I see your concerns, but when the system was built, at the protocol level, to be heavily trust-assuming, but many individual users are untrustworthy, and you can't distinguish them without collecting information that could be considered privacy-violating, what is the solution?
I, for one, have a blog that I don't use Cloudflare for. There's a risk that my system gets hugged to death and I don't know until my service provider either notifies me or cuts me. And from a certain point of view, I might be considered a negligent actor because I'm not collecting enough information to know if somebody has breached my blog engine and turned it into part of the Low Orbit Ion Cannon. But I've chosen to value user privacy.
Point is, trade-offs. I don't think I'm in some kind of moral right space for my decisions, I've made them based on the kind of reader I expect to get.
I, for one, have a blog that I don't use Cloudflare for. There's a risk that my system gets hugged to death and I don't know until my service provider either notifies me or cuts me. And from a certain point of view, I might be considered a negligent actor because I'm not collecting enough information to know if somebody has breached my blog engine and turned it into part of the Low Orbit Ion Cannon. But I've chosen to value user privacy.
Point is, trade-offs. I don't think I'm in some kind of moral right space for my decisions, I've made them based on the kind of reader I expect to get.