue with their business as-is as long as they pay more? That's fine. But, scheduling calls with one group and it turns out it's actually CloudFlare's sales team on the phone, that's ridiculous.

[-] SquiffSquiff@lemmy.world 25 points 6 months ago

It seems that you've misunderstood what the issue is here from cloudflare's perspective. The customer was using cloudflare IP addresses, which is causing a knock-on effect for the rest of cloudflare's customers and putting cloudflare as a business themselves at risk. The alternative was for the customer to use their own IP addresses as cloudflare advised . I'm not sure what you think 'Business development' teams do but I certainly wouldn't be expecting engineering advice from them.

[-] merc@sh.itjust.works 2 points 6 months ago

The customer was using cloudflare IP addresses, which is causing a knock-on effect for the rest of cloudflare’s customers and putting cloudflare as a business themselves at risk.

Right, so sales should not be involved in any way.

The alternative was for the customer to use their own IP addresses as cloudflare advised .

Again, sales should not have been involved in any way.

I’m not sure what you think ‘Business development’ teams do but I certainly wouldn’t be expecting engineering advice from them.

They are at least not identical to sales. They work with sales, but there's at least some engineering component of the job. In this case if you were told you were meeting with the business development team, you'd expect that there would be talk about an engineering solution to the problem. Not just paying cloudflare more money.

[-] daq@lemmy.sdf.org 24 points 6 months ago

Well, the way he describes it does sound messed up, but if the only solution CF is willing to accept is for them to bring their own IPs and that is only available with an enterprise plan, what kind of conversation were they expecting? And like I said in another thread, enshitification at CF affected their customer service the most. We went from being able to to speak directly to devs, to people who actually understood the problem, to first tier support that didn't understand shit to 0 tier support that barely understands English.

[-] Klear@sh.itjust.works 13 points 6 months ago* (last edited 6 months ago)

These articles are always embellished, so I would take it with a grain of salt.

[-] sudneo@lemm.ee 11 points 6 months ago

I worked for an online casino in the past. What they do is a standard in the industry. The company I worked for was a small startup and onwed hundreds of domains, mostly just to protect the brand, 98% of which redirected to the main domain, with a few serving slightly different sites for different jurisdictions (e.g. Ontario regulations require that everything happens under a .ca domain). The "blocking evasion" doesn't require CF to do anything, besides forcing the customer to block traffic from certain countries (the ones where you are suspected to evade the block). At this point - if the casino is really operating in the black or gray markets - they can just set ingress to their site outside CF for those countries only if they really wanted. I worked also for a company who was doing this to allow traffic from Russia, changing every day mirrors (and they had an IT department of maybe 20, it was a joke), and Russia was the main market for them.

If what is told in the article is true - I.e. 95% of the traffic was through the main website - then it doesn't look like they were really doing this sort of evading deliberately, considering that in that 5% you have all your alternative TLDs plus the traffic from gray/black markets. Having hundreds of domains and some small percentage of traffic from black markets is something that just happens, it's different from continuously registering new domains for providing access where the previous ones got DNS blocked (this is domain block). It doesn't seem this is what they were doing based on the article, and if they were, then CF emails didn't mention it, which is insane.

Obviously we don't know the full story, so everything has to he taken with a grain of salt.

[-] Zak@lemmy.world 6 points 6 months ago

I did a quick search through Cloudflare's TOS and did not find anything about gambling. What was the TOS violation here?

What I'm seeing is Cloudflare communicating very poorly about what actions the customer would need to take to keep their site operating, why, and what the timeline would be. "We've determined operating your casino website on Cloudflare IP addresses is an unacceptable risk to our other customers and we require that you upgrade to an Enterprise plan within two weeks or your service will be terminated" is clear, concise, and I believe entirely fair. What they did here makes me think they're an unreliable and unpredictable service provider.

[-] daq@lemmy.sdf.org 5 points 6 months ago

Gambling is not TOS violation. Exposing CFs IPs to be blocked would affect ALL customers so CF is naturally aggressively protecting those Running any business that puts CFs IPs at risk is the TOS violation here.

