We Need to Talk About Infrastructure - EFF redefines what 'essential Internet infrastructure' is, simps for Clownflare and trashes Kiwi Farms yet again

We Need to Talk About Infrastructure​

Archive

Essential internet infrastructure should be content-neutral. These services should not make editorial decisions that remove content beyond the scope of the law. This is in part because history shows that any new censorship methods will eventually be abused and that those abuses often end up hurting the least powerful.

That’s the easy part. The hard part is defining what exactly "essential internet infrastructure," is, and to which users. We also need to recognize that this designation can and does change over time. Right now, the "infrastructure" designation is in danger of getting tossed around too easily, resulting in un-nuanced conversations at best and an unjustified cloak of protection, sometimes for anti-competitive business models, at worst.

The term “infrastructure” can encompass a technically nuanced landscape of things – services, standards, protocols, and physical structures – each of which has varying degrees of impact if they’re removed from the proverbial stack. Here’s how EFF thinks about the spectrum of infrastructure with respect to content moderation in late 2022, and how our thinking has changed over time.

Essentially Infra​

Some things are absolutely, essentially, infrastructure. These things often have no meaningful alternative, no inconvenient but otherwise available option. Physical infrastructure is the easiest type to see here, with things like submarine cables and internet exchange points (IXPs). These things make up the tangible backbone of the internet. Parts of the logical layer of the internet also sit on this far side of the spectrum of what is or is not critical infrastructure, including protocols like HTTP and TCP/IP. These components of physical and logical infrastructure share the same essentialness and the same obligation to content neutrality. Without them, the internet in its current form simply could not exist. At least not at this moment.

Pretty much Infra​

Then there's a layer of things that are not necessarily critical internet infrastructure but are essential for most of us to operate businesses and labor online. Because of how the internet functions today, things in this layer have unique chokepoint capabilities. This includes payment processors, certificate authorities, and even app stores. Without access to these things, many online businesses cannot function. Neither can nonprofits and activist groups and many, many others. The unique power that things in this layer have over public equity is too much to deny. Sure, some alternatives technically exist: things like Monero, side-loaded APKs, or root access to a web server for generating your own cert with Certbot. But these are not realistic options to recommend for anyone without significant technical skill or resources. There's no denying that when these “pretty much infra” services choose to police content, those choices can be disproportionately impactful in ways that end users and websites can’t remedy.

Not really Infra, but for some reason we often get stuck saying it is​

Then there’s this whole other layer of things that take place behind the scenes of apps, but still contribute some important service to them. These things don’t have the literal power to keep a platform’s lights on (or turn the lights off), but they provide an undeniable and sometimes important “quality of life.”

CDNs, security services, and analytics plugins are all great examples. If they withdraw service the impact can vary, but on the internet of 2022, someone dropped by one service almost always has easy-to-obtain (even if not as sleek or sophisticated) alternative solutions.

CDNs are an important example to consider: they provide data redundancy and speed of access. Sometimes they’re more vital to an organization, like if a company needs to send a one-gigabyte software update to a billion people ASAP. A web app’s responsiveness is also somewhat dependent on the reliability of a CDN. Streaming is a good example of something whose performance can be more dependent on that kind of reliability. Nonetheless, a CDN doesn’t have the lights on/off quality that other things do and only very rarely is its quality-of-life impact severe enough that it qualifies for the “pretty much infra” category we just covered. Unfortunately, mischaracterizing the infrastructural quality of CDNs is a common mistake, one we’ve even made ourselves.

EFF’s past infrastructure characterizations​

At EFF, we are deeply committed to ensuring that users can trust us to be both careful and correct in all of our advocacy. Our framing of Cloudflare’s decision to cut off service to Kiwi Farms as about “infrastructure,” in a post discussing content interventions more generally, didn’t meet that bar for 2022.

The silver lining is that it prompted us at EFF to reconsider how we approach infrastructure and content moderation decisions and to think about how today’s internet is different than it was just a few years ago. In 2022, could we applaud Cloudflare’s decision to not do business with such ghouls while also strongly supporting the principle that infrastructure needs to be content-neutral? It turns out the answer is yes, and that answer begins with a careful and transparent reconsideration of what we mean when we say “infrastructure.”

Our blog post raised concerns about “infrastructure” content interventions, and pointed to Cloudflare’s decision, among others. Yet what happened as a result of that decision is clear: shortly after Kiwi Farms went offline, they came back on again with the help of a FOSS bot-detection tool. It came at the cost of a slightly slower load time and the occasional CAPTCHA for gatekeeping authentication, but that result clearly put this situation in a “not really infra” category in 2022, even if at some earlier time the loss of Cloudflare’s anti-DDOS service might have been closer to infrastructure.

When a business like Cloudflare isn’t really crucial to keeping a site online, it should not claim “infrastructure” status (or use public utility examples to describe itself). EFF shouldn’t do that either.

Because true censorship – kicking a voice offline with little or no recourse – is what we’re really worried about when we say that infrastructure should be content-neutral. And since we’re worried about steps that will truly kick people off of the Internet, we need to recognize that what service qualifies for that status changes over time, and may even change depending on the resources of the person or entity censored.

Infrastructure matters because it is crucial in protecting expression and speech online. EFF will always stand up to “protect the stack” even if what’s in the stack can and will change over time.
---------

We Did It, Patrick! We Saved the City!​

 

[Tekken Enjoyer]

Properly speaking, cloudflare shouldn't be considered infrastructure.

DDoS attacks are crimes. They're attacks on interstate infrastructure and should be pursued as aggressively as any other infrastructure. Pirate radio, robbing trains, postal fraud, all of them will get you seriously fucked up by the feds. This should be no different.

If the EFF wants to make the argument that private DDoS protection is analogous to having private security (ie it's a "nice to have" until the police themselves take over), that's fine. But to argue that honestly, they need to also push harder for more federal enforcement of internet crime laws.

We need to see more people doing (or paying for) DDoS attacks arrested.

I know they just raided those DDoS services recently, which is a good start, but until I see the trannies paying for them in bracelets, I won't be satisfied that DDoS protection isn't essential infrastructure for running a controversial site at scale.

What you're not considering is that it's probably the federal government themselves doing the DDoSing or at the very least they're aware of it and purposely allow it to happen as long as it's done against their enemies. Similar to how they won't do shit about troons literally threatening IT companies' families until they drop KF as a client. Similar to how they didn't do shit about the mostly peaceful protests during the summer of love. Why work against the people that are actively pushing your cause?

 

[ロボ﹏§¤r﹏h¶rœ]

Properly speaking, cloudflare shouldn't be considered infrastructure.

DDoS attacks are crimes. They're attacks on interstate infrastructure and should be pursued as aggressively as any other infrastructure. Pirate radio, robbing trains, postal fraud, all of them will get you seriously fucked up by the feds. This should be no different.

If the EFF wants to make the argument that private DDoS protection is analogous to having private security (ie it's a "nice to have" until the police themselves take over), that's fine. But to argue that honestly, they need to also push harder for more federal enforcement of internet crime laws.

We need to see more people doing (or paying for) DDoS attacks arrested.

I know they just raided those DDoS services recently, which is a good start, but until I see the trannies paying for them in bracelets, I won't be satisfied that DDoS protection isn't essential infrastructure for running a controversial site at scale.

If they do not consider DDoS protection 'an essential service', their own website should not use such a service either - why should people's donations be spent on redundant, frivolous shit like this?