CloudFlare, Project Galileo aim to protect online free speech against DDoS attacks

Protecting free speech on the back end.


Aaron Sankin


Posted on Jun 12, 2014   Updated on May 31, 2021, 3:38 am CDT

Distributed denial of service (DDoS) attacks are generally considered the lowest form of hacking—if you can even call it that. This breed of cyberattack is basically when someone barrages a site’s servers with so much illegitimate traffic that the site is no longer able to respond, effectively taking it offline. While the specific type of DDoS attacks vary on a technical level, many are relatively easy to execute—even by people without a ton of technical knowledge.

But here’s the thing: They work.

Just this week alone, DDoS attacks have successfully taken down the RSS service Feedly, productivity app Evernote, and over 60 website affiliated with the 2014 World Cup in Brazil, among unnumbered others.

Protecting websites against DDoS attacks is what San Francisco-based company CloudFlare does on a daily basis. And now, the company is offering its DDoS-protection service free of charge to citizen journalists, nonprofit groups, and artists in danger of having their voices silenced.

This offer is part of a program launched this week called Project Galileo, which lets groups from all over the world apply to receive free DDoS protection from CloudFlare. In a blog post on the company’s website, CloudFlare CEO Matthew Prince laid out the criteria for which type of groups would qualify:

  • They are engaged in news gathering, civil society, or political/artistic speech;

  • They are subject to online attacks related to their news gathering, civil society, or political/artistic speech;

  • They are not-for-profit organizations or small commercial entities; and

  • They act in the public interest, broadly defined.

‟Over the last few years, we’ve witnessed a troubling trend: An increasing number of politically or artistically important sites targeted by very large denial of service attacks,” wrote Prince. ‟Often these attacks appear politically motivated—going after, for instance, citizen journalists reporting on government corruption. The promise of the Internet is that it is a great leveler—that anyone with an idea can reach a global audience. These attacks threaten that promise.”

Prince insists that Project Galileo, named after the Italian astronomer imprisoned by the Catholic Church for supporting the idea that the Earth revolved around the Sun, would remain content neutral and protect websites regardless of the specific ideologies of the groups behind them. To this end, the company has outsourced the decision of which sites should quality for protection to a coalition of NGOs, like the Electronic Frontier Foundation, the American Civil Liberties Union, and the Freedom of the Press Foundation.

‟As we’ve seen in the past, news organizations are most often at risk from DDoS attacks,” Freedom of the Press Foundation Executive Director Trevor Timm told Slate. “Governments or third-party actors can attack a website to censor it when they could never have done so via the courtroom. This most notably happened to WikiLeaks, but many other smaller sites have been affected at various times as well. Protecting at-risk journalists around the world from this type of extrajudicial censorship will undoubtedly be beneficial to free speech.”

Prince writes that CloudFlare doesn’t intend to publish a list of the groups participating in Project Galileo, but he gave a few hypothetical examples about what types of organizations he envisioned joining—from LGBT advocates in the Middle East to groups monitoring deforestation in Malaysia to news organizations reporting on the Syrian civil war.

Project Galileo isn’t the first time CloudFlare has provided DDoS protection for a controversial group. In 2011, the irreverent hacker group LulzSec purchased CloudFlare protection for its website and publicly praised the service for keeping its servers afloat despite considerable efforts to take it down.

“If I had my choice of a marquee client to show off the abilities of our service, this is certainly not who I would have chosen,” Prince told All Things D at the time, although he admitted the publicity from LulzSec’s endorsement did result in a bump in business.

Google has offered a similar, free DDoS protection service for civic-minded NGOs aimed at combatting online censorship called Project Shield for nearly a year, but it hasn’t attracted an outsize amount of attention.

A 2012 survey of some of the world’s largest Internet infrastructure firms found that politics, rather than criminality, are behind the vast majority of DDoS attacks. Over 90 percent of the companies surveyed said they experienced at least one DDoS attack each month. ‟Political and ideological” motivations were reportedly responsible for 35 percent of the attacks and, coming in second place, simple ‟vandalism” was behind another 31 percent.

Photo via Average Jane/Flickr (CC BY 2.0)

Share this article
*First Published: Jun 12, 2014, 7:44 pm CDT