The Los Angeles Unified School District (LAUSD) is now slowly moving back to capacity after a ransomware attack launched over Labor Day weekend, which prompted an unprecedented shutdown of computer systems in an attempt to contain the effects of the malicious software. The attack on LAUSD, the second-largest school district in the US, put officials on high alert, with fears over lockouts from school management systems and unauthorized access to student data triggering a response from federal, state, and local partners.

But it’s not the first time LAUSD systems have been exposed to ransomware — and not the first warning the district has received about ransomware. The same systems narrowly avoided being hit with another similar attack in February 2021 after a system compromise, as confirmed by Hold Security CEO Alex Holden.

Holden told The Verge that his company discovered a device on LAUSD’s systems that had been compromised by the TrickBot banking Trojan, which is able to steal financial credentials from a target system and can also be used to install more damaging malware such as ransomware. (The 2021 intrusion was first highlighted by journalist Jeremy Kirk on Twitter.)

LAUSD was notified through a third party, Holden says, and presumed to have taken action. Soon afterward, the compromised device disappeared from the TrickBot botnet. Holden described the incidents as a “close call” for the school district, adding, “Unfortunately, this time it turned out differently.”

LAUSD has a total of more than 600,000 students, meaning the potential impact of the attack is huge. In a press release issued on September 7th, the district said that it was still moving toward full operational capacity but had encountered difficulties regaining access to systems.

On Tuesday, the district said that it had reset more than 53,000 student and employee passwords. But this prudent step also created further problems.

“While the District’s ability to intercept the attack by deactivating all our systems was the swift, decisive and prudent action to avoid a catastrophic breach, the recovery from the disruption has proven more challenging than initially anticipated,” the statement reads. “Password resets have and remain Los Angeles Unified’s biggest challenge, as students and employees must complete resets at District sites.”

Despite the password difficulties, LAUSD has still managed to return many other systems to an operational state. Earlier in the week, LAUSD superintendent Alberto Carvalho tweeted that some critical systems had been restored within two hours.

But experts say that full recovery from such an attack is not something that can be done quickly. Jon Miller, CEO and co-founder of anti-ransomware platform Halcyon, told The Verge that even seemingly restored systems can still be vulnerable.

Attackers often find targets using compromised login credentials, Miller said, or find other ways to bypass security products installed on the network. In some cases, these techniques give hackers persistent access to networks when a fix is attempted.

“Even if a victim has backups, they will need weeks and months of expensive recovery and incident response that must be completed to ensure the network is safe to run fully again,” he said.

LAUSD may be one of the largest school districts in the nation, but it’s far from alone in dealing with ransomware attacks. Doug Levin, who maintains a database of publicly disclosed school cybersecurity incidents, was able to point The Verge to four other school ransomware incidents that had taken place within a month of the LAUSD attack.

According to Levin, factors that make schools vulnerable range from resource constraints to a failure of school leadership to keep up with digital transformations in the learning environment. But policymakers were also responsible for leaving schools to set their own standards for cyber preparedness.

“On the cybersecurity policy side, the needs of school districts for support have been largely overlooked,” Levin said.

Nonetheless, in the aftermath of the attack, federal officials warned that ransomware attacks on schools may increase.

A joint cybersecurity advisory from the FBI, Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) warned that federal agencies have “observed … actors disproportionately targeting the education sector with ransomware attacks.”

Cyberattacks on schools may increase in the 2022–2023 school year as ransomware groups see opportunities for successful attacks, the advisory said, with K-12 institutions being attractive targets due to the amount of sensitive student data they handle.

Filmmaker Quentin Tarantino and studio Miramax have settled a lawsuit over non-fungible tokens, or NFTs, based on Pulp Fiction. A new court filing indicates the sides will request to dismiss the suit in the coming weeks, and they offered a joint statement, as reported by Deadline. “The parties have agreed to put this matter behind them and look forward to collaborating with each other on future projects, including possible NFTs,” they said. The terms of the settlement were not disclosed.

Tarantino introduced his NFT lineup last year at the height of NFT mania, promising each one would unlock a “secret” about his 1994 film. Tarantino said the NFTs were linked with media from the screenplay, which he retained rights to, but Miramax sued on the grounds that NFTs constituted an “emerging technology” that it could contractually profit from. “Whatever limited rights Mr. Tarantino has to screenplay publication, they do not permit the minting of unique NFTs associated with Miramax’s intellectual property,” wrote the company’s attorneys in January, when the first NFT sold for $1.1 million to a collective linked with its sales network Secret.

