We were notified by a Tilde.club user that the Cloudflare network was
used to host a copied version of the Tilde.club website, with the goal
of promoting a crypto marketplace. This is obviously undesirable, so we
are looking at how to best deal with situations like this.

In theory anyone can host a copy of the Tilde.club website on the
internet. The Cloudflare network makes this a little bit easier since
their network offers a reverse proxy service. This service is normally
used by legitimate websites to create a fast cached version of their
contents to serve to visitors. Cloudflare is the largest provider of
these types of services globally, and handles up to 20% of all traffic.

The Tilde user that notified us has contacted Cloudflare support, but
deemed that action to take down the copy was not taken in a timely
fashion. This has moved us to ban the entire Cloudflare IP-subnet from communicating with Tilde.club. This is a drastic measure that may not be desirable going forward, also considering we encountered a single
offending copy of our website.

Questions we want to consider as a community are:

- How should we deal with situations like this in general, and do we
need to deal with them actively?
- Should we ban entire parts/subnets of the internet when they don't
comply swiftly enough in taking action against bad actors?
- If the answer is yes, how long should a network have to respond, and consequently take action against said actors?
- If the answer is yes, how long should a full network/subnet ban be
kept in place?
- If the answer is yes, do we treat all networks the same? This could
mean that even larger internet subnets like ones from Google, Amazon etc
could be banned if they don't respond swiftly enough. These networks
take care of large portions of the global internet traffic. Cloudflare
is a part of this internet backbone as well.

Options that we have:

[ ] Don't take action, this is part of how the internet works and free
and open access is important. While the situation is undesirable, anyone
can copy another website for their own personal goal or gain.
[ ] Contact support of a network (Cloudflare/Google/Amazon etc) in case
an offense is detected, ask them to take measures and keep pressuring
them until there is a resolution.
[ ] Contact support of a network and ban the entire network if they
don't respond or act quickly enough (this could mean banning millions of IP-addresses from reaching Tilde.club).
--- Synchronet 3.20a-Linux NewsLink 1.2

Hooboy. This is going to be a 'fun' one. I regret that this has
happened and that staff are having to deal with it.

We were notified by a Tilde.club user that the Cloudflare network was
used to host a copied version of the Tilde.club website, with the
goal of promoting a crypto marketplace. This is obviously
undesirable, so we are looking at how to best deal with situations
like this.

Not only does it reflect poorly on you it reflects poorly on the wider community, because... No. Just. No. crypto might MAYBE theoretically
have uses, but right now it's just used for scams.

Questions we want to consider as a community are:

- How should we deal with situations like this in general, and do we
need to deal with them actively?

I am of the opinion active response is nessicary to prevent slow
erosion and enshittification.

- Should we ban entire parts/subnets of the internet when they don't
comply swiftly enough in taking action against bad actors?

I do not like this as an option as it could end up at a point where it
starts destroying legitimate user's ability to access. However... If
the person in charge refuses to act, something does need to be done. So
I'd be of a mind to keep that as a 'last resort' option.

- If the answer is yes, how long should a network have to respond,
and consequently take action against said actors?

One month (thirty days,) is plenty of time to give notice and have
dialogue. In my opinion.

- If the answer is yes, how long should a full network/subnet ban be
kept in place?

Escilating on number of violations. One week (which may well cause
spammers to abandon the subnet,) One Month, Ninty Days, etc.

- If the answer is yes, do we treat all networks the same? This could
mean that even larger internet subnets like ones from Google, Amazon
etc could be banned if they don't respond swiftly enough. These
networks take care of large portions of the global internet traffic. Cloudflare is a part of this internet backbone as well.

I want to say yes, but I don't know enough to make the call. I don't
like the thought of 'oh hey if it's from a big corp trust it beyond any capability of retaliation' but at the same time... taking a chainsaw to
the big pipes could very well hurt legitimate users.


--- Synchronet 3.20a-Linux NewsLink 1.2

On 2025-01-25, deepend <deepend@tilde.club> wrote:

Options that we have:

[ ] Don't take action, this is part of how the internet works and free
and open access is important. While the situation is undesirable, anyone
can copy another website for their own personal goal or gain.
[ ] Contact support of a network (Cloudflare/Google/Amazon etc) in case
an offense is detected, ask them to take measures and keep pressuring
them until there is a resolution.
[ ] Contact support of a network and ban the entire network if they
don't respond or act quickly enough (this could mean banning millions of IP-addresses from reaching Tilde.club).

Regarding the options I go for the first,

[X] Don't take action, this is part of how the internet works and free
and open access is important. While the situation is undesirable, anyone
can copy another website for their own personal goal or gain.

--- Synchronet 3.20a-Linux NewsLink 1.2

Contact support of a network (Cloudflare/Google/Amazon etc) in
case an offense is detected, ask them to take measures and pressure
them.

