Fuck CloudFlare – I don’t like monopolies or monopolike.
Cloudflare is a business. Businesses protect their profits. Online casinos are scams subject to regular massive DDOS by their scumbag competitors and by people who want them shut down. Cloudflare wasn’t going to eat that loss anymore so they kicked them to the curb to save money. Also the time frame wasn’t 24 hours. More like a month. This makes me suspect the scamming casino’s story more.
Cloudflare as a business provides DDOS protection. If they kick out those who get ddos’s, what’s their value? (Sure, WAF etc. but you get the point).
Also, as much as casinos are ethically questionable, they are also business. Very regulated businesses even (while tech is kind of a Wild West).
And insurances provide monetary compensation until you become a common liability, too high to be covered by any sort of fee. DDOS protection is just the same. It’s only feasible if it happens rarely, like they usually happen. However if it’s a common occurrence it will just eat up the profits made by the fees and then some, which just is stupid to do in any case.
It’s a completely different thing. DDoS protection is not like insurance. Insurance is putting monetary value on a risk and paying off if that risk materialises. DDoS mitigation is a set of technical measures that are implemented. Most of the DDoS protections are features which are implemented (e.g., when the traffic is more than X, require captcha for all requests). It doesn’t have any marginal cost for the provider.
And you can argue the same for the network infrastructure. Once you have the bandwidth, as long as it’s not saturated it is a waste letting it idle.
So I really don’t see how even being under DDoS every day can “eat up your fees”. Maybe you can elaborate?
I should have elaborated on it a bit more, my bad.
While it’s true that DDoS is more of an active technology rather than a CYA thing. It does however also act as insurance when it comes to the “blame game”: if your site goes down it’s not your fault but the provider’s fault, meaning you might be able to recoup lost profits through a lawsuit.
Of course the only way to avoid this for the provider is to provide better and stronger systems, which normally would grow homogenous through more customers and/or growing fees for all customers, which would pay for better capacity and stronger protection by itself.
However here we have a client that is a high value target that others might want to take down at all costs. Even if they didn’t sue, a strong enough attack might, alongside naturally expected DDoS on other clients, not only take down this customer’s server, but others as well, which really isn’t something you want, for the reasons stated above. And rapidly increasing security could be not worth it, as it could devolve into an arms race by proxy with a high risk of the customer leaving if you raise their fees to much, leaving you with a system which’s maintenance will now dig into your profits due to a lost big income stream, or make other customers leave if you raise the general fee.
To be honest, I have never even heard of anybody who sued a service provider for failing to mitigate DDoS, or for letting an attack through a WAF, etc. I am quite positive that the contracts/T&C you sign when you subscribe to the services are rock solid, otherwise cloudflare would be under extreme liability. Also, usually you have the ability to customize the DDoS settings, choose thresholds etc. I really can’t imagine a company having any real chance of getting the provider to reimburse you. The only service that usually has SLA is the uptime of the CDN, which if breached should be compensated. I am quite sure that in the cheap plans the SLA is probably not very high.
Also, what you say about a customer that someone might want to take down is true for all customers that require DDoS protection. If they didn’t, they wouldn’t pay for the service on the first place. Cloudflare serves a bazillion customers who are much bigger targets than a casino, I don’t think they were afraid of the exposure. Also, when cloudflare receives a high DDoS attack, for them is awesome marketing. Imperva, Akamai, Cloudflare are basically identical and the selling point is exactly “how big can they tolerate?”.
Honestly rather than speculating on what we don’t know, I propose a simpler option: cloudflare plans are designed to get customers one foot in the door with a super cheap plan, to them each individual customer has basically no marginal cost. However, once the customers are in they can identify the ones they can squueze and find reasons to push more expensive plans. If they bump 1/30 of them, even if they other 29 will leave, they are in plus (250x29 < 10000 x 1).
To me this seems simply a business strategy. They specifically say “Unlimited & unmetered DDoS attack mitigation” in the cheapest plan, afterall.
