Dropbox privately paid top hackers to find bugs in software by the videoconferencing company Zoom, then pressed it to fix them. From a report: One year ago, two Australian hackers found themselves on an eight-hour flight to Singapore to attend a live hacking competition sponsored by Dropbox. At 30,000 feet, with nothing but a slow internet connection, they decided to get a head start by hacking Zoom, a videoconferencing service that they knew was used by many Dropbox employees. The hackers soon uncovered a major security vulnerability in Zoom's software that could have allowed attackers to covertly control certain users' Mac computers. It was precisely the type of bug that security engineers at Dropbox had come to dread from Zoom, according to three former Dropbox engineers.

Now Zoom's videoconferencing service has become the preferred communications platform for hundreds of millions of people sheltering at home, and reports of its privacy and security troubles have proliferated. Zoom's defenders, including big-name Silicon Valley venture capitalists, say the onslaught of criticism is unfair. They argue that Zoom, originally designed for businesses, could not have anticipated a pandemic that would send legions of consumers flocking to its service in the span of a few weeks and using it for purposes -- like elementary school classes and family celebrations -- for which it was never intended.

[...] The former Dropbox engineers, however, say Zoom's current woes can be traced back two years or more, and they argue that the company's failure to overhaul its security practices back then put its business clients at risk. Dropbox grew so concerned that vulnerabilities in the videoconferencing system might compromise its own corporate security that the file-hosting giant took on the unusual step of policing Zoom's security practices itself, according to the former engineers, who spoke on the condition of anonymity because they were not authorized to publicly discuss their work. As part of a novel security assessment program for its vendors and partners, Dropbox in 2018 began privately offering rewards to top hackers to find holes in Zoom's software code and that of a few other companies. The former Dropbox engineers said they were stunned by the volume and severity of the security flaws that hackers discovered in Zoom's code -- and troubled by Zoom's slowness in fixing them.

Phoronix reports on a new concern about Qt, the free and open-source widget toolkit for creating GUIs and cross-platform applications: Wednesday a KDE developer who serves on the board of the KDE Free Qt Foundation commented that The Qt Company is evaluating restricting new releases to paying customers for 12 months. That was said to be under consideration due to COVID19 / coronavirus impacting their finances and needing to boost short-term revenues... [Slashdot editor's note: the comment also claims the Qt Company "says that they are willing to reconsider the approach only if we offer them concessions in other areas."] This comes months after The Qt Company already shifted to make Qt long-term support releases customer-only, among other steps to boost their commercial business at the beginning of the year.

Following all the speculation and concerns from the statement by KDE's Olaf Schmidt-Wischhöfer, The Qt Company released this very brief statement:

There have been discussions on various internet forums about the future of Qt open source in the last two days. The contents do not reflect the views or plans of The Qt Company.

The Qt Company is proud to be committed to its customers, open source, and the Qt governance model.
But in the event of a one-year freeze on free releases, Phoronix now reports, "several individuals and projects are already expressing interest in a Qt fork should it come to it." The hope is first and foremost that The Qt Company and KDE / KDE Free Qt Foundation can reach a mutual agreement without this embargo on future releases, which would effectively close up its development... Among those backing the concept of forking Qt as a last resort if necessary has been developers from consulting firm KDAB, the Qute browser developer, and the QGIS project as one of the leading geographic information system software packages, among many KDE developers themselves.

The mailing list thread is quite active in talking about the possible fork if necessary, including aspects like web-hosting down to what such a fork should be called ("Kt" seems to be a popular choice so far with several different members in the community).

Last week, traffic meant for more than 200 of the world's largest content delivery networks (CDNs) and cloud hosting providers was suspiciously redirected through Rostelecom, Russia's state-owned telecommunications provider. From a report: The incident affected more than 8,800 internet traffic routes from 200+ networks, and lasted for about an hour. Impacted companies are a who's who in the cloud and CDN market, including big names such as Google, Amazon, Facebook, Akamai, Cloudflare, GoDaddy, Digital Ocean, Joyent, LeaseWeb, Hetzner, and Linode.

