We're talking about the same sort of 'major cloud providers' that just allowed malicious code from a rando into their SDK (Amazon Q) with no review, right?

This is not the US, and that's not how the GDPR works. Regardless of what the ToS say. Consent is to be separately and voluntarily collected, not bundled with any other terms, and not as a prerequisite for the service to be usable. Otherwise it's not valid consent under the GDPR.

Small correction: the bridge is actually still managed by matrix.org AFAIK, it just doesn't live directly on the matrix.org homeserver.

From the sounds of it Freenode didn't have a lot of funding and the corporate/governing structure made it possible for the "head of staff" to sell it off without anyone knowing.

Well that's the thing, it actually didn't. From all available information, there *was* no legitimate sale (christel did not actually own the network), but it was enough of an excuse to legally strongarm the remaining staff into handing over the network, under threat of ruinous lawsuits.

In other words, the takeover was accomplished by pressuring people who couldn't afford a court battle with a millionaire. That's a capitalism problem, not a governance problem.

Matrix has never had centralized authentication. It has always been federated just like XMPP - though with decentralized rooms, unlike XMPP's centralized MUCs.

Like I said, this has been going on for many years, and this isn't the first load of Colocrossing-based providers that deadpools under suspicious circumstances, with seeming preferential treatment by CC. There's a point where this recurs so often that pattern recognition kicks in, and it (rightly!) starts looking a whole lot like CC is involved themselves. There are mountains of evidence against them.

Colocrossing has been involved in this sort of shit for many years now. It's not some sort of isolated incident. This is just the first time it's hit the press. (Also, the cPanel price increase was announced quite some time ago; these providers *continued offering* unsustainable plans *after* that price increase was announced. If that doesn't suggest malicious intentions, what would?)

You're looking up the wrong IPs. Company websites are almost always hosted on a different provider than the services they provide, for redundancy/outage reasons. Their actual services *are* all hosted at Colocrossing, and follow a multi-year pattern of doomed-to-fail hosting providers that all seem to have *just* a little too much involvement from CC itself. There's many years of documentation around CC's business practices and involvement in failed providers hosted there, hardly "too early" by any reasonable definition of the phrase.