Comparing Cloudflare to insurance companies is not how you’ll convince me they’re not acting like jerks lol
I don’t want TP convince anyone they are not like jerks, but rather highlight why a corporation would do something like this to a (most likely) lucrative client.
Both can be true?
I won five grand from an online casino in 2001, and they not only paid me my winnings, they also included an extra $262 in comps for having bet aggregately over a quarter of a million dollars. That money went a long way for my early-20s ass. Paid off a credit card and bought a new mattress for me and my new wife.
When Full Tilt Poker got shut down by the DOJ, though, I was sort of okay with it. There were waaaaay too many action flops for those hands to have been truly randomized.
Gambling ruines lifes. Just because people can get their win does not mean it should be defended in any case. These casinos intentionally make people addicted, causing so much suffering and death.
Why are online casinos bad? I don’t understand this pervasive need some people have to force their way of life on others and take away their agency over their own lives. It comes off to me as some kind of superiority complex. “They’re too stupid to make their own decisions, I know better what’s best for them, I must protect them from themselves”.
Why are online casinos bad?
How can players be sure they are honest?
I must protect them from themselves.
People should be protected from scammers with fake (always lose) casinos.
How can players be sure they are honest?
At the bottom of each gambling sites usually there are the banners for the license(s) the company holds. Complying with licenses (e.g., Maltese) ensures that the due paperwork (i.e., proving that Casino games are functioning according to their certification) is taken care of. So yes, national gambling authorities usually are the ones who protect people from scammers.
“functioning according to their certification” doesn’t prove to me that they aren’t shaving the odds or injecting sneaky code into the process. I have to trust in the technical ability of the regulators.
Also, I could write “regulated by the Maltese” on the bottom of any website, it doesn’t make it true.
They can’t add sneaky code to the process (without getting caught). For sensitive game code every single change needs to be tracked and reviewed by the authority. You get audited at least once a year, and then all the changes are reviewed. Authorities outsource the job for the technical reviews to specialized companies.
Also, what’s the point? The games already provide a margin to the host, why risking to go out of business for such an irrelevant gain (a few more %)? Add to this that usually casino games writers do just that, write games and sell those to N casinos. So the incentive for the casino games writers are even smaller.
Finally, yes you can write “license X”, but you can cross-check that information from the regulator itself, you don’t need to trust just the line on the site. The point is you as a customer can choose a trustworthy site, ideally one who is licensed in countries where regulations are quite tight (in Europe I would say Denmark), before putting your money somewhere.
At some point you need to trust “someone”, that’s how the whole world works. The gambling authorities are no different than the authorities that enforce the safety certifications for electrict equipment, or cars, or whatever.
If your concern is that you would lose money on casino games because the site rigged it, it’s a relatively silly concern. You will lose because the casino games are designed to make you lose in the long term, on average.
They can’t add sneaky code to the process (without getting caught).
That means that people have to check
For sensitive game code every single change needs to be tracked and reviewed by the authority. You get audited at least once a year, and then all the changes are reviewed. Authorities outsource the job for the technical reviews to specialized companies.
Or just ignore that and publish whatever you like.
why risking to go out of business for such an irrelevant gain
Why spend money to meet regulations?
Finally, yes you can write “license X”, but you can cross-check that information from the regulator itself, you don’t need to trust just the line on the site.
How many users actually do this? A very low percentage.
point is you as a customer can choose a trustworthy site,
The point is that many don’t.
If your concern is that you would lose money on casino games because the site rigged it, it’s a relatively silly concern.
Not really. It’s one of the reasons why online casinos can be bad.
The question was what is “wrong with online casinos”. So I gave an example. Others include money laundering, exploitation of addiction, exploitation of stupidity, waste of resources, tax evasion etc .
Have you ever made a single transaction online paying with your credit or debit card? How do you know the site didn’t steal or misuse your information?