It's the largest free web hosting provider for dark web services. But remember back in 2018 when its 6,500 sites all went down after attackers accessed its database and deleted all its accounts?

It happened again -- for the second time in 16 months. And this time, ZDNet reports, Daniel's Host won't be coming back online for several months: Almost 7,600 dark web portals have been taken offline following the hack, during which an attacker deleted the web hosting portal's entire database. This happened earlier this month, on March 10, at around 03:30 am UTC, according to a message posted on DH's now-defunct portal by Daniel Winzen, the German software developer behind the service.

Winzen said that an attacker accessed the DH backend and deleted all hosting-related databases. The attacker then deleted Winzen's database account and created a new one to use for future operations. Winzen discovered the hack the next morning, at which time most of the data was already lost.

The service doesn't keep backups by design.

In an email to ZDNet today, Winzen said he has yet to find out how the hacker breached the DH backend. However, since the dark web hosting service was more of a hobby, Winzen didn't look too much into it. "I am currently very busy with my day-to-day life and other projects, I decided to not spend too much time investigating," he told ZDNet...

Winzen said that users should consider the passwords for their DH accounts as "leaked" and change them if they used the same password for other accounts.
Winzen told ZDNet he still hopes to relaunch the service "at a later time" with "new features and improvements."

"Not having to administrate the services all the time will hopefully give me more time for actual development."

9Game.com, a portal for downloading free Android games, was the mobile app store hosting the most malicious apps in 2019. From a report: 9Game ranked number one on the list of app stores with the most "new" malicious app uploads, but also number one on the list of app stores with the highest concentration of malicious apps overall. According to RiskIQ's 2019 Mobile App Threat Landscape report, 61,669 new malicious apps were uploaded on 9Game in 2019. In this ranking, 9Game was followed at a considerable distance by the official Android app store -- the Google Play Store -- with 25,647 new malicious apps. Completing the top 5 are Qihoo 360's Zhushou store, the Feral app store, and Huawei's Vmall app store. But while the Play Store ranked second on the list of new malware uploads, its sheer size diluted the impact these malicious apps had on Android users. The Play Store didn't rank at all in the top 5 app stores with the highest concentration of malicious apps, which included (1) 9Game, (2) the Feral app store, (3) the Vmall app store, (4) the Xiaomi app store, and (5) Qihoo 360's Zhushou store.

"A multibillion-dollar, privately-owned infrastructure is now essential to the modern internet economy," writes Wired. And if you care about net neutrality, "That should freak you out." [T]here's an even bigger issue brewing, and it's time to start talking about it: cloud neutrality. "While its name sounds soft and fluffy," Microsoft president and general counsel Brad Smith and coauthor Carol Ann Browne write in their recent book, Tools and Weapons: The Promise and the Peril of the Digital Age, "in truth the cloud is a fortress...." Each data center costs hundreds of millions of dollars to build and many millions more to maintain; and you pretty much can't build a successful new company without them. So, thank goodness for Microsoft, right?

The book means to portray this might and power as both a source of wonder and an enabling feature of the modern economy. To me, it reads like a threat. The cloud economy exists at the pleasure, and continued profit, of a handful of companies. The internet is no longer the essential enabler of the tech economy. That title now belongs to the cloud. But the infrastructure of the internet, at least, was publicly financed and subsidized. The government can set rules about how companies have to interact with their customers. Whether and how it sets and enforces those rules isn't the point, for now. It can.

That's not the case with the cloud. This infrastructure is solely owned by a handful of companies with hardly any oversight. [Besides Microsoft, the article also notes Google and Amazon.] The potential for abuse is huge, whether it's through trade-secret snooping or the outright blocking, slowing, or hampering of transmission. No one seems to be thinking about what could happen if these behemoths decide it's against their interests to have all these barnacles on their flanks.