I wish I was the fly on the wall during that meeting, but I have very little doubts casino understood the problem very well and were trying to weasel their way out of paying for an enterprise service (to anyone) and having to use their own IPs which are trivial to block. And if you continue buying more and rotating it will likely quickly get you on the black list with anyone still selling them.

I may be simplifying and maybe casino's CTO and the entire tech team are a bunch of naive newborns, but I really fucking doubt it.

[-] Zak@lemmy.world 5 points 6 months ago

Again, I'm not seeing an unambiguous TOS violation here. They have some catch-all stuff about creating an undue burden and an even broader clause saying, essentially they can drop any customer without cause. I have no doubt Cloudflare is legally in the clear, but when I read about something like this, I think I wouldn't set anything important up with Cloudflare as a critical part of its infrastructure.

Of course, the author could be leaving out a bunch of context to make himself look good.

[-] daq@lemmy.sdf.org 7 points 6 months ago

If the article was about a non profit or a legit small business with a web presence, I would agree with you. We're talking about massively risky business with spectacular profit margins.

I just don't believe that CF suddenly realized these guys are rolling in money and wanted their cut. The risk just wasn't worth it to CF confirmed by the fact that they did not negotiate at all and happily lost the casino as their client.

We're easily making enough to pay $120k/yr to CF, but they are not creating that much value for us and we're not introducing any risk to them so what we pay makes sense for both sides.

[-] Zak@lemmy.world 3 points 6 months ago

Maybe I haven't been clear enough.

I have no objection to Cloudflare or any other service provider dropping a risky or unprofitable customer. That's normal and fair in business.

What I don't like is their apparent poor communication and failure to provide a clear (and reasonably distant) deadline so that the author's company could find a solution that avoided downtime. Were I on that company's board, I'd likely be pretty unhappy with the author for not having a contingency plan prepared in advance, but as a third-party observer my main takeaway is that if I rely on Cloudflare and they suddenly decide they don't like something I'm doing, I'm screwed.

[-] daq@lemmy.sdf.org 4 points 6 months ago

Your conclusion is based on only one side of the story. And this story is coming from an unnamed business that's using social media to shit on a provider that dropped them.

But even assuming that's true, name any other large provider that would behave differently. AWS will terminate your services instantly and their support is even worse than CF. Apple is the same and then will take 2 weeks to reply. Google is a ghosting champion.

Just to be clear I'm talking about B2B relationships. Not end user communication.

[-] Zak@lemmy.world 2 points 6 months ago

It's true I'm assuming the author is being honest about what Cloudflare sent them and not leaving out a message where they made the situation abundantly clear. That's definitely possible, and we probably won't find out because big companies don't usually give public responses to this sort of thing.

name any other large provider that would behave differently

I can't, and this makes me inclined to believe it's a mistake to rely on any of them without a failover plan. Of course that's effectively impossible for some situations, like mobile apps requiring app store access. That seems like a situation that calls for antitrust enforcement.

[-] KairuByte@lemmy.dbzer0.com 48 points 6 months ago

Okay, yes this is an issue. But small business? This was a multinational casino site… that doesn’t scream small business to me.

[-] sudneo@lemm.ee 8 points 6 months ago

Online casinos can become international very simply, it doesn't necessarily mean it's a big company. You usually get a license and can operate in that country + a number of gray markets. Ofc there are also huge companies, but "international" doesn't mean much for an online business.

[-] KairuByte@lemmy.dbzer0.com 8 points 6 months ago* (last edited 6 months ago)

Yes… but 4 million active users is quite high. I doubt anyone would consider that “small business”.

[-] sudneo@lemm.ee 1 points 6 months ago

Yes, that's true. I guess that is for sure a better metric that being "international".

this post was submitted on 26 May 2024
1248 points (100.0% liked)

Technology

59768 readers
2725 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS