Listen to this article
Estimated 5 minutes
The audio version of this article is generated by text-to-speech, a technology based on artificial intelligence.
The widely used internet infrastructure provider Cloudflare suffered a major outage on Tuesday morning, temporarily disrupting numerous websites and apps, including ChatGPT, Spotify, and the social media platform X.
The incident lasted several hours, and follows other major outages in recent months involving Microsoft’s Azure platform and Amazon Web Services (AWS).
London-based tech analyst Carmi Levy spoke with London Morning host Andrew Brown on Thursday to explain what happened, and what concerns the incidents raise about the stability and security of the internet.
The following has been edited for length and clarity.
Andrew Brown: I’ve got to admit, I had never heard of Cloudflare. That probably says more about me than Cloudflare, but what does something like that do?
Carmi Levy: This is a company that most of us wouldn’t deal with, in the same way most of us don’t deal directly with Amazon Web Services or Microsoft Azure. It’s a content delivery network service, and basically, what it does is it ensures that the websites that we visit every day stay up and running.
So if you run a website, you would call Amazon or Microsoft or Google to host it for you, then you would call Cloudflare to make sure it’s secure, that it’s protected from those big distributed denial of service attacks that generate headlines every once in a while. It performs a pretty important role on the internet. It makes sure that when you visit a website, you’re a human, not a bot. Not someone or something that wants to take that website down.
AB: So then, how does it connect to the cloud?
CL: Cloudflare isn’t something we install on our computers, it’s something that exists only on the web. They have a data centre, they work with websites like ChatGPT, or X, or even IKEA and Spotify. Those companies subscribe to Cloudflare, and they do some technological magic in the background.
For example, sometimes when you sign in to ChatGPT, you’ll notice you’ll get a little pop-up right at the beginning saying, ‘click this to prove that you’re a human.’ If you look closely at it, you’ll see there’s a Cloudflare logo on it … It just works quietly in the background. Most of us never pay attention to it, but you know, of course, when it fails, everybody’s looking.
London Morning7:13Do you know where your data is being stored?
Earlier this week, a segment of the internet’s cloud storage was down, and the effects were felt by most online users. London technology analyst Carmi Levy explained the situation with cloud servers and the world of data storage.
AB: What do we know about why it took a bunch of websites down earlier this week?
CL: An estimated 20 per cent of all websites on the internet use Cloudflare services in one way (shape) or form. The interesting thing is that originally, they thought it was a cyberattack, and it quickly turned out not to be the case. Then they called it an “internal service degradation,” basically, “something broke. We don’t know what it is.”
The co-founder and CEO, Matthew Prince … he said it had to do with their bot management system, that’s what protects websites against bot attacks. It uses an AI tool that creates what’s called a “feature file,” and that feature file, every time you connect to the site, it looks at that feature file and goes, “Are all these things good? Does it match? Can I legitimately allow this person onto the site?” That file updates every five minutes. Unfortunately, they made a change to the code, and that code resulted in this file getting larger and larger and larger. It wasn’t erasing old versions of itself, which means eventually it just crashed.
AB: What does this say about the stability of the websites that we depend on?
CL: It’s a lot more centralized than we thought it was. It doesn’t take much to bring it all down, because massive services like Cloudflare, Amazon Web Service, Microsoft Azure, they control most of the traffic on the internet. For example, with AWS, it was one server in one data centre in West Virginia, and it took down a huge chunk of the global Internet.
AB: Do you have any ways that we could try to protect ourselves from that risk?
CL: Our parents told us always put your eggs in more than one basket, and I think the same logic applies here. We can’t stop these outages from happening, these are massive, global-scale companies. But what we can do is we can ensure that if Service A is no longer available, then we have an option for Service B. For example, it could be that you have a second email address or account on a second platform … that way, you’ll always have a backup.
When you’re thinking of where to store your data, don’t just assume it’s always going to be safe in the cloud. Make sure you have some of your data in the cloud, Google Photos, for example, but don’t forget to save them locally too. Put them on a hard drive. Make sure that it’s safe in your home or someone else’s home.