They should be.
Cloud companies "are essentially incubating and hosting their competition..." the article points out.

"The problem is that few have the resources to replicate the cloud infrastructure, should the landlords suddenly turn on their tenants."

Twitter is funding a small team of researchers to build an "open and decentralized standard for social media," with the goal of making Twitter a client for that standard. CEO Jack Dorsey announced the news and laid out his reasoning in a tweet thread this morning, although he acknowledged that the process could take years. The project is called Bluesky. Dorsey said: Twitter was so open early on that many saw its potential to be a decentralized internet standard, like SMTP (email protocol). For a variety of reasons, all reasonable at the time, we took a different path and increasingly centralized Twitter. But a lot's changed over the years. First, we're facing entirely new challenges centralized solutions are struggling to meet. For instance, centralized enforcement of global policy to address abuse and misleading information is unlikely to scale over the long-term without placing far too much burden on people. Second, the value of social media is shifting away from content hosting and removal, and towards recommendation algorithms directing one's attention. Unfortunately, these algorithms are typically proprietary, and one can't choose or build alternatives. Yet. Third, existing social media incentives frequently lead to attention being focused on content and conversation that sparks controversy and outrage, rather than conversation which informs and promotes health. Finally, new technologies have emerged to make a decentralized approach more viable. Blockchain points to a series of decentralized solutions for open and durable hosting, governance, and even monetization. Much work to be done, but the fundamentals are there. Twitter CTO Parag Agrawal is tasked with finding a lead for the project, who will build a team of up to five people. The Bluesky account's only tweet quotes Dorsey with the comment "lo" -- a reference to the first message ever sent on the internet.

"At least 20 web hosting providers have hastily notified customers today, Saturday, December 7, that they plan to shut down on Monday, giving their clients two days to download data from their accounts before servers are shut down and wiped clean," reports ZDNet.

And no refunds are being provided: All the services offer cheap low-end virtual private servers [and] all the websites feature a similar page structure, share large chunks of text, use the same CAPTCHA technology, and have notified customers using the same email template. All clues point to the fact that all 20 websites are part of an affiliate scheme or a multi-brand business ran by the same entity...

As several users have pointed out, the VPS providers don't list physical addresses, don't list proper business registration information, and have no references to their ownership... A source in the web hosting industry who wanted to remain anonymous told ZDNet that what happened this weekend is often referred to as "deadpooling" -- namely, the practice of setting up a small web hosting company, providing ultra-cheap VPS servers for a few dollars a month, and then shutting down a few months later, without refunding customers.

"This is a systemic issue within the low-end market, we call it deadpooling," the source told us. "It doesn't happen often at this scale, however."
ZDNet provided this alphabetical list of the 20 companies: ArkaHosting, Bigfoot Servers, DCNHost, HostBRZ, HostedSimply, Hosting73, KudoHosting, LQHosting, MegaZoneHosting, n3Servers, ServerStrong, SnowVPS, SparkVPS, StrongHosting, SuperbVPS, SupremeVPS, TCNHosting, UMaxHosting, WelcomeHosting, X4Servers.

However, "A user who was impacted by his VPS provider's shutdown also told ZDNet that the number of VPS providers going down is most likely higher than 20, as not all customers might have shared the email notification online, with others."

Facebook, Mozilla, and Cloudflare announced today a new technical specification called TLS Delegated Credentials, currently undergoing standardization at the Internet Engineering Task Force (IETF). From a report: The new standard will work as an extension to TLS, a cryptographic protocol that underpins the more widely-known HTTPS protocol, used for loading websites inside browsers via an encrypted connection. The TLS Delegate Credentials extension was specifically developed for large website setups, such as Facebook, or for website using content delivery networks (CDNs), such as Cloudflare. For example, a big website like Facebook has thousands of servers spread all over the world. In order to support HTTPS traffic on all, Facebook has to place a copy of its TLS certificate private key on each one. This is a dangerous setup. If an attacker hacks one server and steals the TLS private key, the attacker can impersonate Facebook servers and intercept user traffic until the stolen certificate expires. The same thing is also valid with CDN services like Cloudflare. Anyone hosting an HTTPS website on Cloudflare's infrastructure must upload their TLS private key to Cloudflare's service, which then distributes it to thousands of servers across the world. The TLS Delegate Credentials extension allows site owners to create short-lived TLS private keys (called delegated credentials) that they can deploy to these multi-server setups, instead of the real TLS private key.