Had it proceeded, the case could have set a precedent for future NFTs based on films or other media. Warner Bros. and other studios have sold NFTs to promote films like Space Jam: A New Legacy and The Matrix Resurrections, and the Miramax case could have settled whether these sale rights are guaranteed by existing trademark and copyright contracts that don’t explicitly mention NFTs.

But as TorrentFreak notes, Tarantino and Miramax met last week to discuss a settlement, and the case now seems unlikely to go to trial. Meanwhile, the NFT and cryptocurrency markets have cratered since the suit was filed — so if more tokens are released in the near future, it’s doubtful the stakes will be nearly as high.

Steve Bannon, Trump ally and former White House adviser, surrendered himself to the Manhattan district attorney’s office on Thursday and is expected to face charges related to his role in an online crowdfunding effort to fulfill Trump’s promise to build a wall along the US’s southern border with Mexico, according to CNN.

Bannon and three others were previously arrested and charged with defrauding donors to their “We Build the Wall” online fundraising campaign. The group raised over $25 million to build a wall along the US-Mexico border, promising to use “100 percent” of donations to fund the wall’s construction. But the group was found to have paid more than $1 million to cover personal expenses, including boats, an SUV, and cosmetic surgery for founder and Air Force veteran Brian Kolfage.

The Washington Post reported Thursday that New York has charged Bannon with money laundering, fraud, and conspiracy for his role in the We Build the Wall group.

Bannon pled not guilty to the federal charges in 2020 and was later pardoned by President Trump for his role in the alleged scheme. However, New York launched its own investigation into Bannon and his partners shortly after the pardon came through. Because presidential pardons only apply to federal crimes, the state can still press its own charges. New York Attorney General Letitia James is expected to formally announce Bannon’s indictment later Thursday afternoon.

In a statement, Bannon called the state’s charges “phony,” according to CNN. “They are coming after all of us, not only President Trump and myself,” Bannon said in the statement. “I am never going to stop fighting. In fact, I have not yet begun to fight. They will have to kill me first.”

Kolfage launched the We Build the Wall as a GoFundMe campaign in December 2018, ultimately raising enough funds to construct a three-mile section of fence along the southern borders of Texas and New Mexico. By January 2019, Kolfage decided to raise the money through a new nonprofit organization called We Build the Wall Inc. The nonprofit’s board was composed of longtime Trump allies like Bannon and Kris Kobach.

Kobach allegedly used the organization’s email list to fundraise for his own US Senate campaign in Kansas.

In July, Bannon was found guilty of contempt of Congress for defying a subpoena from the House select committee in charge of investigating the January 6th, 2021, attack on the US Capitol. Bannon is expected to be sentenced later next month and could serve at least 30 days in jail.

Crypto industry operations in the US use about as much electricity as all of the nation’s home computers combined, according to a report released today by the White House Office of Science and Technology Policy. The report paints the clearest picture yet of what crypto operations are costing both power grids and the environment in the US. It also lays out some potential actions the Biden administration could take to address these challenges.

Democratic lawmakers in particular have been worried about whether the crypto industry that has exploded in the US over the past year might derail climate goals. And as extreme weather pushes power grids to their limits across the US, there’s growing concern that the most electricity-hungry cryptocurrencies could put even more strain on already vulnerable energy systems.

Crypto asset operations use between 0.9 and 1.7 percent of the US’s total electricity use, according to the new report. And burning through that much electricity generates greenhouse gas emissions that are heating up the planet. Crypto asset activity in the US is responsible for about as much greenhouse gas pollution as all the diesel fuel used on the nation’s railroads, the report says. That’s 25 to 50 million metric tons of carbon dioxide per year, or 0.4 to 0.8 percent of total US greenhouse gas emissions.

The data in the report includes cryptocurrencies, NFTs, and other tokens using blockchain technologies. But there’s one particular technology that’s driving most of these challenges: it’s a kind of security system called proof of work that currently underpins the largest cryptocurrency networks: Bitcoin and Ethereum.

Proof of work gobbles up most of the energy that the crypto industry uses. With proof of work, crypto “miners” race to solve puzzles for the chance to validate blocks of transactions. Those blocks get added to the blockchain, and the miners receive new tokens in return. This system incentivizes miners to ramp up their computing power for a better shot at winning that reward.

