Matthew Prince the cloudflare CEO has, in 2023, denied that Cloudflare is extensively participating in mass surveillance of USA people. His hnn account is Eastdakota.
I'v asked a couple of network engineers that used to work at cloudflare, they said that they have a compliance department that deals with lots of specific requests related to supoenas and law enforment but have not seen bulk feeds of plaintext traffic to other entities.
libroot•3mo ago
It's hard to take corporate denials at face value. History shows that when it comes to surveillance and government cooperation, big tech companies often say one thing in public while doing another behind closed doors.
Before the Snowden revelations, firms like Microsoft, Google, and Apple explicitly denied participating in any form of mass-surveillance. They insisted they only complied with lawful, targeted requests and never provided "direct access" to their systems. Yet the Snowden documents revealed that the NSA's PRISM program did, in fact, collect data directly from these same companies. Other programs like XKEYSCORE showed how that data was searched and analyzed at scale without meaningful oversight.
Even after the Snowden disclosures, the denials (read: lies) continued. Microsoft, for example, repeatedly claimed it "does not provide any government with direct or unfettered access to customer data" and only discloses data when "legally compelled."[1] But we now know that Microsoft works with the NSA to enable pre‑encryption access to Outlook emails, Skype calls, and SkyDrive files, and that the NSA has direct access to Microsoft's systems through PRISM, directly contradicting the company's public statements.[2]
It's scary how easily people believe what these big companies say. Even the EFF praised Microsoft's 2013 transparency report just months before the Snowden revelations, showing how effective these PR strategies are.[3]
When Cloudflare says it doesn't engage in mass-surveillance, we should treat that claim with extreme skepticism. History demonstrates how easily a platform with this level of access can be misused or quietly co-opted by intelligence agencies.
[1]:
10/20/2025
> "Microsoft discloses customer data only when legally compelled to do so. Microsoft does not provide any government with direct or unfettered access to customer data. Microsoft does not provide any government with direct or unfettered access to customer data. Microsoft does not provide any government with our encryption keys or the ability to break our encryption."
https://www.microsoft.com/en-us/corporate-responsibility/rep...
> At Microsoft, as The Guardian has reported, the N.S.A. worked with company officials to get pre-encryption access to Microsoft’s most popular services, including Outlook e-mail, Skype Internet phone calls and chats, and SkyDrive, the company’s cloud storage service.
https://archive.is/DyVgN
> the Guardian revealed that the NSA claimed to have "direct access" through the Prism program to the systems of many major internet companies, including Microsoft, Skype, Apple, Google, Facebook and Yahoo.
https://www.theguardian.com/world/2013/jul/11/microsoft-nsa-...
> these systems allow analysts to listen to whatever emails they want, whatever telephone calls, browsing histories, Microsoft Word documents.
> And it's all done with no need to go to a court, with no need to even get supervisor approval on the part of the analyst
> all an analyst has to do is enter an email address or an IP address, and it does two things. It searches that database and lets them listen to the calls or read the emails of everything that the NSA has stored, or look at the browsing histories or Google search terms that you've entered, and it also alerts them to any further activity that people connected to that email address or that IP address do in the future
joey_spaztard•3mo ago
https://news.ycombinator.com/item?id=36937413
I'v asked a couple of network engineers that used to work at cloudflare, they said that they have a compliance department that deals with lots of specific requests related to supoenas and law enforment but have not seen bulk feeds of plaintext traffic to other entities.
libroot•3mo ago
Before the Snowden revelations, firms like Microsoft, Google, and Apple explicitly denied participating in any form of mass-surveillance. They insisted they only complied with lawful, targeted requests and never provided "direct access" to their systems. Yet the Snowden documents revealed that the NSA's PRISM program did, in fact, collect data directly from these same companies. Other programs like XKEYSCORE showed how that data was searched and analyzed at scale without meaningful oversight.
Even after the Snowden disclosures, the denials (read: lies) continued. Microsoft, for example, repeatedly claimed it "does not provide any government with direct or unfettered access to customer data" and only discloses data when "legally compelled."[1] But we now know that Microsoft works with the NSA to enable pre‑encryption access to Outlook emails, Skype calls, and SkyDrive files, and that the NSA has direct access to Microsoft's systems through PRISM, directly contradicting the company's public statements.[2]
It's scary how easily people believe what these big companies say. Even the EFF praised Microsoft's 2013 transparency report just months before the Snowden revelations, showing how effective these PR strategies are.[3]
When Cloudflare says it doesn't engage in mass-surveillance, we should treat that claim with extreme skepticism. History demonstrates how easily a platform with this level of access can be misused or quietly co-opted by intelligence agencies.
[1]:
10/20/2025
> "Microsoft discloses customer data only when legally compelled to do so. Microsoft does not provide any government with direct or unfettered access to customer data. Microsoft does not provide any government with direct or unfettered access to customer data. Microsoft does not provide any government with our encryption keys or the ability to break our encryption." https://www.microsoft.com/en-us/corporate-responsibility/rep...
06/07/2013
> "If the government has a broader voluntary national security program to gather customer data we don’t participate in it." https://news.microsoft.com/source/2013/06/07/statement-of-mi...
07/11/2013
> "To be clear, Microsoft does not provide any government with blanket or direct access to SkyDrive, Outlook.com, Skype or any Microsoft product." https://news.microsoft.com/source/2013/07/11/statement-from-...
[2]:
> At Microsoft, as The Guardian has reported, the N.S.A. worked with company officials to get pre-encryption access to Microsoft’s most popular services, including Outlook e-mail, Skype Internet phone calls and chats, and SkyDrive, the company’s cloud storage service. https://archive.is/DyVgN
> the Guardian revealed that the NSA claimed to have "direct access" through the Prism program to the systems of many major internet companies, including Microsoft, Skype, Apple, Google, Facebook and Yahoo. https://www.theguardian.com/world/2013/jul/11/microsoft-nsa-...
> these systems allow analysts to listen to whatever emails they want, whatever telephone calls, browsing histories, Microsoft Word documents.
> And it's all done with no need to go to a court, with no need to even get supervisor approval on the part of the analyst
> all an analyst has to do is enter an email address or an IP address, and it does two things. It searches that database and lets them listen to the calls or read the emails of everything that the NSA has stored, or look at the browsing histories or Google search terms that you've entered, and it also alerts them to any further activity that people connected to that email address or that IP address do in the future
https://abcnews.go.com/blogs/politics/2013/07/glenn-greenwal...
[3]:
03/21/2013 https://www.eff.org/deeplinks/2013/03/victory-transparency-m...