Neo-Nazis Expose the Internet’s Big Weakness – Bloomberg
An obscure internet executive’s decision to shut down a neo-Nazi website has rightly sparked a debate about how to govern the global computer network. On a technical level, though, it also demonstrates how vulnerable this supposedly resilient mode of communication has become.
The Daily Stormer, which spreads neo-Nazi propaganda using cartoon frogs and anime avatars, was far from the most beloved page on the web. The site had already relocated to a Russian domain after multiple U.S. registrars canceled its name registration. Then Matthew Prince, CEO of content network provider Cloudflare, delivered the decisive blow, explaining in a company-wide email that “the people behind the Daily Stormer are assholes and I’d had enough.”
Cloudflare was capable of shutting down The Daily Stormer thanks to the critical role the company plays in our internet infrastructure. When you visit Bloomberg.com, you’re not connecting to a server in New York — the site would be far too slow for readers on the other side of the globe. You’re actually connecting to a content delivery network that caches copies of this site in data centers all around the world. By distributing traffic across hundreds of servers, such networks respond quickly to visitors while protecting sites against denial of service attacks — attempts to make a service unavailable by overwhelming it with junk traffic from networks of bots. These days, hackers can rent a botnet for as little as $20 an hour, which makes services like Cloudflare essential for sites that might provoke vigilante botnet attacks.
Although Cloudflare’s terms of service allow it to terminate users at its own discretion — and it wouldn’t be alone in doing so — the company has long sought to take a neutral stance. It has faced criticism for serving ISIS propaganda sites and enabling the spread of malware and pirated content, and has argued that its job was to maintain the pipes, not monitor them. Recognizing that his approach toward the neo-Nazis represented a departure, Prince emphasized that the state of affairs was not optimal: “Literally, I woke up in a bad mood and decided someone shouldn’t be allowed on the Internet. No one should have that power.”
Indeed, this is not how the internet was supposed to work. It was designed to be a decentralized communications system with enough distributed capacity to survive a nuclear strike. But over the years, economies of scale have led sites and services to pile into just a few infrastructure providers like Cloudflare, leaving large portions of the internet vulnerable at multiple levels. Last October, an attack on a domain-name service provider disabled many popular sites for most of a day. More recently, a cloud-storage malfunction reminded the world that Amazon Web Services controls 31 percent of the global cloud infrastructure market. And now we see that the internet is vulnerable to the mood swings of a content delivery network CEO.
Prince recommends that a legal framework be established for content restrictions, so that censorship decisions aren’t dominated by a handful of providers. This might make sense in an ideal world, but we should bear in mind that Donald Trump is president before suggesting that the government set rules for online discourse. Beyond that, if we create a content regulation framework, we may be resigning ourselves to an internet controlled by a few common carriers.
That would be unfortunate, because the whole point of the internet’s distributed structure is to allow information to get around points of failure or blockage. Recent attempts at online censorship have motivated the organization of the Alt Tech Alliance, a movement to build alternative internet services for those shunned by mainstream providers. While we might disagree with their criteria for content acceptability, the availability of competing service providers makes the entire internet more resilient.
In other words, if we want a reliable system, we’ll also have to abandon the idea of setting uniform rules for content — no matter how reprehensible some users may be.
This column does not necessarily reflect the opinion of the editorial board or Bloomberg LP and its owners.
DDoS attacks have also been employed to take a site offline until ransom is paid.
Competitors exist, but cloud infrastructure services have become commoditized, and small players struggle to stay in business.
To contact the editor responsible for this story:
Mark Whitehouse at firstname.lastname@example.org