All that computing power is what makes blockchains like Bitcoin and Ethereum so energy hungry. Fortunately, there are other newer blockchains that have found different methods that use a fraction of the energy to verify transactions. Within weeks, for instance, Ethereum is expected to switch over to one of those new methods. The Merge, as the highly anticipated transition away from proof of work is called, is supposed to cut Ethereum’s energy consumption by up to 99.95 percent.

But as long as Bitcoin sticks with proof of work and remains the dominant cryptocurrency, then crypto miners will continue to pose problems. In the US, they’ve driven up electricity bills in communities where they’ve set up shop. All the hardware they use adds to piles of e-waste. And as long as fossil fuels dominate the US’s electricity mix, then energy used for crypto mining will generate air pollution that heats the planet and harms local air quality.

Some crypto mining operations have even revived aging coal and gas-fired power plants that were otherwise expected to shut down. That could derail the US’s efforts to combat climate change. “Restarting coal and other fossil fuel plants erodes some of the progress that the United States has made” in cutting down greenhouse gas emissions, the report says.

China used to be the home base for the majority of Bitcoin mining operations. But miners fanned out across the globe after China cracked down on them in 2021. The US quickly became the new biggest hub for crypto mining, with about 38 percent of the world’s Bitcoin mining.

That’s left lawmakers scrambling to figure out how to respond to Bitcoin miners on the move. New York state became an early epicenter for crypto miners within the US. But some mining operations there are already starting to leave as state legislators begin to craft restrictions for the burgeoning industry. Texas has welcomed the crypto industry, but the influx of new mining farms places increased stress on an already vulnerable grid and could also raise residents’ energy bills.

The report urges federal agencies to take action to avoid the potential risks that come with crypto mining. For starters, it says that the Environmental Protection Agency, Department of Energy, and other federal agencies work with local policymakers and the crypto industry to develop performance standards for “environmentally responsible” crypto technologies. Those standards should push the industry to turn to clean energy while using less energy overall, the report says.

“Should these measures prove ineffective at reducing impacts, the Administration should explore executive actions, and Congress might consider legislation,” the report says. Those more aggressive moves could aim to “limit or eliminate” the use of proof of work, according to the report. That would specifically target Bitcoin if Ethereum succeeds in leaving proof of work behind.

The report also asks federal agencies to collect data from utilities and crypto miners about their energy use. In the past, it’s been difficult to suss out how much energy miners were using because many of them haven’t typically disclosed this information. The OSTP report uses figures pulled from other published research as well as estimates of energy use and emissions based on the US’s share of the world’s crypto mining.

That kind of information can be used to ensure that crypto mining doesn’t derail climate goals or jeopardize the stability of the grid. But for now, those actions are still just recommendations. A senior administration official on a press call yesterday for the report wouldn’t share details on any next steps when probed about whether the Biden administration has any plans to implement the policy recommendations outlined in the report.

The Internet Archive is no longer hosting backups of Kiwi Farms, continuing the forum’s removal from major web platforms. Twitch streamer Clara “Keffals” Sorrenti, who has led a recent campaign against the site, publicized the removal yesterday. Another tweet noted that a separate backup site has also been removed; searching either returns a response that “this URL has been excluded from the Wayback Machine.”

Kiwi Farms’ main site has been offline since security provider Cloudflare dropped it earlier this week, citing an “immediate threat to human life” due to threats and potential criminal actions from Kiwi Farms users. But until yesterday, many of its threads were available through the Internet Archive’s Wayback Machine, including posts with personal information about Kiwi Farms targets.

The Internet Archive didn’t respond to a request for confirmation that it had actively excluded the domain, but Kiwi Farms administrator Joshua Moon criticized the removal on Telegram, suggesting the site wasn’t blocked by its own operators.

The move would be an unusual decision for the Wayback Machine, which automatically crawls the web to create a backup of countless sites and pages. Site owners can choose to exclude domains, but they’re otherwise rarely removed except for copyright reasons. The Internet Archive has previously protested requests to delete alleged terrorist content, and controversial sites like the now-rebranded 8chan remain on the Wayback Machine. Some unaffiliated archive sites — which save domains at the request of individual users, not automatically — have retained their backups of Kiwi Farms.

Supporters of the Drop Kiwi Farms campaign celebrated the Internet Archive’s decision. “Internet heroes right here,” tweeted Yonah Gerber, who urged the Archive to remove the site. Kiwi Farms is known for collecting and publicizing personal details about targets it holds in contempt, many of whom are transgender women like Sorrenti. While the site ostensibly discourages direct harassment, Sorrenti has faced swatting attacks and persistent threats during her campaign, and other targets have had similarly ugly experiences. Kiwi Farms has been allegedly linked with three suicides, including an emulator developer who blamed the site for a relentless harassment operation soon before their death.

