Bizarre they appear to have skipped the H2 2022 transparency report unless I’m missing something
If adamgamble's speculation were the case, I'd go to jail for things I'd have illegally signed in our SEC disclosures attesting to the sources of our revenue and any government contracts. Suffice it to say, I like not being in jail. It's really, really hard for public companies to be part of some grand conspiracy for so many different reasons. So… once we went public I kind of thought this silly speculation would end. But guess not.
Beyond that, if you think about it, it's a way better business to run Cloudflare and serve the world than serve some US intelligence entity. That's just per se true. So if that's the case why would we ever do anything that would remotely compromise the trust necessary to, you know, be Cloudflare?
Lastly, here's a funny story. Early in our history one of our investors suggested that we talk to In-Q-Tel. Here's how naive Michelle and I were: we had no idea it was the CIA's venture capital arm. So we showed up in their office on Sand Hill Road. It was weirdly austere compared with other VCs we'd visited. And lots of security cameras. The partner at some point came out and greeted us. As he was walking us back he looked back right before we crossed the threshold back to the inner offices, "You're both American citizens, right?"
"No," Michelle said. "I'm Canadian."
"Oh." the VC said. Then you can't come back here.”
"I'm not going back there without her," I said.
"Ok, well, I guess we'll have to do the meeting in the reception area," decided the In-Q-Tel VC.
We had a very cordial meeting and then left. As we were driving away Michelle said, "Those guys were weird." And that was the end of that. Never talked to In-Q-Tel again.
But maybe it's the Canadian equivalent of the CIA/FBI/NSA we're beholden to??! ;-)
In fairness, there are quite a number of public companies that turned out to be operating partially as fronts for spying agencies (AT&T is the shining example here). So simply being a public company could not be expected to serve as some kind of proof of independence.
CIA/FBI/NSA agreements include immunity from prosecution in the US at least. Your problem would be in foreign jurisdictions only.
As difficult as it was to keep PRISM and the many other overt and covert arrangements (public, private but leaked, and private but not yet leaked) between backbones, carriers, CDNs, hosting providers, ISPs, etc., and the agencies leveraging them, out of each firm's public filings?
Because evidence is it's not difficult at all, considering the whole of the 30 years since the Internet went commercial.
Can you guarantee my Firefox browser will keep on working on 'the open internet' now Chrome moves towards "Web Environment Integrity" and Safari towards "Private Access Tokens" and Cloudflare is supporting and implementing such technologies on scale?
I intent to not participate in these DRM APIs with my Firefox browser and would like to keep browsing the internet.
Not many users who encounter your service while trying to connect to a website will know _anything_ about your company, let alone knows its public or read disclosures.
Cloudflare has a public perception and sentiment problem and dismissing it as you have will lead to an inevitably negative outcome.
Their lack of reply (if that turns out to be the case) on this post would be telling.
What you should be asking is their precedent for compelled false speech, which is a much more interesting and difficult to answer.
https://www.mtsu.edu/first-amendment/encyclopedia/case/30/co...
They can say "don't do anything". They can't say "don't avoid doing something." That's the point if the age of the warrant canary notification--they stopped updating it. This is in effect a dead canary, they're saying they are subject to an order they can't disclose.
There was, is. There likely won't be, going forward.
1. Cloudflare has never turned over our encryption or authentication keys or our customers' encryption or authentication keys to anyone.
2. Cloudflare has never installed any law enforcement software or equipment anywhere on our network.
3. Cloudflare has never provided any law enforcement organization a feed of our customers' content transiting our network.
4. Cloudflare has never modified customer content at the request of law enforcement or another third party.
5. Cloudflare has never modified the intended destination of DNS responses at the request of law enforcement or another third party.
6. Cloudflare has never weakened, compromised, or subverted any of its encryption at the request of law enforcement or another third party.
Cloudflare has never been compelled to give up information to an agency called AAA. Cloudflare has never been compelled to give up information to an agency called AAB. ...etc.
It doesn’t mean that they are not helpful. Just that - as warrant canaries go - they are not complete.
You would assume, but when the Riseup canary expired plenty of people seemed willing to believe that a procedural issue or carelessness was to blame.
From a practical perspective I don't imagine that cloudflare removing a canary could give any one organization a signal - I don't know what the bar for a 'disclosure' is but informally I would not consider it a targeted specific warning.
EDIT: the other component I am curious about is duration, there is still utility in the canary even if it comes late, future users will know that there was a compromise and that further ones are likely, right?
No warrant is needed by any government agent to read your email that is over six months old and the major providers just give them a backdoor so as not to waste any time/money with requests.
Who is going to stop them from doing that with anything else? The supreme court? Good luck with that belief system. You think the NSA ever stopped just because they were discovered? Or did they just switch to "try to stop us".
Fraud? Fraud against who? For what damages?
Signaling that their infrastructure has been compromised is kind of a weird lie for them to make though...
Bear in mind Google doesn't have a warrant canary because it is served literally hundreds or thousands of warrants per year, to the tune it's just called a transparency report to count them.
