Cloudflare outage damages Extensive swathes of the Internet

Cloudflare is currently experiencing an outage, according to its status page. Cloudflare’s technology powers numerous other sites and services across the Internet.

The outage appears to be affecting a range of different places, including Discord, Shopify, Grindr, Fitbit, and Peleton.

The issues are most problematic if you’re a user of Cloudflare’s DNS lookup service. Multiple Verge staff members found they could not access any websites during the outage due to employing Cloudflare’s 1.1.1.1 DNS service. Thankfully, the fix here is simple: change your DNS configuration. Simply switching back to using my ISP’s default DNS settings resolved most of the issues.

Cloudflare has experienced similar issues, such as in July and August 2020. It’s not a unified look for a company that advertises its services to reduce downtime.

Amazon Astro is a household robot that will cost $1499.99 when it goes on sale (you can ask for an invite to test it for $1,000 right now). Designed mainly as a mobile camera for home security, it’s also an Alexa smart speaker on wheels. While an innovative concept, without any arms, there’s not a lot this robot can do.

Cloudflare, Inc. is an American content delivery web and DDoS mitigation company established in 2010. It primarily functions as a reverse proxy between a website’s guest and the Cloudflare customer’s hosting provider. Its headquarters are in San Francisco, California.

Cloudflare was founded in September 2010 by Lee Holloway, Matthew Prince, and Michelle Zatlyn. Prince and Holloway had formerly collaborated on Project Honey Pot, a product of Unspam Technologies. From 2009, the company was venture-capital funded. On August 15, 2019, Cloudflare presented its S-1 filing for IPO on the New York Stock Exchange under the stock ticker NET. It extended for public trading on September 13, 2019, at $15 per share.

In 2020, Michelle Zatlyn, Cloudflare co-founder and COO, was named president, making her one of the few woman presidents of a publicly switched technology company in the U.S.

Since at least 2017, Cloudflare has been employing a wall of lava lamps in its San Francisco headquarters as an origin of randomness for encryption keys, alongside double pendulums in its London headquarters and a Geiger counter in its Singapore offices. The lava lamp installation executes the Lavarand method, where a camera transforms the unpredictable shapes of the “lava” blobs into a digital image. In addition, Cloudflare received media attention in June 2011 for providing DDoS mitigation for the website of LulzSec, a black hat hacking group.

The Spamhaus Project, targeted by a DDoS outbreak in March 2013 that Cloudflare reported surpassed 300 gigabits per second. Patrick Gilmore of Akamai commented that at the time, it was “the largest publicly declared DDoS attack in the history of the Internet.” While trying to safeguard Spamhaus against the DDoS attacks, Cloudflare was also attacked; Google and other companies ultimately came to Spamhaus’ defense and helped it absorb the unprecedented amount of attack traffic.

In February 2014, Cloudflare proclaimed to have mitigated an NTP reflection attack against an unnamed European customer, which peaked at 400 Gbit/s. In November 2014, it conveyed a 500 Gbit/s DDoS attack in Hong Kong. In June 2020, it mitigated a DDoS onslaught that peaked at 250 Gbit/s. Finally, in July 2021, the company declared to have absorbed a DDoS attack three times larger than any they’d hitherto recorded, which their corporate blog implied was over 1.2 Tbit/s in total.

Cloudflare works as a reverse proxy for web traffic. It sustains web protocols including SPDY and HTTP/2, QUIC, and support for HTTP/2 Server Push. In addition, Cloudflare delivers DDoS mitigation services that save customers from distributed denial of service (DDoS) attacks. In 2010, Cloudflare established a Content Distribution Network (CDN) service. Its objective was to be “a CDN for the masses.”

In 2017 Cloudflare established Cloudflare Workers, a serverless computing platform for designing new applications and augmenting existing ones without configuring or maintaining infrastructure. It has developed to include Workers K.V., a low-latency key-value data store; Cron Triggers for scheduling Cron jobs; and extra tooling for developers to deploy and scale their code across the globe.

On September 25, 2019, Cloudflare removed a freemium VPN service for mobile devices called WARP. A year later, beta help for macOS and Windows was released. As of 2020, Cloudflare was delivering DNS services to over 100,000 customers.