While Moon launched a Tor-based backup of Kiwi Farms, he’s struggled to find companies to host a stable replacement, and the Wayback Machine had provided one of the easiest ways to spread information while it was offline. Removing that backup doesn’t erase the site’s existence from the internet — but it’s one of the closest equivalents.

Venture capital firm Andreessen Horowitz (a16z) is trying to clean up the messy state of crypto copyright. Last week, the company introduced what it dubs “Can’t Be Evil” licenses: a series of agreements that let creators grant non-fungible token owners partial or near-complete rights to NFT art. It’s fighting a problem many experts have called out — one that’s persistently undercut claims that NFTs let you “own” a work.

The “Can’t Be Evil” licenses (named after a common claim about blockchain businesses) are based on the Creative Commons (CC) copyright framework. But unlike Creative Commons, which provides blanket licenses to wide swathes of people, a16z’s licenses lay out the relationship between an NFT buyer and the person who created the original art it’s linked with.

As explained in a blog post, the licenses are meant as a relatively simple but legally sound framework for setting the rights of NFT holders, open to modification by individual projects. It’s something many NFT projects — including some massive brands like Bored Ape Yacht Club — fail to do consistently. There are already attempts at making a standardized NFT license, but so far, none have seen the kind of success Creative Commons has in the non-crypto world. And a16z, which has invested a huge amount in the crypto ecosystem, has a vested interest in solving the problem.

The most expansive license is a direct copy of the CC0 agreement, which lets anybody remix or redistribute a piece of art. Beyond that, there are five other categories. “Exclusive Commercial Rights” gives the buyer an exclusive right to use the art as they see fit. “Non-Exclusive Commercial Rights” does something similar, but the NFT creator retains the right to use the art as well. There’s also a version of the non-exclusive commercial license that gets revoked if the NFT is used for hate speech — a category that includes defamation, harassment, fraud, or “vulgar, cruel, illegal, or obscene” uses.

Beyond that, there are also two “Personal Use” licenses, which let people copy and display art but not use it commercially. One of these includes the hate speech agreement; the other doesn’t.

The licenses also take on the question of sublicensing: basically, how an NFT holder can authorize other people to use the art on something like a T-shirt or TV show and what happens to that contract if they sell the NFT. These licenses say that the subcontract is immediately terminated on a sale — so new buyers don’t get an NFT that’s already tied up in deals with other people. (On the other hand, this requires creators who license somebody’s NFT to live with some uncertainty over its future.)

The contract also specifies that copyrights only transfer if the NFT is legally sold — so stealing somebody’s token doesn’t give you all the rights associated with them.

a16z frames the copyright licenses as a more “trustless” version of NFT ownership, which is right in some sense: it potentially offers more clarity over the tokens’ legal value rather than relying on handshake deals and vague promises. But where the “can’t be evil” slogan often implies there’s some technical limit preventing someone from abusing a system, any disputes over these licenses will be resolved through the old-fashioned legal system — an idea many NFT creators seem increasingly comfortable with.

Ring is now offering end-to-end encryption of video and audio on its battery-powered video doorbells and security cameras, over a year after it added the option to its hardwired and plug-in devices. End-to-end encryption lets users of the company’s video cameras keep their footage locked down, making it accessible only on their enrolled iOS or Android device. Separately, Ring is also making it easier to save recorded videos when an owner sells or disposes of a Ring device

With end-to-end encryption enabled, no one but the camera’s owner can access recorded footage. Even if law enforcement asked Ring, or its parent company Amazon, for the video, they couldn’t provide it. Only the enrolled mobile device can unlock the video.

By default, Ring encrypts video and audio recordings when they’re uploaded to the cloud and while stored on Ring’s servers. End-to-end encryption ups the levels of security, giving only the device owner access to and control of their footage on one designated device and with a passphrase only they have.

When Ring first previewed video end-to-end encryption in January 2021, the Ring Pro 2 and Ring Elite were the only video doorbells it worked on, leaving its most popular battery-powered devices — such as the Ring 4, Ring Video doorbell — out of the privacy party. It was also an option on all its wired and plug-in cameras — including the Ring Floodlight cam — but not on the battery-powered options such as the Ring Stick Up Cam (battery).