Dutch police have taken down this week a bulletproof hosting provider that has sheltered tens of IoT botnets that have been responsible for hundreds of thousands of DDoS attacks around the world, ZDNet reports. From the report: Servers were seized, and two men were arrested yesterday at the offices of KV Solutions BV (KV hereinafter), a so-called bulletproof hosting provider, a term used to describe web hosting providers that ignore abuse reports and allow cybercrime operations to operate on their servers. For two years, the company has provided hosting infrastructure to internet criminals, and has been one of the most serious offender at that, hosting all sorts of badies, from phishing pages to vulnerability scanners, and from crypto-mining operations to malware repositories. But above all, the company has made a reputation in cyber-security circles for being a hotspot for DDoS botnets, with cyber-criminals renting KV servers to host their bot scanners, malware, and command-and-control (C&C) servers, knowing they'd be safe from "harm."

New submitter sysrammer writes: "The European Union's highest court ruled Thursday that individual member countries can force Facebook to remove what they regard as unlawful material from the social network all over the world -- a decision experts say could hinder free speech online and put a heavy burden on tech companies," reports The Associated Press. "The ruling essentially allows one country or region to decide what Internet users around the world can say and what information they can access," said CCIA Europe senior manager Victoria de Posson. "What might be considered defamatory comments about someone in one country will likely be considered constitutional free speech in another. Few hosting platforms, especially startups, will have the resources to implement elaborate monitoring systems." Another turn of the screw in the interaction between privacy and free speech.

dryriver writes: BitChute is a video-hosting website like YouTube, except that it states its mission as being "anti-censorship" and is Peer-To-Peer, WebTorrent based. "It is based on the peer-to-peer WebTorrent system, a JavaScript torrenting program that can run in a web browser," according to Wikipedia. "Users who watch a video also seed it. BitChute does not rely on advertising, and users can send payments to video creators directly. In November 2018 BitChute was banned from PayPal." So it seems that you don't need huge datacenters to build something like YouTube -- Bitchute effectively relies on its users to act as a distributed P2P datacenter. Is this the future of internet video? Will more and more people flock to P2P video-hosting sites as/when more mainstream services like YouTube fall prey to various forms of censorship?

An anonymous reader quotes a report from Bloomberg: The government of one of China's top technology hubs is dispatching officials to 100 local corporations including e-commerce giant Alibaba, the latest effort to exert greater influence over the country's massive private sector. Hangzhou, in the eastern province of Zhejiang, is assigning government affairs representatives to facilitate communication and expedite projects, the city government said on its website. Chinese beverage giant Hangzhou Wahaha and automaker Zhejiang Geely are among the other companies based in the prosperous region that have been singled out, according to reports in state media.

The Hangzhou government said the initiative was aimed at smoothing work flow between officials and China's high-tech companies and manufacturers. But the move could be perceived also as an effort to keep tabs on a non state-owned sector that's gaining clout as a prime driver of the world's No. 2 economy. Representatives of the country's public security system are already embedded within China's largest internet companies, responsible for crime prevention and stamping out false rumors. Government agencies may also be heightening their monitoring of the vast private sector at a time China's economy is decelerating -- raising the prospect of destabilizing job cuts as enterprises try to protect bottom lines. Alibaba is hosting its annual investors' conference this week in Hangzhou against the backdrop of a worsening outlook for the country.

