Cloudflare severs ties with 8chan after El Paso shootings

Internet services provider Cloudflare says it has cut ties with the 8chan message boards, which have been linked with white nationalist content and hate speech.

Cloudflare’s actions to remove DDoS (Distributed Denial of Service) protection comes in the wake of the El Paso mass shooting on 3 August, which is being treated as a terrorist attack by US law-enforcement agencies.

In a blog post on the company’s website, Cloudflare CEO Matthew Prince said that the gunman, who is now in police custody, seems to have posted his “manifesto” to 8chan immediately before his attack. The same thing happened before the Christchurch mosque shooting in March 2019, he noted.

Saying that the company would not tolerate encouragement of criminal behaviour, Prince wrote: “We reluctantly tolerate content that we find reprehensible, but we draw the line at platforms that have demonstrated they directly inspire tragic events and are lawless by design. 8chan has crossed that line. It will therefore no longer be allowed to use our services.”

8chan remains offline at the time of this report.

A DDoS attack is when multiple attackers attempt to access a website or computer system simultaneously, overwhelming its servers with requests and making it inaccessible to users.

What is 8chan?

The 8chan message boards grew out of the 4chan community in 2013, and were originally comprised of former 4chan users who left the site after it banned content on the Gamergate controversy.

Much like 4chan, it is unmoderated, and contains not only far-right content, but also boards which discuss child rape, support the QAnon conspiracy, and the “doxxing and swatting” of opponents (finding out personal details of individuals, and then having armed police sent to their homes).

It has become, the New York Times reports, the go-to resource for violent extremists, who are able to discuss their plans anonymously with like-minded users. This “megaphone for mass shooters, and a recruiting platform for violent white nationalists”, has been linked to at least three mass shootings this year.

Speaking to the NYT, 8chan’s creator Frederick Brennan, who gave up ownership of the site in 2015, says it is time 8chan was shut down.

The site is currently operated out of the Philippines by former US Army veteran Jim Watkins.

Speaking to Splinter News in 2016, Watkins said he was strongly in favour of free speech on the site. “”As long as they are not making imminent threats of harm against someone, their speech is protected political speech,” he said at the time.

Watkins circumvents problems with hosting the message boards by running them through a company which he owns. However, until yesterday, he purchased DDoS protection from Cloudflare.

What next?

As Cloudflare’s Matthew Prince remarks, there is nothing to prevent 8chan from buying similar services from another company.

This is exactly what happened when Cloudflare cut off access to the extreme-right wing website Daily Stormer.

“That caused a brief interruption in the site’s operations but they quickly came back online using a Cloudflare competitor. Today, the Daily Stormer is still available and still disgusting.

“They are no longer Cloudflare’s problem, but they remain the Internet’s problem,” he wrote.

While it is “open season” on 8chan for its opponents (8ch.net is inaccessible at the time of writing), it will almost certainly return as soon as it finds a provider willing to offer it online protection services.

8chan’s sysadmin Ron Watkins tweeted on 5 August that there are plans to switch providers to US-based Bitmitigate.

Who are Cloudflare?

San Francisco-based Cloudflare is a web infrastructure and security company, providing its clients with – amongst other things – DNS services, DDoS protection and internet firewalls.

It is not, as CEO Matthew Prince points out, an arbiter of what is good or bad content.

It has, however, been accused of allowing jihadist websites to access its services. An investigation by French newspaper Le Monde in 2015 revealed up to 24 sites were using Cloudflare’s DDoS services.

In January 2016, Le Figaro reported that US-based services providers, including Archive.org and Cloudflare were “passively aiding and abetting” jihadist sites by providing hosting and data protection services.

However, Cloudflare seems to have changed its attitude since 2016, with the company saying that it now cooperates with national governments over unacceptable and lawless content.

“We will continue to engage with lawmakers around the world as they set the boundaries of what is acceptable in their countries through due process of law. And we will comply with those boundaries when and where they are set,” Matthew Prince wrote.

While that may be the case, a WHOIS search of pro-al-Qaeda jihadist website bayaan.info shows that its DNS services have been provided by Cloudflare since at least September 2018.

Also using Cloudflare are “official” al-Qaeda website alsahabmedia.info, according to WHOIS records.