Our judicial system enabling content authors to go after non-hosting content delivery network services like CloudFlare and making the act of doing so _a successful tactic_ is _dangerous to the public_.
Why do I say that? CloudFlare does not host content at all. All content delivery networks do not host content (arguable) but only effectively _relay_ content such that delivery is faster. Once the origin server goes down, so does the content. This is an integral part of how CDNs operate. They should not be subject to DMCA take-down notices either, because they don't host content -- just enable it.
Its dangerous to the public because this significantly raises the cost in starting such a service, because now you're not just enabling faster delivery of content but suddenly you're responsible for the content itself. Handling DMCA takedowns quickly becomes fast because these large corporations will abuse the process with automation, and in turn you _must_ respond actively as if each one is 100% correct. If you want a cost-effective solution then suddenly Sony has unrestrained access to delete content from your service. This is serious.
It makes sense to have services like Youtube, image hosting sites, or file hosting sites respond to DMCA takedowns because _they are responsible for the content_ and reaching out to the uploader would mean companies need to reveal personal information of uploaders (which would quickly be abused).
But CloudFlare or other CDNs and their systems _do not have such knowledge_. They don't know who is responsible for uploading content or the ability to investigate if it's infringing on someones copyright.
If Sony doesn't like someone uploading a video to YouTube, they can file away a DMCA takedown for it. Right now Youtube has the _oppertunity_ to look into this case and fight it legally if they feel it is important. The key here is that the DMCA goes to the actual content host, Youtube. But if CloudFlare was serving Youtube and got a DMCA to takedown some video, suddenly Youtube can't fight this in court because _its not a DMCA to YouTube but to CloudFlare_.
Corporations should be required to go through proper legal systems in which the content host can respond to DMCAs and fight them if they wish to. We should be afraid of giving out giant ban-hammers more than we already have.
I agree with you. To take the original ruling a step further towards absurdity, why not make ISPs filter out any traffic even mentioning the word grooveshark. And don't forget those pesky cables running from an exchange to your house carrying those bits, why not force the local exchanges to filter that traffic. Computer monitor makers; how about forcing them to not display the word grooveshark.
The further and further you get from the origin (content producers/hosts), the more ridiculous the claim sounds. But the expectation is somehow different.
> All content delivery networks do not host content (arguable) but only effectively _relay_ content such that delivery is faster. Once the origin server goes down, so does the content. This is an integral part of how CDNs operate.
What's the point of a service that caches and accelerates errors?
If this is by design, then I don't understand most of the value proposition of CDNs. If my origin is overloaded, down, or throwing intermittent errors, I want the CDN to cover for this. But no, a CDN is just a set of mirrors for whatever you're serving now.
> If my origin is overloaded, down, or throwing intermittent errors, I want the CDN to cover for this.
Sure, that is another configuration available by many CDNs as well.
Many CDNs however suggest that your origin is contacted by nobody except the CDN itself (not true for CloudFlare, though). It can then perfectly replicate your origin's content as it is updated without overbearing your origin.
Only within the scope of DDoS protection. There's no use relying on Cloudflare to keep your site up in that scenario while publicly broadcasting your real server IP, ripe and defenceless, at direct.mydomain.com
It seems very likely that CDNs will acquire special rights designations when it comes to content responsibility, much like search engines have. Whether that will occur through judicial precedent, or through specific legislation, is the only question.
Of course regarding a DMCA style notification, an end user (IP Holder) won't necessarily know the origin ISP, only CloudFlare. In this case, I think CloudFlare was the correct target, as end users are getting the content from CloudFlare even if relaying as an intermediary.
I'm not in favor of ever encroaching IP restrictions and expanding laws... that said, in this case the CDN. At the very least they can and should block specific URLs upon request, and notify the client as such. However... a specific URL may or may not include additional/fewer query string parameters.
Why do you think that a CDN reduces privacy any more than if a company such as YouTube hosted 100k servers themselves (presumably maintained by _paid_ employees or by another company themselves such as Amazon)?
Nobody[1] complaining about these kinds of privacy issues is talking about the 2nd-party service you are talking to knowing about the requests you explicitly make for it's data. That is the expected transaction, even from the perspective of a non-technical user. (if you want a youtube video, you're going to have to ask youtube for it, and youtube probably logs that request)
The problem with CDNs - and google analytics, facebook "like" buttons, 3rd-party ad networks, etc - is that they are not, from most people's preservative, an expected part of the transaction. They are a 3rd party eavesdropping on the conversation.
In the case of some of those eavesdroppers, such as CDNs, GA or (to a slightly lesser amount) Facebook's "like" buttons, there is also the serious problem of aggregation. Cloudflare and Google are both in a position where they can aggregate your browsing history from not only youtube, but also to a very large percentage of the network. This is easily enough information to make the mining of very personal data, including data that you never divulged directly but can be inferred with the various machine learning[2] techniques that now exist.
Also, the intent of the people at Google or Cloudflare doesn't really matter. I'm sure most/all of the people working at those places are currently well-meaning. The problem is that once data is recorded it stays around forever, so the question isn't if the people currently at Google or Cloudflare would misuse that data, but if anybody with access to that data in the future would misuse it. Allowing personal data to be aggregated creates a temping target for both people that want to profit from that knowledge and governments with national security letters.
[1] modulo a few cranks that don't seem to understand that the server needs to know your IP address if you want it to send you any data
[2] In many cases, it probably only takes a few carefully-written SQL "JOIN" clauses
Last week, Judge Alison J. Nathan of the U.S. District Court for the Southern District of New York ruled that CloudFlare does not have to search out and block customers who use variations on the name “grooveshark.” Instead, CloudFlare must take action only if it has “knowledge of an infringement” (for example, when the labels send a takedown notice). Given that this is essentially what US law already requires, Judge Nathan’s order puts paid to the latest strategy to institute trademark- and copyright-related filtering – at least in this case.
Fantastic. Good to see some judges demonstrating some common sense here.
Why do I say that? CloudFlare does not host content at all. All content delivery networks do not host content (arguable) but only effectively _relay_ content such that delivery is faster. Once the origin server goes down, so does the content. This is an integral part of how CDNs operate. They should not be subject to DMCA take-down notices either, because they don't host content -- just enable it.
Its dangerous to the public because this significantly raises the cost in starting such a service, because now you're not just enabling faster delivery of content but suddenly you're responsible for the content itself. Handling DMCA takedowns quickly becomes fast because these large corporations will abuse the process with automation, and in turn you _must_ respond actively as if each one is 100% correct. If you want a cost-effective solution then suddenly Sony has unrestrained access to delete content from your service. This is serious.
It makes sense to have services like Youtube, image hosting sites, or file hosting sites respond to DMCA takedowns because _they are responsible for the content_ and reaching out to the uploader would mean companies need to reveal personal information of uploaders (which would quickly be abused).
But CloudFlare or other CDNs and their systems _do not have such knowledge_. They don't know who is responsible for uploading content or the ability to investigate if it's infringing on someones copyright.
If Sony doesn't like someone uploading a video to YouTube, they can file away a DMCA takedown for it. Right now Youtube has the _oppertunity_ to look into this case and fight it legally if they feel it is important. The key here is that the DMCA goes to the actual content host, Youtube. But if CloudFlare was serving Youtube and got a DMCA to takedown some video, suddenly Youtube can't fight this in court because _its not a DMCA to YouTube but to CloudFlare_.
Corporations should be required to go through proper legal systems in which the content host can respond to DMCAs and fight them if they wish to. We should be afraid of giving out giant ban-hammers more than we already have.