If you’ve ever used the Internet, you’ve visited a site protected by Cloudflare. The San Francisco tech giant provides a range of online services, perhaps the most critical being protection from malicious “distributed denial of service” (DDoS) attacks that can cripple websites. Unfortunately, Cloudflare also extends these services to the websites of neo-Nazis, white supremacists, and even internationally sanction-designated organizations like the Taliban and Hamas, allowing them to spout and spread their hateful and dangerous material. CEP has written to Cloudflare four times alerting them to this phenomenon, including today’s letter highlighting its provision of services to the neo-Nazi website Stormfront.org. Unfortunately, Cloudflare persists in serving extremist sites, justifying its inaction with spurious claims concerning its commitment to “free speech.”

But just how committed is Cloudflare to free speech? On August 16, 2017 Cloudflare terminated service to the neo-Nazi website the Daily Stormer after it posted a story celebrating the death of an anti-fascist protester in Charlottesville, Virginia.

Cloudflare CEO Matthew Prince stated in a company blog that the final decision to remove the neo-Nazi site was taken not because it had clearly violated any particular policy, but simply because the Daily Stormer “made the claim that we [Cloudflare] were secretly supporters of their ideology.” Evidently, the Daily Stormer was removed because Matthew Prince was personally slighted at the Daily Stormer’s (false) claim that it was ideologically aligned with Cloudflare, confirming how arbitrary and capricious Cloudflare’s removal policies really are.

Then Prince explained that he had acted against the Daily Stormer reluctantly. He stated, “You win a lot of points for firing Nazis from using your service…But it sets a dangerous precedent when a company that most of your viewers have never heard of is effectively deciding what can and cannot be on the internet.”

But Cloudflare did not set a “dangerous precedent” by acting against the Daily Stormer. Companies make these kinds of decisions all the time. For instance, video streaming platforms determine whether or not they will allow beheading videos, and blogging services decide on whether they will allow terrorists to use their sites to issue calls for violence. If a company refuses to do business with a group or individual because of safety concerns, the potential customer or user can go somewhere else – hopefully somewhere much less accessible.

So, Prince’s suggestion that terminating a relationship with a group of extremists means Cloudflare is automatically obliged to do likewise for other groups that might publish “unpopular” content is misleading.

Cloudflare has the power to act against terrorism but chooses – and it is a choice, as the choice to remove the Daily Stormer showed – not to. Even its own Terms of Service clearly states that Cloudflare has “the right to, under its sole discretion, refuse service, suspend or terminate accounts, or otherwise restrict access to Cloudflare.com and the Cloudflare Service.”

Ultimately, it’s not a question of whether certain speech should be allowed or not, it’s about whether a company will or will not provide services to extremist and/or internationally-designated terrorist groups and individuals.

The list of sites that Cloudflare continues to serve, as notified by CEP research, is as follows: