Can someone please explain whether Cloudflare blackmailed Canonical?
speckx
255 points
148 comments
May 11, 2026
Related Discussions
Found 5 related stories in 89.6ms across 8,303 title embeddings via pgvector HNSW
- Why is Cloudflare protecting the DDoS'er (beamed.st) attacking Ubuntu servers? mystraline · 76 pts · May 05, 2026 · 57% similar
- Canonical Under Attack ta988 · 59 pts · May 02, 2026 · 55% similar
- How Cloudflare responded to the “Copy Fail” Linux vulnerability mobeigi · 92 pts · May 07, 2026 · 54% similar
- Canonical/Ubuntu have been under DDoS jtlebigot · 171 pts · May 01, 2026 · 49% similar
- Pro-Iran crew turns DDoS into shakedown as Ubuntu.com stays down ndsipa_pomu · 79 pts · May 01, 2026 · 44% similar
Discussion Highlights (19 comments)
AntonyGarand
Relevant post from last week: > Why is Cloudflare protecting the DDoS'er (beamed.st) attacking Ubuntu servers? https://news.ycombinator.com/item?id=48025001
deadbabe
They didn’t.
jpereira
This is insanely dumb. Cloudflare is providing free hosting services, not materially supporting the attacker. You can argue that cloudflare needs to be better, or adopt different values towards, taking down sites they host, but this organization could absolutely just serve elsewhere (or just advertise their services over telegram or the like). Maybe there is a point to be made about monopoly power in hosting and ddos protection. I don't really see how this blog post, or labelling it blackmail, help make that point.
luma
That'd be extortion, not blackmail. CF did neither thing.
jmuguy
It seems disingenuous to assume that CF offering some (unknown) amount of service to a malicious actor amounts to "blackmailing" someone that actor is attacking. CF could, and probably should, be better about not offering services to criminals but making a leap of logic certainly doesn't help anything.
jwitthuhn
"Renting attack capacity from [cloudflare]" is inaccurate as I understand things. That group hosts their site behind cloudflare but I have not seen anyone claim that cloudflare's infra is used for the attacks. This whole article seems conflate hosting an informational site run by the attackers and hosting the attack itself.
wood_spirit
The article puts it very succinctly: Cloudflare fronts attackers for free and bills the victims for relief. Ddos protection services can be cast as a digital protection racket where they have a perverse incentive to keep attackers attacking. “It's a dangerous internet out there; you'd better pay us to protect your website from the attackers using our free tier.” At the least, even if there is no active collusion or profit sharing or anything like that, there is not a clear side that the DDos protector service is on?
PcChip
I always assumed ubuntu was brought down to prevent ubuntu servers from patching copy.fail, so that hacking group could exploit as many targets during that time as possible
AntiUSAbah
Completly agree, cloudflare protects scammers on a huge scale and no one cares... All the faceshops I have reporeted to cloudflare, all these phising pages behind cloudflare I reported, never came down. None of them. For a company making billions, protecting people, they should take this stuff serious.
aggakake
With this kind of logic we can blame keyboard manufacturers for the illegal things their products wrote.
TZubiri
Yes. I find a similar pattern to Meta's scammer ads. Huge publicly traded companies benefitting from the illegal actions of their clients, turning a blind eye, or conveniently delaying their takedowns. Big companies need to absorb the liability of small companies, otherwise you get this delegated Sybil Good bank/Bad bank attack
anonym29
Crimeflare - proudly extorting DDoS victims and protecting criminals while building a global surveillance dragnet since 2009!
JeremyJaydan
I'm not sure how correct this is but when you upgrade your tier on Cloudflare aren't the costs basically up to Cloudflare? With the horror stories heard over the years I think a real issue is no hard pricing cap with forced shutdown. Unless that's changed? I booted them a year ago..
worik
I am curious about the existence of https://beamed.su/ The best IP Stresser service since 2022. That is one way of putting "DOS" for hire WTF does it really mean?
btilly
Hanlon's Razor applies here. "Never attribute to malice that which is adequately explained by stupidity." Pretty much anyone can get onto the free tier for Cloudflare. The fact that someone is, doesn't mean that there is a business relationship with Cloudflare. There isn't. In order to make this business model work, Cloudflare does essentially no due diligence. Getting onto the free tier before you need it, is cheap. And then if you really need them, you have every reason to start paying. Ideally you'd hope that they would allow third party takedowns. But the ability to do third party takedowns provides a target for the exact attackers that their business is trying to protect against. They wouldn't have a business if they made that a viable target! But the result of these business decisions, made for their main customer acquisition flow, makes them a tempting place to host malicious content, as well as good. Black hats make a sport out of taking each other out. And so have every reason to use Cloudflare. Still doesn't indicate a relationship between Cloudflare and the bad actors who are taking advantage of the setup.
john_strinlai
people will always be able to pick a handful of sites they think shouldnt be allowed to use cloudflare hosting services. the problem is that every person will have a different handful of sites. cloudflare should host everything and anything unless and until a lawful order is received. if they start sticking their fingers into sites and determining whether the site's content is "appropriate" or whatever, based on some sort of nebulous set of criteria, people will get (justifiably) big mad about it, guaranteed. the " renting attack capacity [from cloudflare] " should have some evidence behind it, because as far as i am aware, the attackers are not using cloudflare infrastructure for the actual attack. (its really jarring to see the general sentiment on this submission vs. the general sentiment on google submissions)
peanut-walrus
Articles like these seem to hold a weird belief that Cloudflare does not react to security reports or legal orders? From my experience, they react appropriately and relatively quickly compared to rest of the industry. Could Cloudflare be more proactive or add more friction to their signups? Yes, probably, but the reasons they have outlined for not playing internet police make sense to me. I don't think it should be a requirement to provide your credit card, phone number and a copy of your ID in order to host content on the internet...
Libre___
I dislike CFs role in the modern Internet as much as the next person, but this is a bunch of speculation trying to connect dots with no basis other than that a Canonical cert renewal happened on the same day as a company transfer. There might be somewhat of a tangential story, however, in that Njalla seems to have reorganized or changed ownership fairly recently[1], and that Njalla and immateriali.sm seem to be related entities[2] https://xn--gckvb8fzb.com/njalla-has-silently-changed-a-word... https://www.wipo.int/amc/en/domains/decisions/pdf/2026/dio20...
nijave
There's not even any proof Beamed was responsible for the attack in the article--it's all speculation. "Anonymous person on the internet claiming <thing>" is proof of nothing. It's just as likely someone claimed they used Beamed to try to get a competing service taken down or direct attention elsewhere. Don't get my wrong, Beamed looks like a scummy booter service with no legal purpose. However, claiming companies should deplatform sites based on speculation is, imo, a very dangerous precedent.