Now, end-to-end encryption is available on all Ring’s currently sold cameras and doorbells, with the only exception being the Ring Video Doorbell Wired — its lowest-priced buzzer. Ring has a guide on its website with instructions for enrolling.

Photo by Dan Seifert / The Verge

But the increased privacy protections come with caveats. With end-to-end encryption turned on, users lose the ability to preview videos on the Ring app’s Event Timeline view and in rich notifications that show a snapshot of action in notification before opening the app.

Also, shared users of Ring devices can’t see videos on their devices, and no user can share videos from the Ring app or view footage on Echo Show devices or any third-party apps. End-to-end encryption also disables Alexa Greetings and Quick Replies – where a Ring video doorbell can automatically respond to a visitor. Bird’s Eye View also won’t work – an option on some Ring cameras that shows the path a visitor has taken to the doorbell or camera. Disabling end-to-end encryption restores all these functions.

However, most of these features are useful conveniences — not essential to the core use of a security camera. For many users, the increased privacy protection will be worth the loss of some convenience.

This week, Ring also introduced a new feature to make it easier to save recorded videos when a user sells or disposes of a Ring device — for example, if they were selling it to upgrade to a new model.

Deactivated Device State lets a user choose to save any videos to their account without having to download them manually (the only option previously available).

When they go to remove the camera or doorbell from the account in the Ring app, a new Remove Device option appears, allowing them to keep or delete events/videos from the device before removing it from their Ring Account.

The videos will be stored on the account as long as the user has a Ring subscription. If they cancel the subscription, they’ll need to manually download any videos they want to keep to a phone or computer.

The Federal Trade Commission (FTC) is investigating Amazon’s plans to acquire robot vacuum maker iRobot and the 1Life healthcare company behind One Medical, according to reports from Politico and The Wall Street Journal. Amazon announced a $3.9 billion deal to buy One Medical in July and said it would acquire iRobot for $1.7 billion just weeks later.

One Medical serves as a sort of Netflix-for-healthcare subscription service that gives customers access to in-person and virtual appointments at 125 clinics across the US for $199 per year. Meanwhile, iRobot’s known for its line of Roomba robot vacuums that have only grown more adept at understanding users’ homes and their habits with the rollout of iRobot OS.

The acquisitions of both companies align with Amazon’s long-term goals of carving out its own lane in the healthcare industry, as well as collecting more data about its customers, something Amazon could do with Roomba’s home-mapping capabilities.

The FTC’s investigations could slow — or potentially stop — Amazon’s acquisition of both companies. FTC Chairwoman Lina Khan has been a vocal critic of Amazon and its practices. Amazon pushed back against Khan’s plans to regulate the company when she first took on the role of Chairwoman, and more recently asked the FTC to limit its investigation and pursuit of testimony from current CEO Andy Jassy and former CEO Jeff Bezos, calling it “burdensome.”

Amazon’s bid to buy iRobot is facing similar scrutiny from the FTC. Sources close to the situation told Politico that both companies are preparing for a “potentially lengthy, arduous investigation” to see if the merger violates antitrust laws. The FTC’s investigation will reportedly focus on whether the data provided by Roomba gives Amazon an unfair advantage in the retail industry, and how the line of robot vacuums would fit in with Amazon’s existing smart home products, like Ring and Alexa.

Shortly after announcing the potential 1Life merger, Amazon said it’s shutting down its virtual health service, Amazon Care, at the end of this year. Politico points out that the FTC could see this move as anti-competitive, since Amazon is simply buying out one of Care’s potential competitors, instead of opting to compete with it.

As noted by the Journal, 1Life disclosed the FTC’s review of the acquisition in a filing with the Securities and Exchange Commission (SEC) on Friday. Amazon’s proposed acquisitions of 1Life and iRobot come after Amazon bought out MGM for $8.45 billion.

Ireland’s Data Protection Commission has fined Meta €405 million (about $402 million) after an investigation into how it handled teenagers’ data. The decision and fine were finalized last Friday, DPC spokesperson Caolmhe McGuire tells The Verge, and “full details of the decision will publish next week.”

The DPC’s deadline for making a final decision on this matter was the end of this week. The investigation leading started almost two years ago, and focused on two ways in which the company allegedly breached GDPR rules. The first was Instagram allowing young users, ages 13-17, to set up business accounts on the platform, which made those users’ contact information publicly available. (Users sometimes switch to business accounts because doing so comes with access to more engagement analytics.) Instagram also allegedly made the accounts of some young users public by default.