"Australian internet service providers have been ordered to block eight websites hosting video of the Christchurch terrorist attacks," according to the Guardian.

Slashdot reader aberglas shares their report: In March, shortly after the Christchurch massacre, Australian telecommunications companies and internet providers began proactively blocking websites hosting the video of the Christchurch shooter murdering more than 50 people or the shooter's manifesto. A total of 43 websites based on a list provided by Vodafone New Zealand were blocked. The government praised the internet providers despite the action being in a legally grey area by blocking the sites from access in Australia for people not using virtual private networks (VPNs) or other workarounds.

To avoid legal complications the prime minister, Scott Morrison, asked the e-safety commissioner and the internet providers to develop a protocol for the e-safety commissioner to order the websites to block access to the offending sites. The order issued on Sunday covers just eight websites, after several stopped hosting the material, or ceased operating, such as 8chan. The order means the e-safety commissioner will be responsible for monitoring the sites. If they remove the material they can be unblocked. The blocks will be reviewed every six months.

"The remaining rogue websites need only to remove the illegal content to have the block against them lifted," the e-safety commissioner, Julie Inman Grant, said.

Australia laid out some of the country's first concrete steps to make good on its promise of combating the spread of extremism online at this year's G7 leader's forum, Reuters reported Sunday. From a report: Officials said the government intends to cut off all access to any internet domain that fails to block terrorist material during a crisis event, and legislation requiring online platforms to upgrade their safety measures is also being considered. "We are doing everything we can to deny terrorists the opportunity to glorify their crimes," said Australian Prime Minister Scott Morrison, per Reuters. These measures come in the wake of a terrorist attack in March that killed 51 people at two mosques in New Zealand. The tragedy was livestreamed on Facebook, with the footage quickly spreading to other online platforms that, in turn, hurried to shut it down. The incident prompted increased scrutiny from both Australia and New Zealand about how these platforms moderate their content.

Officials said they're establishing a framework to enable them to block access to domains hosting extremist violence, a decision which would be determined by Australia's eSafety Commissioner on a case-by-case basis. Hosting material "showing murder, attempted murder, rape, torture, or kidnapping" recorded by someone involved in the act, per Reuters, would also trigger a government block on that domain. To help police this new policy, the country plans to establish a 24/7 Crisis Coordination Centre to suss out such material online.

Exactly 28 years ago today, a 21-year-old student named Linus Torvalds made a fateful announcement on the Usenet newsgroup comp.os.minix.

i-Programmer commemorates today's anniversary with some interesting trivia: Back in 1991 the fledgling operating system didn't have a name, according to Joey Sneddon's 27 Interesting Facts about Linux:

Linux very nearly wasn't called Linux! Linus wanted to call his "hobby" project "FreaX" (a combination of "free", "freak" and "Unix"). Thankfully, he was persuaded otherwise by the owner of the server hosting his early code, who happened to prefer the name "Linux" (a combination of "Linus" and "Unix").

One fact I had been unaware of is that the original version of Linux wasn't open source software. It was free but was distributed with a license forbidding commercial use or redistribution. However, for version 0.12, released in 1992, the GPL was adopted making the code freely available.
Android Authority describes the rest of the revolution: Torvalds announced to the internet that he was working on a project he said was "just a hobby, won't be big and professional." Less than one month later, Torvalds released the Linux kernel to the public. The world hasn't been the same since...

To commemorate the nearly 30 years that Linux has been available, we compiled a shortlist of ways Linux has fundamentally changed our lives.

- Linux-based operating systems are the number-one choice for servers around the world... As of 2015, web analytics and market share company W3Cook estimated that as many as 96.4% of all servers ran Linux or one of its derivatives. No matter the exact number, it's safe to say that the kernel nearly powers the entire web...

- In Oct. 2003, a team of developers forked Android from Linux to run on digital cameras. Nearly 16 years later, it's the single most popular operating system in the world, running on more than 2 billion devices. Even Chrome OS, Android TV, and Wear OS are all forked from Linux. Google isn't the only one to do this either. Samsung's own in-house operating system, Tizen, is forked from Linux as well, and it's is even backed by The Linux Foundation.

