As members of the End Kiwi Farms campaign originally predicted in September, after being held in violation of Cloudflare's Terms of Service and Human Rights Policy, Kiwi Farms has bounced between various marginal providers. Eventually, no provider was both able and willing to be named as their gateway to the internet. Only their domain registrar, Epik, and an Epik subsidiary, Terrahost, are left as the public front for Kiwi Farms.

While Kiwi Farms almost certainly has multiple suppliers besides Epik and Terrahost (some of whom may not even know what they are hosting, due to traffic tunneling and encryption), it is telling that the internet community has cast out Kiwi Farms. So called “free speech” reaches its limits once enough people get hurt. Just as the internet systematically rejects spam and malware, the people who operate the internet should also reject attempts to cause significant harm to vulnerable groups and individuals.

Zayo and Voxility, tier 1 and tier 2 network providers respectively, both acted decisively once they learned about abuse being perpetuated by one of their customers. Epik should know that it will face mounting pressure upon its suppliers, whether they be Amazon Web Services, which provides it with DNS services, or GTT Communications and Sprint (now known as T-Mobile for Business), which provide it with Tier 1 transit and reachability to the rest of the internet.

This is an exceptional case, because Kiwi Farms has been kicked off of every managed hosting provider they've been on. For good cause, as their sole purpose is to violate the terms of service that every turnkey hosting provider is willing to tolerate. Most other sites so systematically rejected by mainstream providers would turn to Tor and the dark web, but Kiwi Farms behaved differently. Having burned all their bridges with managed providers, they turned to using their own infrastructure, all the way down to the IP assignment, ASN, and BGP layers.

Kiwi Farms has disguised themselves as just a fellow peer in the internet community, "1776 Solutions," and exploited our trust in each other to disseminate not just hatred, but incitement to violence. Our systems are designed for every network operator to act in good faith and assume others are acting in good faith when passing on reports or concerns, but what if they aren't? What if they are threatening our colleagues with harassment and violence?

What recourse do we have if the holder of a RIR-assigned netblock is using it specifically to harm people with no legitimate purpose? What if they refuse to take action on any reports of abuse because they themselves are the ones perpetuating abuse? What if the holder of an AS designation insists you peer with them on the same terms other paying transit clients do, pinky swears that they'll abide by your ToS and have an abuse contact, yet ignores the abuse reports, or worse, retaliates against those who report abuse?

We already agree as an Internet infrastructure community that CSAM is abhorrent and has no place on our networks, that blatant attempts to hijack traffic, disseminate worms/malware, or launch volumetric denial of service attacks should be blocked at source. That anyone who knowingly tolerates such is in turn also not welcome. DROP (Don't Route or Peer) is an effective technique that we have used for decades to manage abusive actors.

Speech is only free for all if those who are in the most danger are not silenced through threat of violence from others' "free speech". In the absence of governmental action (given governments may not always agree, are often the threat model, and turn a blind eye to harm), employees must collectively exercise their ethical obligations as engineers to prevent harm. We hope both that providers will devise human rights framework-based Terms of Service that reject censorship of vulnerable communities' voices such as sex workers, ethnic minorities such as Palestinians, and transgender people, while also enforcing that their services are not to be used to knowingly perpetuate terrorism, violence, and genocide.

Of course, this does not mean that action at the network layer should be taken against responsible managed service operators and application-layer platforms that make good faith efforts to respond to abuse reports. It is bad-faith clients seeking to avoid accountability that have no place among our community.

We're not naive about the possibility that Kiwi Farms will survive for a period of time on Tor, with anonymous providers, but only its most dedicated users will follow it there; anti-fascist researchers will be able to gather evidence every step of the way, and digital attacks that are not turnkey to mitigate are a persistent reality on the dark web. Decreasing the visibility and access to genocidal rhetoric has a provable amount of benefit in harm reduction, and the site’s economic viability diminishes when it lacks free rein to fundraise and further radicalize others. The impossibility of fully deplatforming hate does not mean we must hand hate a megaphone or weapon.