Note that Cloudflare protects ISIS sites. And after the Paris terror attacks that killed 130 people, they urged people to let tempers cool before letting the reaction compromise tech companies.
(two of ISIS’ three forums in 2015 were guarded by Cloudflare)
Prince said that he recognized that tempers were high in the wake of Friday's Paris atrocity, but explained that we'd been here before and it's important that Europeans learn from America's mistakes.
"My European friends were very quick to criticize the US post-9/11 because of the Patriot Act," he explained. "There were plenty of people who said that you can't trust any US tech firm because of it. I have a feeling now that Europe will have its own reactionary reaction, and then EU companies won't be trusted."
Prince wrote: “A website is speech. It is not a bomb. There is no imminent danger it creates and no provider has an affirmative obligation to monitor and make determinations about the theoretically harmful nature of speech a site may contain …
“If we were to receive a valid court order that compelled us to not provide service to a customer then we would comply with that court order. We have never received a request to terminate the site in question from any law enforcement authority, let alone a valid order from a court.”
They also apparently protect malware exploit kits, sites selling stolen credit cards, spammers, and DDoS-for-hire services. When they pick and choose what they protect, it seems sketchier that they protect DDOS-for-hire websites that drum up business for Cloudflare's DDOS-mitigation services.
There's good reason for their former extreme neutrality. They're not the original host of anything, they're supposed to be a dumb pipe more akin to the role played by ISPs. As they describe it:
Cloudflare is more akin to a network than a hosting provider. I'd be deeply troubled if my ISP started restricting what types of content I can access. As a network, we don't think it's appropriate for Cloudflare to be making those restrictions either.
Actual crimes are shut down at the host, not some network intermediary. Cloudflare's protection is only really relevant if someone else is committing a crime to DDOS the site.