The answer is that storing, transmitting or processing card data requires you to be PCI-DSS compliant, which is a very strict standard. If you get caught violating that you are out of business and fined in the abyss, which is a much bigger risk than stealing john doe’s pennies.
Sorry but from what you are saying it seems you simply don’t understand how compliance works.
That means that people have to check
And that is why you have at least annual audits (for each license, plus AML, plus other stuff), and why you need to present the whole chain of changes that happened to sensitive code.
Why spend money to meet regulations?
Because if you get caught not doing that you lose access to whole markets at once and get fined. There is no economic incentive as complying doesn’t cost nearly as much. Specifically, I told you that casino game makers are generally not casinos, they are software houses. So they can’t care less about rigging the games, their revenue comes from companies paying for using their games. Casinos also don’t care of rigging games because games are designed to leave them a certain margin anyway, so why doing it?
The point is that many don’t.
And that’s why national regulations are generally a safe umbrella. If you see a website (through advertisements) that means that website is allowed locally and already met the national regulations.
If you are in a non regulated country then you will need to do a tiny bit of research. You are putting money on a site, after all (you should do the same for everything you do online).
The question was what is “wrong with online casinos”. So I gave an example. Others include money laundering, exploitation of addiction, exploitation of stupidity, waste of resources, tax evasion etc
Yes, you gave examples based on your own speculations. It’s clear you have no idea how the industry works. Money laundering is something international law covers and is extremely tightly controlled, tax evasion is also completely insane for online businesses, because every transaction has a trail and there are tight regulations about what you need to report for every country where you operate. Exploitation of stupidity, sure. Some also exploit addiction, regulations exist for that too, and for some businesses addicts are terrible customers.
Question: what exactly is your experience with the gambling business?
Because to me it seems you are making stuff up or basing your statements on movies about gambling and oeganised crime, while the reality is much simpler: companies get money simply by having active users on their sites. Quantity is the name of the game.
How do you know the site didn’t steal or misuse your information?
Exactly. Scam websites can be casinos or shops or anything.
You are vehemently defending the “legitimate” casino industry whereas I am saying it’s easy to create scam casinos.
Yes, you gave examples based on your own speculations. It’s clear you have no idea how the industry works.
I know well how it works.
Money laundering is something international law covers and is extremely tightly controlled, tax evasion is also completely insane for online businesses, because every transaction has a trail and there are tight regulations about what you need to report for every country where you operate.
Casinos, on and offline, are excellent ways to launder. The amount of regulations trying to mitigate this risk proves my point.
Exploitation of stupidity, sure.
Glad we agree here.
Some also exploit addiction, regulations exist for that too, and for some businesses addicts are terrible customers.
Not for casinos. Gambling addiction is a casino’s main business. Why are there no windows in Vegas?
Question: what exactly is your experience with the gambling business?
Betfair, betfred, bet356, Ladbrokes etc.
Exchanges for sports and real life events I have little problem with.
I only have probems with sites that scam people with flashing lights and random number generators.
Quantity is the name of the game.
Yes. Online you can scam many more people with fake roulette tables.
I was reading the blog post by the casino’s tech person and kept thinking to myself, “this is a casino; they may not be the most reliable narrator”. That said, CF was also stupid slow on taking down kiwi and stormfront, so they’re not great either.
Both of them suck and this whole thing is amusing to me. Hopefully this will serve to improve CF’s behaviour.
reminder that cloudflare routinely works with white supremacist and other hate sites to protect them and have most recently refused to stop hosting kiwi farms, as they were doxxing and threatening trans people
THIS MESSAGE (MATERIAL) CREATED AND (OR) DISTRIBUTED WITH PURPOSE OF HATE AND (OR) ENCOURAGING HATE.
You forgot to put it.
I heavilt dislike cloudflare, but this is not valid reason to hate them.
They don’t “work with white supremacists”. They try to self-polish the tremendous power the have, seeking neutrality in most cases.