- Linux has even changed how we study the universe at large. For similar reasons cars and supercomputers use Linux, NASA uses it for most of the computers aboard the International Space Station. Astronauts use these computers to carry out research and perform tasks related to their assignments. But NASA isn't the only galaxy studying organization using Linux. The privately-owned SpaceX also uses Linux for many of its projects. In 2017, SpaceX sent a Linux-powered supercomputer developed by HP to space and, according to an AMA on Reddit, even the Dragon and Falcon 9 run Linux.
"Without it," the article concludes, "there would be no science or social human development, and we would all still be cave-people."

An anonymous reader shares a report: When climate change comes for our coffee and our wine, we'll moan about it on Twitter, read about it on our favorite websites, and watch diverting videos on YouTube to fill the icy hole in our hearts. We'll do all this until the websites go dark and the networks go down because eventually, climate change will come for our internet, too. That is, unless we can get the web ready for the coming storms. Huge changes will be needed because right now, the internet is unsustainable. On the one hand, rising sea levels threaten to swamp the cables and stations that transmit the web to our homes; rising temperatures could make it more costly to run the data centers handling ever-increasing web traffic; wildfires could burn it all down. On the other, all of those data centers, computers, smartphones, and other internet-connected devices take a prodigious amount of energy to build and to run, thus contributing to global warming and hastening our collective demise.

To save the internet and ourselves, we'll need to harden and relocate the infrastructure we've built, find cleaner ways to power the web, and reimagine how we interact with the digital world. Ultimately, we need to recognize that our tremendous consumption of online content isnâ(TM)t free of consequences -- if we're not paying, the planet is. You probably don't think about it when you're liking a photo or reading an article, but everything you do online is underpinned by a globe-spanning labyrinth of physical infrastructure. There are the data centers hosting the web and managing enormous flows of information on the daily. There are the fiber cables transmitting data to into our homes and offices, and even across oceans. There are cell towers sending and receiving countless calls and texts on the daily.

Internet hate forum 8chan has gone dark after web services company Voxility banned the site -- and also banned 8chan's new host Epik, which had been leasing web space from it. From a report: Epik began working with 8chan over the weekend after web services giant Cloudflare cut off service, following the latest of at least three mass shootings linked to 8chan. But Stanford researcher Alex Stamos noted that Epik seemed to lease servers from Voxility, and when Voxility discovered the content, it cut ties with Epik almost immediately. "As soon as we were notified of the content that Epik was hosting, we made the decision to totally ban them," Voxility business development VP Maria Sirbu told The Verge. Sirbu said it was unlikely that Voxility would work with Epik again. "This is the second situation we've had with the reseller and this is not tolerable," she said.

"We just sent notice that we are terminating 8chan as a customer effective at midnight tonight Pacific Time," writes Cloudflare CEO Matthew Prince.

"The rationale is simple: they have proven themselves to be lawless and that lawlessness has caused multiple tragic deaths. Even if 8chan may not have violated the letter of the law in refusing to moderate their hate-filled community, they have created an environment that revels in violating its spirit." We do not take this decision lightly. Cloudflare is a network provider. In pursuit of our goal of helping build a better internet, we've considered it important to provide our security services broadly to make sure as many users as possible are secure, and thereby making cyberattacks less attractive -- regardless of the content of those websites. Many of our customers run platforms of their own on top of our network. If our policies are more conservative than theirs it effectively undercuts their ability to run their services and set their own policies. We reluctantly tolerate content that we find reprehensible, but we draw the line at platforms that have demonstrated they directly inspire tragic events and are lawless by design. 8chan has crossed that line. It will therefore no longer be allowed to use our services.