And, this is also part of how the internet works and free and open
access is important. While the situation is undesirable, some websites licensing allows copying the website.

Do notify the responsable authorities, agencies, companies, networks.
--- Synchronet 3.20a-Linux NewsLink 1.2

deepend <deepend@tilde.club> writes:

We were notified by a Tilde.club user that the Cloudflare network was used to host a copied version
of the Tilde.club website, with the goal of promoting a crypto marketplace. This is obviously
undesirable, so we are looking at how to best deal with situations like this.

In theory anyone can host a copy of the Tilde.club website on the internet. The Cloudflare network
makes this a little bit easier since their network offers a reverse proxy service. This service is
normally used by legitimate websites to create a fast cached version of their contents to serve to
visitors. Cloudflare is the largest provider of these types of services globally, and handles up to
20% of all traffic.

[...]

[ ] Don't take action, this is part of how the internet works and free and open access is
important. While the situation is undesirable, anyone can copy another website for their own
personal goal or gain.
[ ] Contact support of a network (Cloudflare/Google/Amazon etc) in case an offense is detected, ask
them to take measures and keep pressuring them until there is a resolution.
[ ] Contact support of a network and ban the entire network if they don't respond or act quickly
enough (this could mean banning millions of IP-addresses from reaching Tilde.club).

I would recommend option #2, and in particular make it a formal DMCA
takedown. There is no copyright statement on the main ~club pages, which
means the content is offered with all rights reserved and this is not
just annoying but copyright infringement.

Individuals' tildepages could have their own licenses, but the main site
is clearly not permitting copying. My 2 cents.
--- Synchronet 3.20a-Linux NewsLink 1.2

"W. Greenhouse" <wgreenhouse@tilde.club> writes:

deepend <deepend@tilde.club> writes:

We were notified by a Tilde.club user that the Cloudflare network was
used to host a copied version of the Tilde.club website, with the
goal of promoting a crypto marketplace. This is obviously
undesirable, so we are looking at how to best deal with situations
like this.

In theory anyone can host a copy of the Tilde.club website on the
internet. The Cloudflare network makes this a little bit easier since
their network offers a reverse proxy service. This service is
normally used by legitimate websites to create a fast cached version
of their contents to serve to visitors. Cloudflare is the largest
provider of these types of services globally, and handles up to 20%
of all traffic.

[...]

[ ] Don't take action, this is part of how the internet works and
free and open access is important. While the situation is
undesirable, anyone can copy another website for their own personal
goal or gain.

[ ] Contact support of a network (Cloudflare/Google/Amazon etc) in
case an offense is detected, ask them to take measures and keep
pressuring them until there is a resolution.

[ ] Contact support of a network and ban the entire network if they
don't respond or act quickly enough (this could mean banning millions
of IP-addresses from reaching Tilde.club).

I would recommend option #2, and in particular make it a formal DMCA takedown. There is no copyright statement on the main ~club pages, which means the content is offered with all rights reserved and this is not
just annoying but copyright infringement.

Individuals' tildepages could have their own licenses, but the main site
is clearly not permitting copying. My 2 cents.

With this new fact coming to my knowledge, I also support this W.
Greenhouse stand.
--- Synchronet 3.20a-Linux NewsLink 1.2

With this new fact coming to my knowledge, I also support this W.
Greenhouse stand.

+1 this sentiment.

--- Synchronet 3.20a-Linux NewsLink 1.2

Andrew Singleton <singletona082@ctrl-c.club> wrote:

With this new fact coming to my knowledge, I also support this W.
Greenhouse stand.

+1 this sentiment.

If a voice from ~institute counts, add my +1 too.
--
I do not bite, I just want to play.
--- Synchronet 3.20a-Linux NewsLink 1.2

I don't know what to say, but i don't want tilde.club to start banning ip addresses.

--- Synchronet 3.20a-Linux NewsLink 1.2

Ben Cartwright <cartwright@tilde.club> writes:

I don't know what to say, but i don't want tilde.club to start banning
ip addresses.

That's understandable. On a personal note, though, I gotta say I banned
a lot of IP addresses recently. I had a huge log of ssh login failures
and now I have zero failures. :)
--- Synchronet 3.20a-Linux NewsLink 1.2

In that case is would be alright

On Fri, 31 Jan 2025, Caden Kray wrote:

Ben Cartwright <cartwright@tilde.club> writes:

I don't know what to say, but i don't want tilde.club to start banning
ip addresses.

That's understandable. On a personal note, though, I gotta say I banned
a lot of IP addresses recently. I had a huge log of ssh login failures
and now I have zero failures. :)

--- Synchronet 3.20a-Linux NewsLink 1.2