In November 2020, Cloudflare reported Cloudflare for Teams, consisting of a DNS resolver and web gateway named “Gateway” and a zero-trust authentication service called “Access.”

In 2014, Cloudflare began delivering free DDoS mitigation for activists, artists, journalists, and human rights groups under “Project Galileo.” More than 1,000 users and organizations participated in Project Galileo as of 2020. In 2017, they extended the benefit to electoral infrastructure and political campaigns under the “Athenian Project.” In December 2020, Cloudflare discharged a beta Jamstack platform for front-end developers to deploy websites on Cloudflare’s infrastructure under the name “Pages.”

Eventually, in January 2021, the company began delivering their “Waiting Room” digital queue product for free for COVID-19 vaccination scheduling under the heading “Project Fair Shot.” Project Fair Shot later beat a Webby People’s Choice Award in 2022 for Event Management under the Apps & Software category.

The hacker group UGNazi bashed Cloudflare in June 2012 by acquiring control over Cloudflare CEO Matthew Prince, voicemail, and email accounts hosted on Google. In addition, they gained administrative control over Cloudflare’s customers and operated that to deface 4chan. Prince later recognized, “The attack was the result of a compromise that allowed the hacker to access my Cloudflare.com email addresses eventually,” As the media indicated at the time, “the keys to his business were open to anyone with access; to his voicemail.”

Tillie Kottmann from the hacking collaborative “Advanced Persistent Threat 69420” in March 2021 demonstrated that the group had acquired root shell access to security cameras in Cloudflare offices driven by cloud-based physical security company Verkada after receiving the credentials of a Verkada superuser account that had been revealed on the Internet.

Cloudflare remarked that the compromised cameras were in offices that had been officially closed for several months. However, the hacking collective also accessed Verkada-operated cameras in Cloudflare’s offices in New York City, London, Austin, and San Francisco. In addition, the hacking group said it had video archives from all Verkada clients; it accessed footage from Cloudflare’s cameras and broadcasted a screenshot of security footage which they said was carried by a Verkada camera in a Cloudflare headquarters.

From September 2016 until February 2017, an influential Cloudflare bug leaked sensitive data from customer websites, including passwords and authentication tokens, by sending extra data in response to web requests. The leaks resulted from a buffer overflow that occurred more than 18,000,000 times before the problem was corrected, according to the numbers provided by Cloudflare at the time.

Cloudflare outages can obtain a large chunk of the web. A significant outage, lasting about 30 minutes, on July 2, 2019, was attributed to lousy software deployment. In 2020, a router misconfiguration caused a data pileup and outage in major European cities. Cloudflare experienced another outage in June 2022.

Cloudflare has been condemned for not banning websites with hate speech content. However, the company has said it has a content neutrality policy and opposes policing its clients on free speech grounds, except in circumstances where the clients break the Law. The company has also encountered criticism for not banning websites allegedly linked to terrorist groups. Still, Cloudflare has argued that no law enforcement agency has asked the company to quit these services and closely observes its obligations under U.S. laws.

Cloudflare has arrived under pressure from multiple experiences due to its services being utilized to serve controversial content. However, as Cloudflare is considered an infrastructure provider rather than a hosting provider, it can maintain broad legal immunity for the content served to its customers.

Cloudflare furnished DNS routing and DoS defense for the white supremacist and neo-Nazi website, The Daily Stormer. In 2017 Cloudflare stopped delivering its services to The Daily Stormer after an announcement on the controversial website announced that the “upper echelons” of Cloudflare were “secretly supporters of their ideology.”

Previously Cloudflare had rejected to take any action regarding The Daily Stormer. However, as a self-described “free speech absolutist,” Cloudflare’s CEO Matthew Prince, in a blog post, vowed never to succumb to external pressure again and sought to create a “political umbrella” for the future.

Prince further addressed the dangers of large companies deciding what is allowed to stay online, a concern shared by several civil liberties groups and privacy experts. For example, the Electronic Frontier Foundation, a U.S. digital rights group, said that services such as Cloudflare “should not be adjudicating what speech is acceptable,” adding that “when illegal activity, like inciting violence or defamation, occurs, the proper channel to deal with it is the legal system.”