WISPA may be the closest thing we have to an SMB ISP union. ----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest-IX http://www.midwest-ix.com ----- Original Message ----- From: "Alex Buie via NANOG" <nanog@lists.nanog.org> To: "North American Network Operators Group" <nanog@lists.nanog.org> Cc: "John Levine" <johnl@iecc.com>, "Alex Buie" <abuie@cytracom.com> Sent: Thursday, May 29, 2025 8:29:33 PM Subject: Re: Amazon AWS cloudfront WAF block FWIW we regularly face this at $DAYJOB as a mid-sized nationwide business ISP and have all but given up. Ticketmaster, Hulu, Disney, and others which seem to use Neustar or IPQS simply seem uninterested in our mutual customers being able to do business with them. Ticketmaster suggested we ask our customers switch to their cellular hotspot to purchase tickets since “Verizon and AT&T run a tested and secure network”. Implying I don’t but being unable to tell me why that is their assessment. Are you freakin’ kidding me? IPQS especially seem to be the most extortive of the group, as they would not even entertain a conversation until we paid money to subscribe to their product and then after we paid basically told us to F off because we are a VPN in their eyes. Every single /32 IP in our customer eyeball network corresponds to a static assignment to one company/client/corporate entity, almost always a single physical business location but we do have some customers who have multi-building setups with tunnels or dark fiber. For all intents and purposes, these LOOK like single-office business grade connections. But because SD-WAN technology is used to deliver the circuits, they refuse to reclassify our IP space as anything other than a hazardous VPN. I sure hope they don’t find out that every eyeball network in America is using SD-WAN technology in 2025, but I digress. Maybe it’s time for a SMB ISP union? I kind of love the thought of all of us smaller AS teaming up to fight for what’s fair in internet governance. By strength in numbers of eyeballs served we have a lot of combined weight to effect commerce and customer service experiences for these brands that have snubbed some of our brethren via our routing and performance policies. Probably off the wall. This entire email should be construed as my personal opinion and not the public position of my employer. *Alex* On Thu, May 29, 2025 at 9:18 PM Tom Beecher via NANOG <nanog@lists.nanog.org> wrote:
I cannot fathom how citing some cases and section 230 will help the original poster get a hold of someone at Amazon and/or resolve their
issue.
It won't, no. But not much else will either.
AWS default WAF lists are notoriously bad. They often include things they shouldn't. If you are an AWS customer they'll tell you to make your own edits to fix these problems. If you aren't (as in the OP's case ), they won't even really talk to you, as the OP experienced.
It's of course exceptionally frustrating when you're in the OP's shoes with this stuff, but this is the unfortunate reality when people chose to use ass products like this.
On Thu, May 29, 2025 at 3:52 PM Mu via NANOG <nanog@lists.nanog.org> wrote:
On Thursday, May 29th, 2025 at 3:35 PM, John Levine via NANOG < nanog@lists.nanog.org> wrote:
It appears that William Herrin via NANOG nanog@lists.nanog.org said:
On Thu, May 29, 2025 at 10:57 AM Andrew Kirch trelane@trelane.net wrote:
(A)any action voluntarily taken in good faith to restrict access to or availability of material that the provider or user considers to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable, whether or not such material is constitutionally protected
Hi Andrew,
The key phrase here is "taken in good faith." After I've notified you of an error, your action stops being good faith.
Uh, no. I have no duty to believe what you claim.
Having looked at a lot of case law I can tell you that the only case where a court did not find good faith was a strange one where one anti-malware service listed another (for what looked like good reasons) and a court assumed that since they were direct competitors it wasn't good faith. Other than that, if I think your traffic is objectionable, I can reject it.
See
https://blog.ericgoldman.org/archives/2024/06/this-case-keeps-wrecking-inter...
In practice, threatening to sue Amazon is a dumb thing to do because
far more lawyers and experience and money than you do. This is obviously a screwup and figuring out who to ask nicely is far more likely to work
they have than
sending threats you can't actually carry out.
R's, John
PS: Wasn't the original question from someone in South Africa? I have no idea what their law is like, or if Amazon even has enough presence there to sue. _______________________________________________ NANOG mailing list
https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/QGOVMLWJ...
Respectfully, is anyone here an actual lawyer giving legal advice?
If not, can we maybe just suggest that everyone consults with their own lawyers about what actions they do or do not want to take?
Obviously the original comment about sending a legal letter was made out of frustration because reaching an actual human at some of these
megacorps
is often like pulling teeth. I don't blame them for being frustrated. With that said, I cannot fathom how citing some cases and section 230 will help the original poster get a hold of someone at Amazon and/or resolve their issue.
-mu _______________________________________________ NANOG mailing list
https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/WQOPS73C... _______________________________________________ NANOG mailing list
https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/SD7KRQCP...
NANOG mailing list https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/465SNE2A...