CloudFlare Teams Up With 15 NGOs To Protect Citizen Journalists And Activists From DDoS Attacks

A lot of political speech now happens online, but that also makes it very vulnerable to DDoS attacks from those who don’t agree with a given viewpoint. Many of these sites are hosted by individual journalists (and citizen journalists, if you want to make that distinction) and artists, who likely don’t have the infrastructure and knowledge to protect themselves against these attacks.

To help keep these sites operating, online security and CDN service CloudFlare today announced Project Galileo, a partnership with 15 NGOs to help it identify and protect sites around the world that are under attack. These NGOs include the Access, ACUL, the Electronic Frontier Foundation (EFF), the Center for Democracy and TechnologyMozilla, the Committee to Protect Journalists and the Freedom of the Press Foundation.

Among the sites already protected by the project are minority-rights organizations, LGBT groups in Africa and the Middle East, global citizen journalists and independent media outlets in the developing world. These sites will get the same protection as CloudFlare’s enterprise users.


As CloudFlare CEO and co-founder Matthew Prince told me earlier this week, the team was already monitoring for these kinds of attacks on what are mostly users of the CloudFlare’s free tier.

Whenever it notices an attack on a site that seemed to be getting targeted for political reasons, it tried to keep it up as long as possible. Because the service only allocates a certain amount of its resources to its free users, though, some attacks became so large that some of these sites had to be pushed off the service or the attacks would have overwhelmed the company’s systems (CloudFlare obviously doesn’t do this for its paying users).

Sometimes, however, the service’s engineers who monitor its network weren’t able to determine whether a site was actually political in nature. A few months ago, during the protests in Ukraine, for example, CloudFlare kicked a journalists’ site off the network during an attack because the on-call engineer misinterpreted the nature of the site.

“We had bullies censor important journalism because we didn’t recognize the importance of it,” Prince noted. “But it’s also impossible to expect that somebody who is an ops guy is also a multi-lingual political scientist.”

So to prevent this from happening again, the company decided to team up with a wide variety of NGOs that can help it identify sites under attack and that now have a direct line to CloudFlare. The company is giving them some basic education in detecting these kind of attacks, too.

The criteria for being included in the program are pretty straightforward, Prince said: Sites have to be nonprofit or small for-profit entities. CloudFlare, after all, remains a business that partially focuses on DDoS mitigation, so larger entities will have to pay for its services. The obviously also have to be either engaged in new gathering or in political or artistic speech.

As Prince stressed when I talked to him, the idea here is to not take sides. “We didn’t want the political beliefs of the people at CloudFlare to decide what deserves protection,” he said. Because of this, the criteria for which sites to protect have nothing to do with the content of the speech on them.

“We recognize and understand that this can put us in a situation where we protect speech that we find abhorrent,” Prince said, but at the same time, he believes that this is squarely within the tradition of free-speech protection. “Both sides have the right to speak and the organization with the most resources shouldn’t be able to shut down either side of the discussion,” he told me. “Anybody can put content online, but unless you have a giant network, you can’t really defend yourself against these attacks.”

Many of the attacks that CloudFlare is currently seeing have the signature of state-sponsored attacks, though it’s generally impossible to provide absolute proof for this.