> Cloudflare follows the standard industry practice followed by virtually all domain registrars of blocking the transfer out of domains deleted for what appears to be potentially malicious purposes.
The problem here is the entire process is opaque. Obviously your process can have false positives, so why should anyone trust the "standard industry practice" is being followed for domain deletion? Plus, IMHO "standard industry practice" is a term that gets dragged out to describe subjective policies and measures that can't be quantified or explained easily.
> In those cases, we typically take steps to notify the account holder so that they can contest the determination if appropriate.
The thing that's problematic here is "typically". Maybe that's just wording to indicate that it's not always possible, but you always make an attempt (?). If so, say that. For me, the frustrating part is that I don't know the rules, so I can't adequately evaluate the risk of being banned. I can't have a contingency plan either because there are no guarantees. If the OP's story is even close to accurate, I think it's safe to say anything can get you banned due to a false positive and that scares me.
Even if you feel like you can't make the detection systems transparent, which I can understand, it would make a big difference if people could understand what the process is after an account is flagged. Why should I invest in development that targets Cloudflare's platform if I can be banned on a whim without any communication? Why doesn't my side of the deal get any guarantees?
I don't agree with instant blocking of any accounts, even the free ones, but I can understand the free accounts likely create challenges I can't even begin to hypothesize about.
That said, I don't think you're seeing the other side when it comes to instant blocking of services. I've dealt in the small business space a lot and the difficulty there is that a tiny, low priority issue for you, like blocking a small account, can be hugely detrimental to a small business. I've dealt with some small family run businesses where they own short domains that would be instantly squatted on upon deletion and the cost of recovering them would be significant in relation to their annual income.
Personally, I'd like to have some clear rules and guarantees surrounding account termination. Let me set one or more emergency contacts for my account and give me a clear timeline for attempts to reach out to those contacts before taking action on my account. And I'm not talking about some legalese buried on page 20 of the ToS. Put it in the control panel next to my contacts. If you can't give me any guarantees on a free account, that's fine, just say so up front and tell me what I need to do or pay to get to the point where my service won't be terminated by a robot.
I was really, really disappointed to see the OPs situation because I totally bought the mantra of Cloudflare wanting to make the internet a better place and I don't think you're doing that by being another "also ran" in the context of treating your users like they're disposable. Maybe I was just being naïve and overly optimistic because big tech treats everyone so badly that I wanted to believe there was truly someone out their trying to be on the side of the average user / developer.
The most disappointing part is that I think Cloudflare's strategy of targeting underserved markets has the potential to pay off more than people realize. I tried out Pages/Functions with a SvelteKit project (+ adapter) a while ago and it's the first time in years that I've actually been excited about something technology related because I can see the potential it has to give small developers a platform to capture the low end of underserved markets without having to worry about massive cost overruns or the complexity of managing infrastructure where time spent comes at the cost of forgoing something else.
I have a project I'd like to start building this year and I've been contemplating trying to do everything on Cloudflare. Now I'm thinking I should re-evaluate that idea and build it on DigitalOcean or AWS and use Cloudflare as an intelligent cache that's disposable if needed.
Why should I trust Cloudflare any more than I trust the other big tech companies where everyone is at risk of being banned by a robot in an instant?
Why do they think they have the right to kill domains that people have entrusted them with their custodianship? I don't understand why they have to set any domain to pendingDelete status, short of a court order. It sounds like something ripe for abuse. I don't see what the benefit of overzealous deletion is. If they think a domain is malicious they want to stop it they can simply disable it via NS records without actually deleting it for the remainder of the contract payment cycle. People shouldn't have to live in fear that their domain might randomly be deleted with no recourse. Perhaps new legislation is necessary to protect people's domains from random registrar deletion.
The problem here is the entire process is opaque. Obviously your process can have false positives, so why should anyone trust the "standard industry practice" is being followed for domain deletion? Plus, IMHO "standard industry practice" is a term that gets dragged out to describe subjective policies and measures that can't be quantified or explained easily.
> In those cases, we typically take steps to notify the account holder so that they can contest the determination if appropriate.
The thing that's problematic here is "typically". Maybe that's just wording to indicate that it's not always possible, but you always make an attempt (?). If so, say that. For me, the frustrating part is that I don't know the rules, so I can't adequately evaluate the risk of being banned. I can't have a contingency plan either because there are no guarantees. If the OP's story is even close to accurate, I think it's safe to say anything can get you banned due to a false positive and that scares me.
Even if you feel like you can't make the detection systems transparent, which I can understand, it would make a big difference if people could understand what the process is after an account is flagged. Why should I invest in development that targets Cloudflare's platform if I can be banned on a whim without any communication? Why doesn't my side of the deal get any guarantees?
I don't agree with instant blocking of any accounts, even the free ones, but I can understand the free accounts likely create challenges I can't even begin to hypothesize about.
That said, I don't think you're seeing the other side when it comes to instant blocking of services. I've dealt in the small business space a lot and the difficulty there is that a tiny, low priority issue for you, like blocking a small account, can be hugely detrimental to a small business. I've dealt with some small family run businesses where they own short domains that would be instantly squatted on upon deletion and the cost of recovering them would be significant in relation to their annual income.
Personally, I'd like to have some clear rules and guarantees surrounding account termination. Let me set one or more emergency contacts for my account and give me a clear timeline for attempts to reach out to those contacts before taking action on my account. And I'm not talking about some legalese buried on page 20 of the ToS. Put it in the control panel next to my contacts. If you can't give me any guarantees on a free account, that's fine, just say so up front and tell me what I need to do or pay to get to the point where my service won't be terminated by a robot.
I was really, really disappointed to see the OPs situation because I totally bought the mantra of Cloudflare wanting to make the internet a better place and I don't think you're doing that by being another "also ran" in the context of treating your users like they're disposable. Maybe I was just being naïve and overly optimistic because big tech treats everyone so badly that I wanted to believe there was truly someone out their trying to be on the side of the average user / developer.
The most disappointing part is that I think Cloudflare's strategy of targeting underserved markets has the potential to pay off more than people realize. I tried out Pages/Functions with a SvelteKit project (+ adapter) a while ago and it's the first time in years that I've actually been excited about something technology related because I can see the potential it has to give small developers a platform to capture the low end of underserved markets without having to worry about massive cost overruns or the complexity of managing infrastructure where time spent comes at the cost of forgoing something else.
I have a project I'd like to start building this year and I've been contemplating trying to do everything on Cloudflare. Now I'm thinking I should re-evaluate that idea and build it on DigitalOcean or AWS and use Cloudflare as an intelligent cache that's disposable if needed.
Why should I trust Cloudflare any more than I trust the other big tech companies where everyone is at risk of being banned by a robot in an instant?