This is the third and largest fine the DPC has imposed on Meta, easily eclipsing the 225 million euros (about $267 million at the time) the company faced after the DPC found that WhatsApp didn’t properly inform EU citizens about how it collected and used their data, particularly regarding how it shared that data back with Meta. WhatsApp was ordered to change its privacy policy, and said it planned to appeal. There was also a much smaller fine of 17 million euros (about $18.6 million) for record-keeping issues around security breaches. The DPC also has dozens of other investigations underway against Big Tech companies, including several more involving Meta’s data practices.

Meta said in a statement to Politico that it updated the public-by-default setting more than a year ago, and that “anyone under 18 automatically has their account set to private when they join Instagram, so only people they know can see what they post, and adults can’t message teens who don’t follow them.” The company told the Associated Press that “we disagree with how this fine was calculated and intend to appeal it.”

The way Meta — and Instagram in particular — handle the online experience if its youngest users has been under a huge amount of scrutiny in the last couple of years, thanks in part to Frances Haugen’s testimony about Instagram’s effect on mental health. Instagram has also simultaneously tried to build more products for those young users, which has been met with huge backlash. Instagram head Adam Mosseri has argued in favor of this work, though: “I have to believe parents would prefer the option for their children to use an age-appropriate version of Instagram — that gives them oversight — than the alternative,” he said last year. He promised to work with regulators to make that happen, and Meta said it also cooperated with the DPC’s recent investigation.

Cloudflare, a website security and hosting provider, announced on Saturday that it had blocked Kiwi Farms, an online forum known for hateful content. In a post on Cloudflare’s blog, the company said Kiwi Farms posed an “immediate threat to human life,” citing an increase of “targeted threats” over the past two days.

Concerns about Kiwi Farms grew after transgender YouTuber and Twitch streamer, Clara Sorrenti (Keffals), had been targeted by a dangerous harassment campaign by users from the site. Last month, Kiwi Farms users waged a swatting attack against Sorrenti, otherwise known as the act of providing a false tip to police that someone’s planning on carrying out a violent crime, resulting in police swarming the victim’s home.

Sorrenti later went into hiding and started a #DropKiwifarms campaign that urged Cloudflare to stop serving Kiwi Farms. Users across Twitter shared the hashtag, also with some revealing the harassment they’ve experienced at the hand of Kiwi Farms’ users.

Cloudflare initially resisted calls to drop Kiwi Farms, saying that it would be “an abuse of power” to do so. In an update posted to its site last week, Cloudflare outlined its policies on abusive content, laying out an argument for maintaining service without explicitly mentioning Kiwi Farms. In the post, Cloudflare argues that its termination of sites like The Daily Stormer, a neo-Nazi message board, and 8Chan, a forum that breeds extremist content, led “authoritarian regimes” to ask Cloudflare to “terminate security services for human rights organizations.”

“Just as the telephone company doesn’t terminate your line if you say awful, racist, bigoted things, we have concluded in consultation with politicians, policy makers, and experts that turning off security services because we think what you publish is despicable is the wrong policy,” Cloudflare explains.

In its more recent update, Cloudflare cites an “unprecedented emergency” as justifying both the takedown and the service’s change of heart. Notably, Cloudflare didn’t provide hosting for Kiwi Farms’ website, but provided security services that many saw as instrumental to keeping the site online.

“Visitors to any of the Kiwifarms sites that use any of Cloudflare’s services will see a Cloudflare block page and a link to this post,” Cloudflare explains. “Kiwifarms may move their sites to other providers and, in doing so, come back online, but we have taken steps to block their content from being accessed through our infrastructure.” Cloudflare has also coordinated with law enforcement to address some of the threats on the site, but claims the “process is moving more slowly than the escalating risk.”

In the update, Cloudflare claims it didn’t block the site due to the social media campaign that pleaded with the service to drop Kiwi Farms as a customer. Instead, the post says the decision was based on an uptick in aggressive activity on the platform. Still, Cloudflare says it’s “uncomfortable” with its decision to banish the site, and believes its action “may have further heightened the emergency.”

Kiwi Farms first emerged in 2013, and was created by former 8chan administrator Joshua Moon. The site has become known for the harassment and stalking of “lolcows” — the term Kiwi Farms uses to describe its victims (who are often neurodivergent or a member of the LGBTQIA+ community). A report from New York Magazine called Kiwi Farms “the biggest community of stalkers,” with harassment so severe that the site has been blamed for the deaths of several victims.