Unfortunately, we have seen this situation before and so we have a good sense of what will play out. Almost exactly two years ago we made the determination to kick another disgusting site off Cloudflare's network: the Daily Stormer. That caused a brief interruption in the site's operations but they quickly came back online using a Cloudflare competitor. That competitor at the time promoted as a feature the fact that they didn't respond to legal process. Today, the Daily Stormer is still available and still disgusting. They have bragged that they have more readers than ever. They are no longer Cloudflare's problem, but they remain the Internet's problem.

I have little doubt we'll see the same happen with 8chan.
Prince adds that since terminating the Daily Stormer they've been "engaging" with law enforcement and civil society organizations to "try and find solutions," which include "cooperating around monitoring potential hate sites on our network and notifying law enforcement when there was content that contained an indication of potential violence." Earlier today Prince had used this argument in defense of Cloudflare's hosting of the 8chan, telling the Guardian "There are lots of competitors to Cloudflare that are not nearly as law abiding as we have always been." He added in today's blog post that "We believe this is our responsibility and, given Cloudflare's scale and reach, we are hopeful we will continue to make progress toward solving the deeper problem."

"We continue to feel incredibly uncomfortable about playing the role of content arbiter and do not plan to exercise it often.... Cloudflare is not a government. While we've been successful as a company, that does not give us the political legitimacy to make determinations on what content is good and bad. Nor should it. Questions around content are real societal issues that need politically legitimate solutions..."

"What's hard is defining the policy that we can enforce transparently and consistently going forward. We, and other technology companies like us that enable the great parts of the Internet, have an obligation to help propose solutions to deal with the parts we're not proud of. That's our obligation and we're committed to it."

The Guardian learned that the suspected mass shooter at an El Paso, Texas Walmart "is believed to also have posted a white nationalist rant on 8chan" -- then interviewed the CEO of the company hosting it. If the connection between the 21-year-old suspect in Saturday's massacre and the 8chan document is confirmed -- and law enforcement sources told NBC News that they are "reasonably confident" that they are linked -- then the El Paso attack will mark the third mass shooting in less than six months that was announced in advance on the message board... Throughout the day on Saturday, 8chan users discussed the massacre and the suspect, with many referring to the alleged shooter as "our guy" and praising the number of people killed...
UPDATE: 8:25 p.m. PST: Cloudflare's CEO announced that they are in fact terminating 8chan, effective at midnight PST.

Here are his remarks to the Guardian less than 24 hours earlier... "If I could wave a magic wand and make all of the bad things that are on the internet go away -- and I personally would put the Daily Stormer and 8chan in that category of bad things -- I would wave that magic wand tomorrow," [Cloudflare CEO Matthew] Prince said. "It would be the easiest thing in the world and it would feel incredibly good for us to kick 8chan off our network, but I think it would step away from the obligation that we have and cause that community to still exist and be more lawless over time."

Prince argued that keeping "bad" sites within Cloudflare's network means that the company is able to help monitor activity and flag illegal content to law enforcement. While he would not comment on specifics, he said that Cloudflare receives "regular requests" from law enforcement not to ban certain sites. "There are lots of competitors to Cloudflare that are not nearly as law abiding as we have always been," he said. "The minute that someone isn't on our network, they're going to be on someone else's network...." Prince also rejected any implication that Cloudflare's position is self-interested. "The right answer from a pure business perspective is just to kick them off," he said of 8chan. "Of the 2 million-plus Cloudflare customers, they don't matter, and the pain that they cause is well beyond anything else."

Keeping 8chan within its network is a "moral obligation", he said, adding: "We, as well as all tech companies, have an obligation to think about how we solve real problems of real human suffering and death. What happened in El Paso is abhorrent in every possible way, and it's ugly, and I hate that there's any association between us and that... For us the question is which is the worse evil? Is the worse evil that we kick the can down the road and don't take responsibility? Or do we get on the phone with people like you and say we need to own up to the fact that the internet is home to many amazing things and many terrible things and we have an absolute moral obligation to deal with that."